Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 23 February 2024

Black Arrow Cyber Threat Intelligence Briefing 23 February 2024:

-Despite Recent FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

-The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

-Reevaluating Your Cyber Security Priorities

-Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

-Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

-It’s Not Only Ransomware Seeing Huge Rises, Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise – is Your Business Prepared?

-Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

-Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever — New Report Signals the Threats to Businesses, Supply Chains, and Democracy

-Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

-Rising Cyber Threats Identified Amongst Other Major Business Risks for 2024

-Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

-Fifth of British Kids Have Broken the Law Online

-Over 40% of Firms Struggle with Cyber Security Talent Shortage

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Cyber Crime General & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Careers, Working in Cyber and Information Security

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 26 January 2024

Black Arrow Cyber Threat Intelligence Briefing 26 January 2024:

-Russian Hackers' Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

-94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

-Cyber Risks Needs to be Prioritised as a Key Business Risk Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

-81% of Security Professionals Say Phishing Is Top Threat

-Ransomware Attacks Cause Significant Psychological Harm

-Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

-NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

-Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

-Historic Data Leak Reveals 26 billion Records: Check What is Exposed

-Boardroom Cyber Expertise Comes Under Scrutiny

-“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

-Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

Black Arrow Cyber Threat Briefing 26 January 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Russian Hackers’ Breach of Microsoft and Hewlett Packard Corporate Mailboxes is an Identity Threat Detection Wake-up Call

Just recently, it was publicly disclosed that Microsoft and Hewlett Packard Enterprise (HPE) had their corporate mailboxes breached by threat actors. In the Microsoft breach, a hacking group had used a password spray attack to compromise a non-production test account, and leverage that to access corporate accounts. In the HPE breach, corporate access was gained through unauthorised access to SharePoint files. Both attacks highlight the need for identity threat detection: the ability to identify malicious activity from trusted identities before more sophisticated damage is caused. Cyber incidents are a matter of when, not if, and it is important to have detection capabilities, even for trusted accounts.

Sources: [Help Net Security] [Security Boulevard]

94% of CISOs are Concerned About Third-Party Cyber Threats, Yet Only 3% Have Started Implementing Security Measures

A recent study found that while 94% of CISOs are concerned with third-party cyber security threats,  including 17% who view it as a top priority, only 3% have implemented a third -party cyber risk management solution and 33% have noted plans to implement this year. Small and medium sized businesses may not have the resources of a larger organisation yet will have a similar level of third-party risk. This makes the need for an effective solution even more important, and in some cases this may include outsourcing to cyber experts.

Sources: [Dark Reading]

Cyber Risks Needs to be Prioritised as a Key Business Risk, Says UK Government, as New Cyber Security Governance Code Puts Cyber Risks on Boardroom Agenda

The UK Government has proposed a new Code of Practice on cyber security governance, aimed at directors and senior business leaders. The draft document emphasises the need to prioritise cyber security on par with financial and legal risks. It outlines several key areas for focus, including risk management, cyber strategy, fostering a cyber security culture among employees, incident planning and response, and establishing clear governance structures. With digital technologies playing a crucial role in business resilience, the code calls for greater involvement of executive and non-executive directors in technology governance strategies. The UK Minister for AI and Intellectual Property has highlighted that cyber attacks are as damaging to organisations as financial and legal pitfalls. It is crucial that directors take a firm grip of their organisation’s cyber security regimes to protect their customers, workforce, business operations and the wider economy. This initiative reinforces the importance of a holistic approach to cyber security, including robust incident response plans and regular practice to enhance cyber resilience. It’s a timely reminder that cyber threats are as detrimental to organisations as financial and legal challenges, and this code aims to empower leaders to navigate these threats effectively.

Sources: [Computer Weekly] [Electronics Specifier] [GOV UK] [TechRadar] [Infosecurity Magazine]

81% of Security Professionals Say Phishing Is Top Threat

A recent study found 81% of organisations anticipated phishing as their top security risk over the coming months. In a separate report, it was found that 94% of organisations globally had experienced an email security incident in the past 12 months, with a 10% rise in phishing. It is not just emails where phishing attacks are occurring: in another report, the second half of 2023 saw a 198% increase in browser based phishing attacks. It is clear that phishing is a threat to organisations, and it is important to be prepared.

Sources: [ITPro] [Beta News] [Security Magazine]

Ransomware Attacks Cause Significant Psychological Harm

One area of ransomware that often gets overlooked, is the psychological impact. A recent report by the Royal United Services Institute found that some attacks had caused so much impact that organisations hired post-traumatic stress disorder support teams. A significant number of respondents experienced sleep deprivation, resulting in them developing extreme fatigue and falling asleep at work. Various levels of stress were experienced by security workers, with one interviewee citing the stress of a ransomware attack as a potential cause for a heart attack that required surgery. This highlights that, as with the wider subject of cyber and information security, consideration needs to be given to more than just IT and IT controls: it shows the need for a holistic approach to include people, operations and technology.

Sources: [The Record Media] [TechRadar]

Breached Password Report Reveals Two Million Compromised Cloud Credentials Used '123456' as Password

A recent report has revealed that two million compromised cloud credentials used ‘123456’ as a password. This alarming trend underscores the ongoing issue of weak passwords, which are easily exploited by hackers. Despite the availability of advanced password creation and storage tools, a significant number of individuals and organisations continue to use weak passwords. Furthermore, the report found that 88% of organisations still rely on passwords as their primary authentication method. Despite the focus on password security, nearly every organisation has had risk management lapses. The report highlights the urgent need for stronger password policies and the adoption of more secure authentication methods. Equally, the attacks highlight that simply moving to the cloud does not solve security challenges, and poor cyber hygiene in the cloud will lead to problems.

Sources: [ITPro] [Business Wire] [Security Magazine]

NCSC: UK Intelligence Fears AI will Fuel Ransomware and Exacerbate Cyber Crime

An article published by the UK’s National Cyber Security Centre (NCSC) states that AI is already being used to increase the efficacy of cyber attacks, and that AI will continue to significantly increase the odds of a successful attack. AI models will build capability as they are informed by data describing previous successful attacks. The NCSC noted that “It is likely that highly capable unfriendly nation states have repositories of malware that are large enough to effectively train an AI model for this purpose”. The message from the NCSC is clear: AI will propel cyber incidents and organisation must take this into consideration as part of their wider cyber risk management strategy.

Sources: [The Register] [PC Mag] [The Messenger ] [Silicon UK]

Cyber Attacks More than Doubled in 2023, so Why Are So Many Firms Still Not Taking Security Seriously, or Why Firms Ignore Vulnerabilities at Their Own Risk

Cyber attacks soared again last year, and attackers are increasingly taking advantage of software vulnerabilities to breach organisations. This is due to the continuous discovery of new vulnerabilities, and with that, a constant challenge for firms to apply patches. A report found many organisations lack an effective vulnerability management programme and are leaving themselves open to attacks; and in some cases they are left vulnerable for years.

One key hindrance found by the report is the sheer volume of vulnerabilities identified and patched by vendors, leaving organisations with the perpetual challenge of timely patching. This complication is made worse for small and medium sized businesses where they have less resources. The report found that legacy systems are a large risk for many organisations;  in fact, older Windows server OS versions - 2012 and earlier – were found to be 77% more likely to experience attack attempts than newer versions. Many firms are still not taking this danger seriously enough and as a result, blind spots and critical vulnerabilities are worsening, creating more opportunities for attackers.

Sources: [ITPro] [Help Net Security] [ITPro]

Historic Data Leak Reveals 26 billion Records: Check What is Exposed

In what has been described as the ‘mother of all breaches’, 26 billion records have been exposed. These aren’t all new, as a lot of the records are from numerous breaches, however they are all in one location, compiled and index for use. With the emergence of this, there is will likely be a surge in attacks and if you haven’t changed your credentials, or are reusing these same credentials, you may find yourself a victim. To check if your email has been compromised in a breach, you can check on the website www.HaveIBeenPwned.com

Source: [Security Affairs]

Boardroom Cyber Expertise Comes Under Scrutiny

Cyber security concerns continue to be a critical issue for organisations, driven by factors such as data protection, compliance, risk management, and business continuity. However, a recent report reveals a concerning trend where only 5% of Chief Information Security Officers (CISOs) report directly to the CEO, down from 11% in 2021. This gap between cyber security leadership and board-level involvement is a challenge. A report emphasises that many board members lack the technical expertise to understand cyber security, while CISOs often communicate in technical jargon, making it difficult for boards to grasp the significance of security issues. To bridge this gap, it's crucial to educate board members on the real-world risks and costs associated with cyber incidents. Sharing simple metrics like the global average cost of a data breach, which is $4.45 million, can help them understand the financial impact. Moreover, CISOs should learn to convey cyber security matters in business terms and quantify the organisation's cyber risk exposure. By providing boards with information to understand and engaging in informed discussions, they can enhance their cyber security strategy and ensure that these vital issues are prioritised appropriately.

Source: [Security Intelligence]

“It is a whole new bar”: Months Left for Applicable Firms to Prepare for New EU Cyber Security Rules

The landscape of cyber security is evolving rapidly, with two significant EU regulations: the Network and Information Security Directive (NIS2) and the Digital Operational Resilience Act (DORA), set to take effect in the coming months. NIS2 expands cyber security standards to include critical services like transportation, water services, and health services, while DORA focuses on the financial services sector and aims to ensure resilience against cyber threats.

These regulations necessitate strong cyber security testing, incident reporting processes, and comprehensive assessments of third-party providers' security. Compliance with these regulations will introduce complexity and costs, requiring organisations to prepare comprehensively for the evolving cyber security landscape, including the implications of artificial intelligence. Transparency and understanding are key, as boards must fully comprehend data processing and technology usage within their organisations, ushering in a new era of cyber security governance.

Source: [The Currency]

Ransomware Attacks Break Records In 2023: The Number of Victims Rose By 128%

In 2023, there was a significant surge in ransomware attacks globally. The number of attack attempts more than doubled, increasing by 104%. A report shows that there were 1,900 total ransomware attacks within just four countries: the US, UK, Germany, and France. The use of double extortion techniques, where hackers not only encrypt the data but also steal confidential data beforehand and threaten to release it if their demands are not fulfilled, are becoming increasingly common, with now triple and quadruple extortion techniques also being increasingly deployed. It was also found that data exfiltration was present in approximately 91% of all publicly recorded ransomware attacks in 2023. These figures underscore the growing threat of ransomware and the need for robust cyber security measures.

Sources: [Security Boulevard] [Security Affairs] [Security Brief] [Business Wire]

Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

Russia

Iran

North Korea


Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 29 December 2023

Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:

-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

-The Most Popular Passwords of 2023 are Easy to Guess and Crack

-Dangerous Malware Pretends to be Some of Your Most Used Business Software

-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

-Ransomware Leak Site Victims Reached Record-High in November

-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

-Europol Warns 443 Online Shops Infected with Credit Card Stealers

-Physical Access Systems Open Door to IT Networks

-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

-Daily Malicious Files Rise to 411,000 a day in 2023

-Android Malware Actively Infecting Devices to Take Full Control

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.

The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.

Source: [iNews]

Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.

Sources: [The Record] [Security Affairs]

The Most Popular Passwords of 2023 are Easy to Guess and Crack

NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.

Source: [gHacks]

Dangerous Malware Pretends to be Some of Your Most Used Business Software

Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.

Source: [TechRadar]

MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.

Source: [Help Net Security]

Ransomware Leak Site Victims Reached Record-High in November

Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.

Source: [Infosecurity Magazine]

MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.

Source: [TechCrunch]

Europol Warns 443 Online Shops Infected with Credit Card Stealers

Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.

Source: [Bleeping Computer]

Physical Access Systems Open Door to IT Networks

Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.

Source: [Dark Reading]

Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.

Source: [Pymnts]

Daily Malicious Files Rise to 411,000 a day in 2023

Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.

Source: [Infosecurity Magazine]

Android Malware Actively Infecting Devices to Take Full Control

Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.

Source: [GBhackers]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 01 September 2023

Black Arrow Cyber Threat Intelligence Briefing 01 September 2023:

-66 Percent of Businesses Don't Understand Their Cyber Risks

-Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

-Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

-Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

-58% of Malicious Emails Contained Spoofed Content

-Cyber Attacks Remain a Top Concern for Organisations Across All Industries

-BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

-13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

-Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

-Kroll’s Breach Highlights SIM-Swapping Risk

-Reducing The Risk of AI, What Can You Do?

-Debunking Popular Cyber Security Myths

-3 Malware Loaders Responsible for 80% of Intrusions

-MOVEit Hack Shows Attackers Still Use Old Tricks

-Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

AITM/MITM

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Training, Education and Awareness

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

North Korea


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 4th August 2023

Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:

-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching

-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

-The Generative AI War Between Companies and Hackers is Starting

-Spend to Save: The CFO’s Guide to Cyber Security Investment

-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

-How the Talent Shortage Impacts Cyber Security Leadership

-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

-Cyber Insurance and the Ransomware Challenge

-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

-Startups Should Move Fast and Remember Cyber Security

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 June 2023

Black Arrow Cyber Threat Briefing 30 June 2023:

-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

-Employees Worry Less About Cyber Security Best Practices in the Summer

-Businesses are Ignoring Third-Party Security Risks

-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing

-Widespread BEC Attacks Threaten European Organisations

-Lloyd’s Syndicates Sued Over Cyber Insurance

-95% Fear Inadequate Cloud Security Detection and Response

-The Growing Use of Generative AI and the Security Risks They Pose

-The CISO’s Toolkit Must Include Political Capital Within The C-Suite

-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

-SMBs Plagued by Exploits, Trojans and Backdoors

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

  • Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

  • Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

  • Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

  • Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

  • Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

  • Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

  • 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

  • The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

  • The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

  • Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

  • SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 16 June 2023

Black Arrow Cyber Threat Briefing 16 June 2023:

-Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

-Social Engineering Drives BEC Losses to $50B Globally

-Creating A Cyber-Conscious Culture—It Must Be Driven from the Top

-Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

-Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

-Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

-A Recent Study Shows Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour as the Cost of Living Crisis Worsens, Driving Insider Threat Concerns

-Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

-Europol Warns of Metaverse and AI Terror Threat

-What is AI, and is it Dangerous?

-Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

-Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.

The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.

https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9

  • Social Engineering Drives BEC Losses to $50B Globally

Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.

Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.

https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally

  • Creating A Cyber Conscious Culture—It Must Be Driven from the Top

Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.

The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.

https://www.forbes.com/sites/forbestechcouncil/2023/06/12/creating-a-cyber-conscious-culture-it-must-be-driven-from-the-top/sh=6a0bb36426cc

  • Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?

From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.

https://www.csoonline.com/article/3698517/artificial-intelligence-is-coming-to-windows-are-your-security-policy-settings-ready.html

  • Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.

More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.

Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.

https://www.msspalert.com/cybersecurity-research/cyber-crooks-targeting-employees-organizations-fight-back-with-training-programs/

  • Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.

A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.

https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

  • Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour

A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.

Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.

The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.

https://www.itsecurityguru.org/2023/06/15/it-security-guru-study-shows-over-one-in-ten-brits-are-willing-to-engage-in-illegal-or-illicit-online-behaviour-as-the-cost-of-living-crisis-worsens 

https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/

  • Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.

https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

https://www.csoonline.com/article/3699122/microsoft-office-365-aitm-phishing-reveals-signs-of-much-larger-bec-campaign.html

  • Europol Warns of Metaverse and AI Terror Threat

New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.

Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.

https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/

  • What is AI, and is it Dangerous?

Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.

Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.

https://www.bbc.co.uk/news/technology-65855333

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

  • Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.

Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.

https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html

  • Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.

This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.

https://news.clearancejobs.com/2023/06/07/exploring-the-dark-web-hitman-for-hire-and-the-realities-of-online-activities/



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Training, Education and Awareness

Digital Transformation

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 9th June 2023

Black Arrow Cyber Threat Briefing 09 June 2023:

-74% of Breaches Involve Human Element- Make Employees Your Best Asset

-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

-BEC Volumes and Ransomware Costs Double in a Year

-Hackers are Targeting C-Suite Executives Through Their Personal Email

-Proactive Detection is Crucial as Organisations Lack Effective Threat Research

-Number of Vulnerabilities Exploited Rose by 55%

-Ransomware Behind Most Cyber Attacks, with Record-breaking May

-4 Areas of Cyber Risk That Boards Need to Address

-North Korea Makes 50% of Income from Cyber Attacks

-Going Beyond “Next Generation” Network Security

-Worldwide 2022 Email Phishing Statistics and Examples

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 74% of Breaches Involve Human Element- Make Employees Your Best Asset

Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.

With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.

https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/

https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/

  • Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC

The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.

Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.

https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/

https://www.ibtimes.co.uk/british-cybersecurity-agency-urges-vigilance-major-companies-fall-victim-software-hack-1716493

  • CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom

Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.

In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.

https://www.csoonline.com/article/3698708/cisos-it-lack-confidence-in-executives-cyber-defense-knowledge.html

https://www.computerweekly.com/news/366539293/Cyber-spotlight-falls-on-boardroom-privilege-as-incidents-soar

  • Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise

A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.

https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says

  • BEC Volumes and Ransomware Costs Double in a Year

The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.

Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.

https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/

  • Hackers are Targeting C-Suite Executives Through Their Personal Email

As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.

https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity

  • Proactive Detection is Crucial as Organisations Lack Effective Threat Research

In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.

https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/

  • Number of Vulnerabilities Exploited Rose by 55%

A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.

Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.

https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/

https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/

  • Ransomware Behind Most Cyber Attacks, with Record-breaking May

2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.

https://www.msspalert.com/cybersecurity-research/ransomware-hit-new-attack-highs-in-may-2023-blackfog-report-says/

https://www.scmagazine.com/analysis/ransomware/ransomware-attacks-have-room-to-grow-verizon-data-breach-report-shows

  • 4 Areas of Cyber Risk That Boards Need to Address

As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.

To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.

https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address

  • North Korea Makes 50% of Income from Cyber Attacks

The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.

North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.

They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.

https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/

  • Going Beyond “Next Generation” Network Security

Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.

https://blogs.cisco.com/security/going-beyond-next-generation-network-security-cisco-platform-approach

  • Worldwide 2022 Email Phishing Statistics and Examples

Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.

https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html


Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT             

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Shadow IT

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Data Protection

Careers, Working in Cyber and Information Security

Privacy, Surveillance and Mass Monitoring




Vulnerability Management

Vulnerabilities


Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 08 June 2023 – Barracuda, Cisco, and VMware Address Critical Security Flaws

Black Arrow Cyber Advisory 08 June 2023 – Barracuda, Cisco, and VMware Address Critical Security Flaws

Executive summary

This week, Barracuda, Cisco, and VMware have all addressed vulnerabilities in their products. The vulnerabilities allow an attacker to elevate privileges to the highest available and remotely execute. Both Cisco and VMware have applied patches, whilst Barracuda have urged users to immediately replace appliances impacted by the vulnerability.


Barracuda

CVE-2023-2868: This is a remote code injection vulnerability which has been exploited for at least seven months, allowing a successful attacker to steal information from Barracuda Email Security Gateway (ESG) devices.

Impacted versions include:

  • ESG devices on version 5.1.3.001 through 9.2.0.006

What can I do?

Barracuda have stated that regardless of the patch version level, customers must immediately replace impacted ESG appliances. If you are unsure, Black Arrow recommend to check with your MSP.


CISCO

CVE-2023-20178: This vulnerability, if exploited, can allow an attacker to execute code with SYSTEM privileges, the highest available.

 Impacted versions include:

  • Cisco AnyConnect Secure Mobility Client Software for Windows (version 4.10 and earlier)

  • Cisco Secure Client Software for Windows (version 5.0). For releases earlier than 5.0, this is known as Cisco AnyConnect Secure Mobility Client for Windows.

CVE-2023-20105: A vulnerability which allows an administrator with read-only access to elevate to have the ability to write to files.

CVE-2023-20192: A vulnerability which allows an authenticated local user to execute commands and modify configuration files. For this to be successful, the vulnerable version must have granted command line interface access (CLI) to a read-only administrator of the system.

Impacted versions include:

Cisco Express Series and Cisco TelePresence VCS version 14.0 and earlier.

What can I do?

Patches are available in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2 should be applied. No workarounds are available.

For Cisco Express Series and Cisco TelePresence VCS version 14.0 and earlier, the first fixed releases are 14.2.1. for CVE-2023-20105 and 14.3.0 for CVE-2023-20192. As a mitigation for CVE-2023-20192, Cisco have recommended ensure CLI access is disabled for read-only users; this should be disabled by default.


VMware

CVE-2023-20887: A command injection vulnerability, allowing an attacker to execute code remotely.

CVE-2023-20888: An authentication deserialization vulnerability, allowing remote code execution.

CVE-2023-20889: An information disclosure vulnerability, where an attacker with network access can inject commands to force information out.

Impacted versions include:

  • VMware Aria Operations Networks version 6.x.

What can I do?

VMware have recommended applying patches available for versions: 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.


Further details on the Barracuda ESG vulnerabilities can be found here: https://www.barracuda.com/company/legal/esg-vulnerability

Further details on the Cisco vulnerability can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

Further details on the VMware vulnerabilities can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0012.html

Further details of the patches available for VMware can be found here: https://kb.vmware.com/s/article/92684

Need help understanding your gaps, or just want some advice? Get in touch with us

#threatadvisory #threatintelligence #cybersecurity

 

 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 February 2023

Black Arrow Cyber Threat Briefing 10 February 2023:

-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian

-Fraud Set to Be Upgraded as a Threat to National Security

-98% of Attacks are Not Reported by Employees to their Employers

-UK Second Most Targeted Nation Behind America for Ransomware

-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

-An Email Attack Can End Up Costing You Over $1 Million

-Cyber Crime Shows No Signs of Slowing Down

-Surge of Swatting Attacks Targets Corporate Executive and Board Members

-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

-PayPal and Twitter Abused in Turkey Relief Donation Scams

-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

  • Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

  • 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

  • UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

  • Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

  • An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

  • Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

  • Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

  • Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

  • Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

  • Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

  • PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

  • Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 26 August 2022

Black Arrow Cyber Threat Briefing 26 August 2022:

-Lloyd's to Exclude Certain Nation-State Attacks from Cyber Insurance Policies

-Cyber Security Top Risk for Enterprise C-Suite Leaders, PwC Study Says

-Apathy Is Your Company's Biggest Cyber Security Vulnerability — Here's How to Combat It

-The World’s Largest Sovereign Wealth Fund Warns Cyber Security Is Top Concern as Attacks on Banks and Financial Services Double

-Configuration Errors to Blame for 80% of Ransomware

-Ransomware Surges to 1.2 Million Attacks Per Month

-A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations

-This Company Paid a Ransom Demand. Hackers Leaked Its Data Anyway

-Sophisticated BEC Scammers Bypass Microsoft 365 Multi-Factor Authentication

-77% Of Security Leaders Fear We’re in Perpetual Cyber War from Now On

-Cyber Security Governance: A Path to Cyber Maturity

-The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Lloyd's to Exclude Certain Nation-State Attacks from Cyber Insurance Policies

Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.

In a memo sent to the company's 76-plus insurance syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyber attack coverage. However, as these threats continue to grow, they may "expose the market to systemic risks that syndicates could struggle to manage," he added, noting that nation-state-sponsored attacks are particularly costly to cover.

Because of this, all standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyber attack," Chaudhry wrote. These changes will take effect beginning March 31, 2023 at the inception or renewal of each policy.

At a minimum (key word: minimum) these policies must exclude losses arising from a war, whether declared or not, if the policy doesn't already have a separate war exclusion. They must also at least exclude losses from nation-state cyber attacks that "significantly impair the ability of a state to function or that significantly impair the security capabilities of a state."

Policies must also "set out a robust basis" on which to attribute state-sponsored cyber attacks, according to Chaudhry – and therein lies the rub.

Attributing a cyber attack to a particular crime group or nation-state with 100 percent confidence "is absolutely hard," NSA director of cybersecurity Rob Joyce said at this year's RSA Conference.

Threat analysts typically attribute an attack to a nation-state from its level of sophistication, but as advanced persistent crime groups become more sophisticated – and have more resources at their disposal to buy zero-day exploits and employ specialists for each stage of an attack – differentiating between nation-states and cyber crime gangs becomes increasingly difficult, he explained.

There are times when nation-states will act like criminals, using their tools and infrastructure, and sometimes vice versa. The clear line of sophistication and stealth that many have used as a common sense delineation has blurred. Yet, If you are going to pay out money you are likely going to look for something that is more ironclad and likely related to forensic evidence.

https://www.theregister.com/2022/08/24/lloyds_cybersecurity_insurance/

  • Cyber Security Top Risk for Enterprise C-Suite Leaders, PwC Study Says

Cyber security is now firmly on the agenda of the entire C-suite, consultancy PricewaterhouseCoopers (PwC) reports in a new survey of more than 700 business leaders across a variety of industries.

Of key enterprise issues, cyber security ranks at the top of business risks, with nearly 80% of the respondents considering it a moderate to serious risk. The warning isn’t confined to just chief information security officers, but ranges from chief executives to chief financial officers, chief operating officers, chief technology officers, chief marketing officers and includes corporate board members. Virtually all roles ranked cyber attacks high on their list of risks, PwC said.

Overall, 40% of business leaders ranked cyber security as the top serious risk facing their companies, and 38% ranked it a moderate risk.

Here are six steps businesses can take to address cyber security concerns:

  1. View cyber security as a broad business concern and not just an IT issue.

  2. Build cyber security and data privacy into agendas across the C-suite and board.

  3. Increase investment to improve security.

  4. Educate employees on effective cyber security practices.

  5. For each new business initiative or transformation, make sure there’s a cyber plan in place.

  6. Use data and intelligence to regularly measure cyber risks. Proactively look for blind spots in third-party relationships and supply chains.

https://www.msspalert.com/cybersecurity-research/cybersecurity-top-risk-for-enterprise-c-suite-leaders-pwc-study-says/

  • Apathy Is Your Company's Biggest Cyber Security Vulnerability — Here's How to Combat It

Human error continues to be the leading cause of a cyber security breach. Nearly 60% of organisations experienced a data loss due to an employee's mistake on email in the last year, while one in four employees fell for a phishing attack.

Employee apathy, while it may not seem like a major cyber security issue, can leave an organisation vulnerable to both malicious attacks and accidental data loss. Equipping employees with the tools and knowledge they need to prevent these risks has never been more important to keep organisations safe.

A new report from Tessian sheds light on the full extent of employee apathy and its impact on cyber security posture. The report found that a significant number of employees aren't engaged in their organisation's cyber security efforts and don't understand the role they play. One in three employees say they don't understand the importance of cyber security at work. What's more, only 39% say they're very likely to report a cyber security incident. Why? A quarter of employees say they don't care enough about cyber security to mention it.

This is a serious problem. IT and security teams can't investigate or remediate a threat they don't know about.

Employees play an important role in flagging incidents or suspicious activity early on to prevent them from escalating to a costly breach. Building a strong cyber security culture can mitigate apathy by engaging employees as part of the solution and providing the tools and training they need to work productively and securely.

https://www.darkreading.com/attacks-breaches/apathy-is-your-company-s-biggest-cybersecurity-vulnerability-here-s-how-to-combat-it

  • The World’s Largest Sovereign Wealth Fund Warns Cyber Security Is Top Concern, as Attacks on Banks and Financial Service Double

Cyber security has eclipsed tumultuous financial markets as the biggest concern for the world’s largest sovereign wealth fund, as it faces an average of three “serious” cyber attacks each day.

The number of significant hacking attempts against Norway’s $1.2tn oil fund, Norges Bank Investment Management, has doubled in the past two to three years.

The fund, which reported its biggest half-year dollar loss last week after inflation and recession fears shook markets, suffers about 100,000 cyber attacks a year, of which it classifies more than 1,000 as serious, according to its top executives.

“I’m worried about cyber more than I am about markets,” their CEO told the Financial Times. “We’re seeing many more attempts, more attacks [that are] increasingly sophisticated.”

The fund’s top executives are even concerned that concerted cyber attacks are becoming a systemic financial risk as markets become increasingly digitised.

Their deputy CEO pointed to the 2020 attack on SolarWinds, a software provider, by Russian state-backed hackers that allowed them to breach several US government agencies, including the Treasury and Pentagon, and a number of Fortune 500 companies including Microsoft, Intel and Deloitte.

“They estimate there were 1,000 Russians [involved] in that one attack, working in a co-ordinated fashion. I mean, Jesus, that’s our whole building on one attack, so you’re up against some formidable forces there,” he said.

Cyber attacks targeting the financial industry have risen sharply in recent months. Malware attacks globally rose 11 per cent in the first half of 2022, but they doubled at banks and financial institutions, according to cyber security specialist SonicWall. Ransomware attacks dropped 23 per cent worldwide, but increased 243 per cent against financial targets in the same period.

https://www.ft.com/content/1aa6f92a-078b-4e1a-81ca-65298b8310b2

Configuration Errors to Blame for 80% of Ransomware

The vast majority (80%) of ransomware attacks can be traced back to common configuration errors in software and devices, according to Microsoft.

The tech giant’s latest Cyber Signals report focuses on the ransomware as a service (RaaS) model, which it claims has democratised the ability to launch attacks to groups “without sophistication or advanced skills.” Some RaaS programs now have over 50 affiliate groups on their books.

For defenders, a key challenge is ensuring they don’t leave systems misconfigured, it added.

“Ransomware attacks involve decisions based on configurations of networks and differ for each victim even if the ransomware payload is the same,” the report argued. “Ransomware culminates an attack that can include data exfiltration and other impacts. Because of the interconnected nature of the cyber-criminal economy, seemingly unrelated intrusions can build upon each other.”

Although each attack is different, Microsoft pointed to missing or misconfigured security products and legacy configurations in enterprise apps as two key areas of risk exposure.

“Like smoke alarms, security products must be installed in the correct spaces and tested frequently. Verify that security tools are operating in their most secure configuration, and that no part of a network is unprotected,” it urged. “Consider deleting duplicative or unused apps to eliminate risky, unused services. Be mindful of where you permit remote helpdesk apps like TeamViewer. These are notoriously targeted by threat actors to gain express access to laptops.”

Although not named in the report, another system regularly misconfigured and hijacked by ransomware actors is the remote desktop protocol (RDP), which often is not protected by a strong password or two-factor authentication. It’s widely believed to be one of the top three vectors for attack.

The bad news for network defenders is they don’t have much time after initial compromise to contain an attack. Microsoft claimed the median time for an attacker to begin moving laterally inside the network after device compromise is one hour, 42 minutes. The median time for an attacker to access private data following a phishing email is one hour, 12 minutes, the firm added.

https://www.infosecurity-magazine.com/news/configuration-errors-blame-80/

  • Ransomware Surges to 1.2 Million Attacks Per Month

Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage.

The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital's business software, storage systems including medical imaging, and patient admissions. This has led to all but the most urgent emergency patients being diverted to other facilities in the region.

France24 cited figures claiming cyber-attacks against French hospitals surged 70% year-on-year in 2021. "Each day we need to rewrite patients' medications, all the prescriptions, the discharge prescriptions," Valerie Caudwell, president of the medical commission at CHSF hospital, reportedly said. "For the nurses, instead of putting in all the patients' data on the computer, they now need to file it manually from scratch."

Reports suggest Lockbit 3.0 may be to blame for the $10m ransom demand, which the hospital is refusing to pay.

Barracuda Networks claimed in a new report out today that education, municipalities, healthcare, infrastructure and finance have remained the top five targets for ransomware over the past 12 months. However, while attacks on local government increased only slightly, those targeting educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Overall, Barracuda claimed that ransomware detections between January and June of this year climbed to more than 1.2 million per month.

https://www.infosecurity-magazine.com/news/ransomware-surges-to-12-million/

  • A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations

A phishing campaign targeted Okta users at multiple companies, successfully swiping passwords from staffers and then using them to steal company secrets.

Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organisations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.

The news comes from research conducted by cyber security firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.

“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organisations,” researchers wrote in their blog. “Furthermore, once the attackers compromised an organisation they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”

https://gizmodo.com/oktapus-okta-hack-twilio-10000-logins-130-companies-1849457420

  • This Company Paid a Ransom Demand. Hackers Leaked Its Data Anyway

A victim of a ransomware attack paid to restore access to their network – but the cyber criminals didn't hold up their end of the deal.

The real-life incident, as detailed by cyber security researchers at Barracuda Networks, took place in August 2021, when hackers from BlackMatter ransomware group used a phishing email to compromise the account of a single victim at an undisclosed company.

From that initial entry point, the attackers were able to expand their access to the network by moving laterally around the infrastructure, ultimately leading to the point where they were able to install hacking tools and steal sensitive data. Stealing sensitive data has become a common part of ransomware attacks. Criminals leverage it as part of their extortion attempts, threatening to release it if a ransom isn't received. 

The attackers appear to have had access to the network for at least a few weeks, seemingly going undetected before systems were encrypted and a ransom was demanded, to be paid in Bitcoin.

Cyber security agencies warn that despite networks being encrypted, victims shouldn't pay ransom demands for a decryption key because this only shows hackers that such attacks are effective.

https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/

  • Sophisticated BEC Scammers Bypass Microsoft 365 Multi-Factor Authentication

A Business Email Compromise (BEC) attack recently analysed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive's account, and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analysed is widespread and targets large transactions of up to several million dollars each.

The attack started with a well-crafted phishing email masquerading as a notification from DocuSign, a widely used cloud-based electronic document signing service. The email was crafted to the targeted business executive, suggesting that attackers have done reconnaissance work. The link in the phishing email led to an attacker-controlled website which then redirects to a Microsoft 365 single sign-on login page.

This fake login page uses an AitM technique, where the attackers run a reverse proxy to authentication requests back and forth between the victim and the real Microsoft 365 website. The victim has the same experience as they would have on the real Microsoft login page, complete with the legitimate MFA request that they must complete using their authenticator app. Once the authentication process is completed successfully, the Microsoft service creates a session token which gets flagged in its systems that it fulfilled MFA. The difference is that since the attackers acted as a proxy, they now have this session token too and can use it to access the account.

This reverse proxy technique is not new and has been used to bypass MFA for several years. In fact, easy-to-use open-source attack frameworks have been created for this purpose.

https://www.csoonline.com/article/3670575/sophisticated-bec-scammers-bypass-microsoft-365-multi-factor-authentication.html

  • 77% Of Security Leaders Fear We’re in Perpetual Cyber War from Now On

A survey of cyber security decision makers found 77 percent think the world is now in a perpetual state of cyber warfare.

In addition, 82 percent believe geopolitics and cyber security are "intrinsically linked," and two-thirds of polled organisations reported changing their security posture in response to the Russian invasion of Ukraine.

Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyber attack. Unfortunately, 63 percent of surveyed security leaders also believe that they'd never even know if a nation-state level actor pwned them.

The survey, organised by security shop Venafi, questioned 1,100 security leaders. They said the results show cyber warfare is here, and that it's completely different to many would have imagined. "Any business can be damaged by nation-states," they stated.

It's been common knowledge for some time that government-backed advanced persistent threat (APT) crews are being used to further online geopolitical goals. Unlike conventional warfare, everyone is a target and there's no military or government method for protecting everyone.

Nor is there going to be much financial redress available. Earlier this week Lloyd's of London announced it would no longer recompense policy holders for certain nation-state attacks.

https://www.theregister.com/2022/08/27/in-brief-security/

  • Cyber Security Governance: A Path to Cyber Maturity

Organisations need cyber security governance programs that make every employee aware of the cyber security mitigation efforts required to reduce cyber-risks.

In an increasingly challenging threat landscape, many organisations struggle with developing and implementing effective cyber security governance. The "Managing Cybersecurity Risk: A Crisis of Confidence" infographic by the CMMI Institute and ISACA stated: "While enterprise leaders recognise that mature cyber security is essential to thriving in today's digital economy, they often lack the insights and data to have peace of mind that their organisations are efficiently and effectively managing cyber risk."

Indeed, damages from cyber crime are projected to cost the world $7 trillion in 2022, according to the "Boardroom Cybersecurity 2022 Report" from Cybersecurity Ventures. As a result, "board members and chief executives are more interested in cyber security now than ever before," the report stated, adding that the time is ripe for turning awareness into action.

How, then, can board leaders have confidence that their organisations are prepared against cyber attacks? The first order of business for most organisations is to enable a strong cyber security governance program.

Cyber security governance refers to the component of governance that addresses an organisation's dependence on cyber space in the presence of adversaries. The ISO/IEC 27001 standard defines cyber security governance as the following: “The system by which an organisation directs and controls security governance, specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks”.

Traditionally, cyber security is viewed through the lens of a technical or operational issue to be handled in the technology space. Cyber security planning needs to fully transition from a back-office operational function to its own area aligned with law, privacy and enterprise risk. The CISO should have a seat at the table alongside the CIO, COO, CFO and CEO. This helps the C-suite understand cyber security as an enterprise-wide risk management issue, along with the legal implications of cyber-risks, and not solely a technology issue.

https://www.techtarget.com/searchsecurity/post/Cybersecurity-governance-A-path-to-cyber-maturity

  • The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware

Ransomware is the de facto threat organisations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation.

Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that multiple threat actors around the world perpetrate.

Something's changed, though. Crypto valuations have dropped, reducing the monetary appeal of ransomware attacks due to organisations mounting better defence against ransomware.

Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organisations worldwide.

Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at Nvidia, Microsoft, and several other companies have highlighted how big of a problem it's become – and how, for some organisations, it may be a threat that's even bigger than ransomware.

Nvidia, for example, became entangled in a complex tit-for-tat exchange with hacker group Lapsus$. One of the biggest chipmakers in the world was faced with the public exposure of the source code for invaluable technology, as Lapsus$ leaked the source code for the company's Deep Learning Super Sampling (DLSS) research.

When it comes to exfil extortion, attackers do not enter with the primary aim of encrypting a system and causing disruption the way that a ransomware attacker does. Though, yes, attackers may still use encryption to cover their tracks.

Instead, attackers on an information exfiltration mission will move vast amounts of proprietary data to systems that they control. And here's the game: attackers will proceed to extort the victim, threatening to release that confidential information into the wild or to sell it to unscrupulous third parties.

https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html


Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

 Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Privacy

Travel

Models, Frameworks and Standards

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine



Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More