Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• The importance of CISOs is not recognised by senior leadership - IT Security Guru

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• More than half of UK organisations know they aren’t well protected against cyber threats - IT Security Guru

• Boards show confidence in their cyber security but still think they're at risk of attack (betanews.com)

• SEC tells companies to “show their work” on cyber security - Red Canary

• Cyber security: a life cycle, not a destination | Hydrocarbon Engineering

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Compliance budgets under strain as inflation and workload grow - Help Net Security

• Cyber Security pros battle discontent amid skills shortage - Help Net Security

• CISOs weigh in on building security-focused culture | Healthcare IT News

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Attackers access military data through fencing supplier • The Register

• Yes, Ransomware is Still a Huge Problem | CSO Online

• Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)

• Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)

• Ransomware attacks go beyond just data - Help Net Security

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Killware vs. Ransomware: What's the Difference? (makeuseof.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)

• Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)

• How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)

Ransomware Victims

• LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)

• Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)

• Maidstone: Secondary school hit by cyber attack - BBC News

• Debenham High School IT system hit by cyber attack - BBC News

• Highgate Wood School delays term by 6 days after cyber attack | This Is Local London

• Cyber attack hits Suffolk school (computing.co.uk)

• Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle

• Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks - ABC News

• LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) (securityaffairs.com)

• Ransomware gang claims credit for Sabre data breach | TechCrunch

• Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)

Phishing & Email Based Attacks

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• Spam is up, QR codes emerge as a significant threat vector - Help Net Security

• From unsuspecting click to data compromise - Help Net Security

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

• Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)

• What Is Spear Phishing? A Comprehensive Guide - Sapphire

Other Social Engineering; Smishing, Vishing, etc

• Emerging threat: AI-powered social engineering - Help Net Security

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (thehackernews.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Artificial Intelligence

• Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)

• AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)

• Emerging threat: AI-powered social engineering - Help Net Security

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)

• It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE

• Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)

• Cyber Security Concerns In AI: NCSC Flags Vulnerabilities In Chatbots And Language Models (informationsecuritybuzz.com)

• UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)

• Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK

• Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)

• How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)

• 3 ways to strike the right balance with generative AI - Help Net Security

• Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Malware

• Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)

• Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus (thehackernews.com)

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)

• Malware Report: The Evolution of BumbleBee - Understanding the Emerging New Threat (govinfosecurity.com)

• Malware configurations How to find and use them? (govinfosecurity.com)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)

• New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

Mobile

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld

Botnets

• It might be too soon to claim victory against Qakbot | Computer Weekly

Denial of Service/DoS/DDOS

• DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA

BYOD

• Many businesses still aren't using BYOD protection | TechRadar

Internet of Things – IoT

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking | The Epoch Times

• Connected cars and cyber crime: A primer - Help Net Security

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• Why consumer drones represent a special cyber security risk (securityintelligence.com)

• Like privacy? Then smart devices are a dumb idea • The Register

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

Data Breaches/Leaks

• Electoral Commission failed basic security test before hack - BBC News

• Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)

• Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)

• Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)

• Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group (bitdefender.com)

• Thousands of Popular Websites Leaking Secrets - SecurityWeek

• Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)

• Northern Ireland police chief quits in wake of data breach • The Register

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Organised Crime & Criminal Actors

• Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru

• Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

• Cyber criminals target graphic designers with GPU miners (talosintelligence.com)

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

Insider Risk and Insider Threats

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Fraud, Scams & Financial Crime

• Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru

• Smishing Triad: China-Based Fraud Network Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security

• Three men arrested for stealing thousands of dollars by hacking into ATMs with a Raspberry Pi device | PC Gamer

• Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• District of Massachusetts | Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy | United States Department of Justice

• Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Impersonation Attacks

• 'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Deepfakes

• Emerging threat: AI-powered social engineering - Help Net Security

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

AML/CFT/Sanctions

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

Insurance

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

Dark Web

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums (bleepingcomputer.com)

Supply Chain and Third Parties

• Attackers access military data through fencing supplier • The Register

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Supply chain related security risks, and how to protect against them (malwarebytes.com)

• 5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)

• University of Sydney suffered a security breach caused by a third-party service provider (securityaffairs.com)

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• Creating a more cyber secure supply chain requires group effort - FreightWaves

• Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)

• Cyber attacks attempt to crash 6 media sites globally using US. company RayoByte - Committee to Protect Journalists (cpj.org)

Software Supply Chain

• Software Supply Chain Strategies to Parry Dependency Confusion Attacks (darkreading.com)

Cloud/SaaS

• Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Hybrid/Remote Working

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Attack Surface Management

• What OSINT is, and why it’s dangerous | Kaspersky official blog

• Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE

• Top 10 riskiest assets threatening global business - IT Security Guru

Encryption

• Government denies U-turn on encrypted messaging row - BBC News

• UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop

API

• API Vulnerabilities: 74% of Organisations Report Multiple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Software industry urged to assume risk on open source security | CIO Dive

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica

• Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

• 75% of education sector attacks linked to compromised accounts - Help Net Security

Social Media

• Twitter accused of helping Saudi Arabia commit human rights abuses | Saudi Arabia | The Guardian

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

Malvertising

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

Parental Controls and Child Safety

• Children's snack recalled after its website caught serving porn (bleepingcomputer.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Regulations, Fines and Legislation

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• SEC tells companies to “show their work” on cyber security - Red Canary

• Verizon to pay feds $4M over cyber security lapse | Light Reading

• Government denies U-turn on encrypted messaging row - BBC News

• UK drops 'spy clause' for scanning encrypted messages • The Register

Models, Frameworks and Standards

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security

• Explaining The New NIST Cyber Security Framework to the C-Suite

Backup and Recovery

• Best practices for implementing a proper backup strategy - Help Net Security

Careers, Working in Cyber and Information Security

• 71% of organisations are impacted by cyber security skills shortage | Security Magazine

• Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV

• 6 free resources for getting started in cyber security - Help Net Security

• Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop

• Cyber security pros battle discontent amid skills shortage - Help Net Security

Law Enforcement Action and Take Downs

• FBI Qakbot Takedown: Unanswered Questions (trendmicro.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cops drill into chat apps to thwart coke-smuggling ring • The Register

Privacy, Surveillance and Mass Monitoring

• Revealed: Home Office secretly lobbied for facial recognition ‘spy’ company | Facial recognition | The Guardian

• Like privacy? Then smart devices are a dumb idea • The Register

• Streetlights as Spyware (techpolicy.press)

Misinformation, Disinformation and Propaganda

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online

• NCSC Report Reveals Persistent Threat and Russia’s Ongoing Cyber Operations in Ukraine | Defense Express (defence-ua.com)

• An inside look at Ukraine's cyber war with Russia : NPR

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)

• Attackers access military data through fencing supplier • The Register

• Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

China

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• How Microsoft's highly secure environment was breached (malwarebytes.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• German companies report more cyber attacks from Russia, China | Meta.mk

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Microsoft reveals hackers compromised engineer account to gain access to government accounts - SiliconANGLE

• Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica

• South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times

• Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)

Iran

• Hackers push anti-Iranian government messages to millions via breached app | CyberScoop

• Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)

North Korea

• Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)

• Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• North Korean hackers target security researchers with new zero-day (therecord.media)

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

Misc Nation State/Cyber Warfare

• Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine

• Global cyber weapon market set for substantial growth | Insurance Business America (insurancebusinessmag.com)

• Policy, Guns and Money: Cyber conflict, competition and cooperation | The Strategist (aspistrategist.org.au)

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

Vulnerability Management

• Years-old Microsoft bugs are still hot targets for criminals • The Register

• Old vulnerabilities are still a big problem - Help Net Security

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

Vulnerabilities

• How to detect and patch a Log4J vulnerability  - IBM Blog

• Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)

• Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News

• High-Severity Vulnerability Discovered in Popular CMS - Infosecurity Magazine (infosecurity-magazine.com)

• Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)

• Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek

• Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches - Infosecurity Magazine (infosecurity-magazine.com)

• Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)

• Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)

• ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• CISA Adds One Known Vulnerability to Catalog | CISA

• Cisco SSO authentication bug patched - Security - Networking - iTnews

• Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication (talosintelligence.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

• Security or performance? Zenbleed forces you to choose | Digital Trends

Tools and Controls

• Many businesses still aren't using BYOD protection | TechRadar

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Dangling DNS Used to Hijack Subdomains of Major Organisations  - SecurityWeek

• Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)

• Cut through cyber security vendor hype with these 6 tips | TechTarget

• IAM, cloud security to drive new cyber security spending | CSO Online

• Best practices for implementing a proper backup strategy - Help Net Security

Other News

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News

• Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog

• New Nozomi Networks Study Finds EU Critical Infrastructure Companies Are Not Ready for NIS2 Compliance - IT Security Guru

• Insecure by design: What you need to know about defending critical infrastructure | CSO Online

• Half of Switzerland's large companies have been the victim of a cyber attack | Euronews

• Dangling DNS Used to Hijack Subdomains of Major Organizations  - SecurityWeek

• Securing the future: Safeguarding cyber-physical systems | CSO Online

• The tangible threat of cyber-kinetic attacks | CSO Online

• 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy  - SecurityWeek

• Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com

• Trustwave SpiderLabs Report Highlights Hospitality Industry Cybersecurity Threats (hotelnewsresource.com)

• 10 old-school security principles that (still) rule | CSO Online

• Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Phishing Emails Up a Whopping 569% in 2022

The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.

https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022

• The End User Password Mistakes Putting Your Organisation at Risk

Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.

https://www.bleepingcomputer.com/news/security/the-end-user-password-mistakes-putting-your-organization-at-risk/

• Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse

The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.

https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse

• 71% of Employees Keep Work Passwords on Personal Devices

71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.

https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/

• Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe

More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.

https://www.msspalert.com/cybersecurity-research/cybercrime-front-lines-in-russia-ukraine-war-move-to-eastern-and-northern-europe/

• Security Flaws Cost Fifth of Executives New Business

Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.

 https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/

• Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats

Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.

https://www.msspalert.com/cybersecurity-research/companies-struggle-to-build-and-run-effective-programs-to-protect-data-from-insider-threats/

• Only 10% of Workers Remember All Their Cyber Security Training

New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.

https://www.itsecurityguru.org/2023/03/30/only-10-of-workers-remember-all-their-cyber-security-training/

• Silence Gets You Nowhere in a Data Breach

In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.

 https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/

• Just 1% of Cloud Permissions are Actively Used

According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.

https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/

• Dangerous Misconceptions About Emerging Cyber Threats

Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.

https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/  

• ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns

Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.

https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/

Threats

Ransomware, Extortion and Destructive Attacks

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• 2023 Ransomware Insights | Barracuda Networks

• Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)

• New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)

• Publicly disclosed US ransomware attacks in 2023 | TechTarget

• Virgin Group added to Cl0p gang’s victim leak site | Cybernews

• New York law firm coughs up $200k after hospital data stolen • The Register

• Telecom giant Lumen suffered a ransomware attack-Security Affairs

• Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica

• DarkBit puts data from Israel’s Technion university on sale | CSO Online

• Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News

• Children’s data feared stolen in Fortra ransomware attack | TechCrunch

• P&G confirms data breach - Global Cosmetics News

Phishing & Email Based Attacks

• Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)

• Exchange Online will soon start blocking emails from old, vulnerable on-prem servers - Help Net Security

• Volume of HTTPS Phishing Sites Surges 56% Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Identifying AI-Enabled Phishing (knowbe4.com)

• IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)

• These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar

• Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC scammers are after physical goods, the FBI warns - Help Net Security

• Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)

• New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• What is vishing (voice or VoIP phishing)? – TechTarget Definition

2FA/MFA

• What is Three-Factor Authentication? | Definition from TechTarget

Malware

• New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)

• MacStealer  macOS malware appears in cyber crime underground--Security Affairs

• Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert

• Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin

• North Korean malware-spreading, crypto-stealing gang named • The Register

• Malware disguised as Tor browser steals $400k in cryptocash • The Register

• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)

• Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

• Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)

• AlienFox malware caught in the cloud hen house • The Register

• Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)

• IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)

Mobile

• Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online

• Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)

• Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)

• Android app from China executed 0-day exploit on millions of devices | Ars Technica

• Google again accused of destroying evidence in Android case • The Register

• Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)

• Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile

• iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)

Botnets

• Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS DNS attacks are old-school, unsophisticated, and back • The Register

Internet of Things – IoT

• Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)

• This devious cyber attack can target all your smart speakers without you realizing | TechRadar

• Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register

Data Breaches/Leaks

• Fortra told breached companies their data was safe | TechCrunch

• Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)

• Latitude Financial cyber-attack worse than first thought with 14m customer records stolen | Business | The Guardian

• New York law firm coughs up $200k after hospital data stolen • The Register

• Toyota scrambles to patch customer data leak-Security Affairs

• ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation - SecurityWeek

• 500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• European Parliament Passes Historic Anti-Money Laundering Rules for Crypto Industry – More Regulation Incoming? (cryptonews.com)

• Malware disguised as Tor browser steals $400k in cryptocash • The Register

• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)

Insider Risk and Insider Threats

• Companies Struggle to Build and Run Effective Programs to Protect Data From Insider Threats - MSSP Alert

• Over 70% of Employees Keep Work Passwords on Personal Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Data loss from insider events increase despite IRM programs, says study | CSO Online

• Stop Blaming the End User for Security Risk (darkreading.com)

Fraud, Scams & Financial Crime

• Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security

• SMS pumping attacks and how to mitigate them | TechTarget

• Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert

• NCA Celebrates Multimillion-Pound Fraud Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

• How I fell for an internet scam (thetimes.co.uk)

Deepfakes

• AI has figured out how to draw deepfake hands | The Independent

AML/CFT/Sanctions

• European Parliament Passes Historic Anti-Money Laundering Rules for Crypto Industry – More Regulation Incoming? (cryptonews.com)

Insurance

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)

Supply Chain and Third Parties

• Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)

• Supply chain cyber attack with possible links to North Korea could have thousands of victims globally | CyberScoop

• Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)

• 'They outsmarted us.' 3CX CEO acknowledges mistakes handling potential supply chain cyberattack | CyberScoop

Cloud/SaaS

• Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)

• Where SSO Falls Short in Protecting SaaS (thehackernews.com)

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)

• Balancing security risks and innovation potential of shadow IT teams - Help Net Security

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data - SecurityWeek

• AlienFox malware caught in the cloud hen house • The Register

Hybrid/Remote Working

• Cyber security focus in second Digital Europe work programme – EURACTIV.com

• More companies are watching their remote workers WFH on camera | Fortune

Shadow IT

• Balancing security risks and innovation potential of shadow IT teams - Help Net Security

Identity and Access Management

• Legacy, password-based authentication systems are failing enterprise security, says study | CSO Online

Encryption

• OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023 - SecurityWeek

API

• Attacks Targeting APIs Increased By 400% in Last Six Months - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)

• New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru

• Over 70% of Employees Keep Work Passwords on Personal Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Legacy, password-based authentication systems are failing enterprise security, says study | CSO Online

Social Media

• France bans TikTok, all social media apps from government devices | CSO Online

Training, Education and Awareness

• The era of passive cyber security awareness training is over - Help Net Security

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries - IT Security Guru

Parental Controls and Child Safety

• Children’s data feared stolen in Fortra ransomware attack | TechCrunch

Regulations, Fines and Legislation

• UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek

• Call for Submissions to UK's New Computer Misuse Act - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• 3 Shifts in the Cyber Threat Landscape (trendmicro.com)

• Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)

• Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)

• It's Time to Rethink Security Culture, Match Confidence to Capabilities, Immersive Labs Reports - MSSP Alert

• How cyber security decision-makers perceive cyber resilience - Help Net Security

• NCSC issues revised security Board Toolkit for business leaders | Computer Weekly

• The CISO Mantra: Get Ready to Do More With Less (darkreading.com)

Models, Frameworks and Standards

• The best defence against cyber threats for lean security teams - Help Net Security

Backup and Recovery

• World Backup Day is here again – 5 tips to keep your precious data safe – Naked Security (sophos.com)

Law Enforcement Action and Take Downs

• FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)

• UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)

• Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)

• 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | Cyber scoop

• NCA Celebrates Multimillion-Pound Fraud Takedowns - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age - IT Security Guru

• UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek

• FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)

• Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News

• More companies are watching their remote workers WFH on camera | Fortune

Artificial Intelligence

• 'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns     - SecurityWeek

• Europol warns of criminal use of ChatGPT-Security Affairs

• In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED

• Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek

• AI-fuelled search gives more power to the bad guys | CSO Online

• Identifying AI-Enabled Phishing (knowbe4.com)

• Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat

• AI image of Pope Francis in a puffer jacket fooled the internet and experts fear there’s worse to come (inews.co.uk)

• Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)

• Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News

• ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation - SecurityWeek

• AI has figured out how to draw deepfake hands | The Independent

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)

• In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)

• ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics | Cyberwar | The Guardian

• Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert

• Beazley working on standalone cyber war product in market first (insuranceinsider.com)

• 'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)

• Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)

• China crisis is a TikToking time bomb • The Register

• Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)

• North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)

• Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)

• Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek

• Chinese tech firms banned over spy fears granted access to UK officials at security conference (inews.co.uk)

• Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)

• Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

• Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica

• Russian spies more effective than army, say experts - BBC News

• Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian

Nation State Actors

• Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register

• Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)

• Android app from China executed 0-day exploit on millions of devices | Ars Technica

• North Korean hackers turn to 'cloud mining' for crypto to avoid law enforcement scrutiny | CyberScoop

• China urges Apple to improve security and privacy • The Register

• Supply chain cyber attack with possible links to North Korea could have thousands of victims globally | CyberScoop

• North Korean malware-spreading, crypto-stealing gang named • The Register

• Chinese tech firms banned over spy fears granted access to UK officials at security conference (inews.co.uk)

• Smugglers busted sneaking tech into China • The Register

• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)

Vulnerability Management

• What you need before the next vulnerability hits - Help Net Security

• Vulnerability management vs. risk management, compared | TechTarget

• Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek

• Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)

• Ignoring network automation is a ticking time bomb for security - Help Net Security

Vulnerabilities

• Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek

• Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)

• Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)

• QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs

• Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)

• ChatGPT Vulnerability May Have Exposed Users’ Payment Information - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data - SecurityWeek

• Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs

• OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs

Tools and Controls

• Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)

• The era of passive cyber security awareness training is over - Help Net Security

• Silence gets you nowhere in a data breach | TechCrunch

• Only 10% of workers remember all their cyber security training - IT Security Guru

• Prioritizing data security amid workforce disruptions - Help Net Security

• Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)

• For database security it's down to people, not tech fixes • The Register

• Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security

• Understanding adversaries through dark web intelligence - Help Net Security

• Where SSO Falls Short in Protecting SaaS (thehackernews.com)

• How Does Data Literacy Enhance Data Security? (darkreading.com)

• CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)

• With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories

• Compare breach and attack simulation vs. penetration testing | TechTarget

• Ignoring network automation is a ticking time bomb for security - Help Net Security

• Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED

• Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)

• Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)

• Protect your entire business with the right authentication method - Help Net Security

• What Makes an Effective Anti-Bot Solution? - SecurityWeek

• Microsoft Defender is flagging legit URLs as malicious • The Register

• Managing security in the cloud through Microsoft Intune | CSO Online

• Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget

• Why Endpoint Resilience Matters - SecurityWeek

• The rise of biometrics and decentralized identity is a game-changer for identity verification - Help Net Security

• Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)

• The best defence against cyber threats for lean security teams - Help Net Security

• World Backup Day is here again – 5 tips to keep your precious data safe – Naked Security (sophos.com)

• Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security

• The foundation of a holistic identity security strategy - Help Net Security

• The CISO Mantra: Get Ready to Do More With Less (darkreading.com)

Reports Published in the Last Week

• Cyber security focus in second Digital Europe work programme – EURACTIV.com

• 2023 Ransomware Insights | Barracuda Networks

• 2023 State of Cloud Permissions Risks report now published - Microsoft Community Hub

Other News

• GoAnywhere Zero-Day Attack Hits Major Orgs - SecurityWeek

• Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online

• WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)

• Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)

• How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)

• Tech Industry Bids to Tackle Cyber-Mercenary Epidemic - Infosecurity Magazine (infosecurity-magazine.com)

• How Does Data Literacy Enhance Data Security? (darkreading.com)

• Microsoft uses carrot and stick with Exchange Online admins • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

• The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

• Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

• Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

• Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

• 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

• Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

• Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

• Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

• City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

• JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

• City Of London Traders Hit By Russia-Linked Cyber Attack (informationsecuritybuzz.com)

• New Nevada Ransomware targets Windows and VMware ESXi systems (bleepingcomputer.com)

• City of London on High Alert After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Copycat Criminals mimicking Lockbit gang in northern Europe security affairs

• Ransom-what? Learning from Hacked Hackers (secureworld.io)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• Council leader 'put her foot down' and refused to pay multi-million pound ransom demand from hackers - Teesside Live (gazettelive.co.uk)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• Cyber Attack Hits Derivatives Unit of Trading Software Firm ION - Bloomberg

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New Mimic Ransomware Abuses Windows Search Engine (cyber securitynews.com)

• Stratford University discloses ransomware attack — but which ransomware attack? (databreaches.net)

• Schools don't pay, but ransomware attacks still increasing | TechTarget

• Poser Hackers Impersonate LockBit in SMB Cyber attacks (darkreading.com)

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

• Nevada Ransomware Has Released Upgraded Locker security affairs

• LockBit Green ransomware variant borrows code from Conti one security affairs

• Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com)

• Ransomware attacks on public sector persist in January | TechTarget

• Ransomware attack on data firm ION could take days to fix -sources | Reuters

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Phishing & Email Based Attacks

• Phishing attacks are getting scarily sophisticated. Here's what to watch out for | ZDNET

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status (darkreading.com)

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Group Uses Open Source Tactics in Hundreds of Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyber attacks (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• Long Con Impersonates Financial Advisers to Target Victims (darkreading.com)

2FA/MFA

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malware

• How Can Disrupting DNS Communications Thwart a Malware Attack? (darkreading.com)

• Hackers use new IceBreaker malware to breach gaming companies (bleepingcomputer.com)

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

• PoS malware can block contactless payments to steal credit cards (bleepingcomputer.com)

• Experts Uncover the Identity of Mastermind Behind Golden Chickens Malware Service (thehackernews.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

• Malvertising attacks are distributing .NET malware loaders • The Register

• Hackers weaponize Microsoft Visual Studio add-ins to push malware (bleepingcomputer.com)

Mobile

• Google Fi data breach let hackers carry out SIM swap attacks (bleepingcomputer.com)

• Over 1,800 Android phishing forms for sale on cyber crime market (bleepingcomputer.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

Botnets

• New Threat: Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers (thehackernews.com)

Denial of Service/DoS/DDOS

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• New DDoS-as-a-Service platform used in recent attacks on hospitals (bleepingcomputer.com)

Internet of Things – IoT

• IoT, connected devices biggest contributors to expanding application attack surface | CSO Online

• European IoT Manufacturers Lag in Vulnerability Disclosure (databreachtoday.co.uk)

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• Anker finally comes clean about its Eufy security cameras - The Verge

Data Breaches/Leaks

• JD Sports warns data of 10mn customers put at risk in cyber attack | Financial Times (ft.com)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Planet Ice hacked! 240,000 skating fans' details stolen (bitdefender.com)

• If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can • Graham Cluley

Organised Crime & Criminal Actors

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime Ecosystem Spawns Lucrative Underground Gig Economy (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Cyber Insights 2023: Criminal Gangs - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• Most criminal cryptocurrency is funneled through just 5 exchanges | Ars Technica

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• HeadCrab malware targets Redis to mine cryptocurrency | TechTarget

Insider Risk and Insider Threats

• Insider attacks becoming more frequent, more difficult to detect - Help Net Security

• The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber security Breach Will Come from the Inside (darkreading.com)

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

• The next cyber threat may come from within - Help Net Security

• Insider threats: The cyber risks lurking in the dark (betanews.com)

• Executives Worry Equally About Insider Cyber Errors, Outsider Threats: How MSSPs Can Help - MSSP Alert

• Former Ubiquiti dev pleads guilty to data theft, extortion • The Register

Fraud, Scams & Financial Crime

• ‘Everything is fake’: how global crime gangs are using UK shell companies in multi-million pound crypto scams | Organised crime | The Guardian

• New 'Pig Butchering' Scam in West Africa Impersonates US Financial Advisors - Infosecurity Magazine (infosecurity-magazine.com)

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Oxford student jailed for £2m crypto theft after PhD blunder | News | The Times

• Porsche halts NFT launch, phishing sites fill the void (bleepingcomputer.com)

• Russian Millionaire on Trial in Hack, Insider Trade Scheme - SecurityWeek

• 6 Examples of the Evolution of a Scam Site (darkreading.com)

• Mobile phone fraud: 'They stole £22,500 using my banking app' - BBC News

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• Romance fraud losses rose 91% during the pandemic, claims UK's TSB bank | Tripwire

• Romance Fraudsters Have Stolen £65m From Brits Since 2020 (informationsecuritybuzz.com)

Impersonation Attacks

• DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000 - Infosecurity Magazine (infosecurity-magazine.com)

• Why CISOs Should Care About Brand Impersonation Scam Sites (darkreading.com)

AML/CFT/Sanctions

• As the anti-money laundering perimeter expands, who needs to be compliant, and how? - Help Net Security

Insurance

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• How $6 Can Buy Hacked Social Media & Streaming Accounts From the Dark Web, Whizcase Study Reveals (darkreading.com)

• Cyber crime job ads on the dark web pay up to $20k per month (bleepingcomputer.com)

• Developers, Attackers Top List of Most In Demand Dark Web Jobs, Kaspersky Reports - MSSP Alert

• Report on hackers' salaries shows poor wages for developers • The Register

Supply Chain and Third Parties

• 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis - SecurityWeek

• Almost all Organisations are Working with Recently Breached Vendors - Infosecurity Magazine (infosecurity-magazine.com)

• 50% of organisations have indirect relationships with 200+ breached fourth-party vendors - Help Net Security

• Cyber attack Impact “Catastrophic” for Third Parties, New Study Finds MSSPs at Risk? - MSSP Alert

• New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs | CSO Online

• CISA to Open Supply Chain Risk Management Office (darkreading.com)

• Cyber Insights 2023 | Supply Chain Security - SecurityWeek

Cloud/SaaS

• Misconfiguration and vulnerabilities biggest risks in cloud security: Report | CSO Online

• Hybrid cloud storage security challenges - Help Net Security

• Short-staffed SOCs struggle to gain visibility into cloud activities - Help Net Security

Containers

• Researchers Claim High-Risk Vulnerabilities Found in 87% of All Container Images - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• Serious Security: The Samba logon bug caused by outdated crypto – Naked Security (sophos.com)

• Encryption Explained: At Rest, In Transit & End-To-End Encryption | Splunk

• Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse - SecurityWeek

API

• The emergence of trinity attacks on APIs - Help Net Security

• API management (APIM): What It Is and Where It’s Going security affairs

Open Source

• Microsoft upgrades Defender to lock down Linux devices • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Bitwarden Password Manager users are being targeted by phishing ads on Google- gHacks Tech News

• KeePass disputes vulnerability allowing stealthy password theft (bleepingcomputer.com)

Social Media

• Inside TikTok’s proposal to address US national security concerns | CyberScoop

• Facebook Bug Allows 2FA Bypass Via Instagram (darkreading.com)

Malvertising

• Malvertising attacks are distributing .NET malware loaders • The Register

Training, Education and Awareness

• Are Your Employees Thinking Critically About Their Online Behaviours? (darkreading.com)

Regulations, Fines and Legislation

• Regulators weigh in on ION attack as LockBit takes credit • The Register

• New UN cyber crime convention has a long way to go in a tight timeframe | CSO Online

Governance, Risk and Compliance

• Business leaders need hands-on approach to stop cyber crime, says spy chief (telegraph.co.uk)

• New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year (darkreading.com)

• Financial Services Targeted in 28% of UK Cyber-Attacks Last Year - Infosecurity Magazine (infosecurity-magazine.com)

• 70% of CIOs anticipate their involvement in cyber security to increase - Help Net Security

• Cyber security Budgets Are Going Up. So Why Aren't Breaches Going Down? (thehackernews.com)

• Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk - IT Security Guru

• You Don't Know Where Your Secrets Are (thehackernews.com)

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• The corporate world is losing its grip on cyber risk | Financial Times (ft.com)

• IT and Security Professionals Spend an Average of 4,300 Hours Annually Achieving or Maintaining Compliance (darkreading.com)

Careers, Working in Cyber and Information Security

• Inability to prevent bad things from happening seen as the worst part of a security job - Help Net Security

• Thriving Dark Web Trade in Fake Security Certifications - Infosecurity Magazine (infosecurity-magazine.com)

• The Effect of Cyber security Layoffs on Cyber security Recruitment - SecurityWeek

• Economic headwinds could deepen the cyber security skills shortage | CSO Online

Law Enforcement Action and Take Downs

• 7 Ways Hive Ransomware Gang Caused Chaos Before FBI Hacked It (gizmodo.com)

• US puts a $10m bounty on Hive while Russia shuts down access • The Register

• Hacker accused of having stolen personal data of all Austrians security affairs

• Alleged ShinyHunters gang member in US court • The Register

• Risk & Repeat: The FBI's Hive ransomware takedown | TechTarget

Privacy, Surveillance and Mass Monitoring

• On Data Privacy Day, Organisations Fail Data Privacy Expectations (darkreading.com)

• Hacker accused of having stolen personal data of all Austrians security affairs

• Enterprises Need to Do More to Assure Consumers About Privacy (darkreading.com)

Artificial Intelligence

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• OpenAI releases tool to detect AI-written text (bleepingcomputer.com)

• Reality check: Is ChatGPT really the next big cyber security threat? | CyberScoop

• Cyber Insights 2023: Artificial Intelligence - SecurityWeek

Misinformation, Disinformation and Propaganda

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

• New APT34 Malware Targets The Middle East (trendmicro.com)

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

• Cyber Insights 2023: The Geopolitical Effect - SecurityWeek

Nation State Actors

Nation State Actors – Russia

• Russian Nuisance Hacking Group KillNet Targets Germany (govinfosecurity.com)

• Russian hackers launch cyber attack on Germany in Leopard retaliation | Euronews

• Ukraine Links Media Centre Attack to Russian Intelligence (govinfosecurity.com)

• Latvia confirms phishing attack on Ministry of Defence, linking it to Russian hacking group - The Record from Recorded Future News

• A Link to News Site Meduza Can (Technically) Land You in Russian Prison | WIRED

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

• Russia-Linked APT29 Uses New Malware in Embassy Attacks - SecurityWeek

• Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine (darkreading.com)

• Russia-linked Hackers Launch DDoS Attacks on Germany and US. Hospitals, Threaten Canada - MSSP Alert

• Latvia says Russian hackers tried to phish its Ministry of Defence (bitdefender.com)

• Killnet Attackers DDoS US and Dutch Hospitals - Infosecurity Magazine (infosecurity-magazine.com)

• IT Army of Ukraine gained access to 1.5GB archive from Gazprom security affairs

• There’s a Wild Scramble for Control of the Dark Web Taking Place in Russia (vice.com)

• Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows (darkreading.com)

Nation State Actors – China

• Google deletes 50,000 pro-China fake-news vids and blogs • The Register

• Google: Influence Operator Dragonbridge Floods Social Media in Sprawling Cyber Campaign (darkreading.com)

• TikTok CEO to testify before US. Congress over security concerns | Reuters

Nation State Actors – North Korea

• FBI: North Korea’s Lazarus Group behind $100m crypto attack • The Register

• Lazarus Group Attack Identified After Operational Security Fail - Infosecurity Magazine (infosecurity-magazine.com)

• Crypto theft: North Korea-linked hackers stole $1.7b in 2022 - BBC News

• North Korean hackers stole research data in two-month-long breach (bleepingcomputer.com)

Nation State Actors – Iran

• Iranian APT Leaks Data From Saudi Arabia Government Under New Persona - SecurityWeek

• British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries (thehackernews.com)

Nation State Actors – Misc

• Foreign states already using ChatGPT maliciously, UK IT leaders believe | CSO Online

• New APT34 Malware Targets The Middle East (trendmicro.com)

• APT groups use ransomware TTPs as cover for intelligence gathering and sabotage | CSO Online

Vulnerability Management

• The future of vulnerability management and patch compliance - Help Net Security

• What is the CVSS (Common Vulnerability Scoring System)? (techtarget.com)

Vulnerabilities

• Researchers to release VMware vRealize Log RCE exploit, patch now (bleepingcomputer.com)

• Patch management is crucial to protect Exchange servers, Microsoft warns security affairs

• Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (thehackernews.com)

• QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (thehackernews.com)

• Over 29,000 QNAP devices unpatched against new critical flaw (bleepingcomputer.com)

• Firmware Flaws Could Spell 'Lights Out' for Servers (darkreading.com)

• Why you might not be done with your January Microsoft security patches | CSO Online

• Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ | The Daily Swig (portswigger.net)

• HPE, NetApp warn of critical open-source bug | SC Media (scmagazine.com)

• High-severity bug in F5 BIG-IP can lead to code execution and DoS security affairs

• Cisco fixes bug allowing backdoor persistence between reboots (bleepingcomputer.com)

• Atlassian's Jira Software Found Vulnerable to Critical Authentication Vulnerability (thehackernews.com)

• CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack (thehackernews.com)

• Threat activity increasing around Fortinet VPN vulnerability | TechTarget

• Remote code execution exploit chain available for VMware vRealize Log Insight | CSO Online

Tools and Controls

• Gartner report shows zero trust isn’t a silver bullet | VentureBeat

Other News

• We can't rely on goodwill to protect our critical infrastructure - Help Net Security

• Playing Military Sim War Thunder May Get You Classed as a National Security Risk

• Cyber attacks in space: How safe are our satellites? | Metro News

• Threat Actors Use ClickFunnels to Bypass Security Services - Infosecurity Magazine (infosecurity-magazine.com)

• Massive Microsoft 365 outage caused by WAN router IP change (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Quarter of UK SMBs Hit by Ransomware in 2022

Over one in four (26%) British SMBs have been targeted by ransomware over the past year, with half (47%) of those compromised paying their extorters, according to new data from anti-virus provider Avast. The security vendor polled 1000 IT decision makers from UK SMBs back in October, to better understand the risk landscape over the previous 12 months.

More than two-thirds (68%) of respondents said they are more concerned about being attacked since the start of the war in Ukraine, fuelling concerns that have led to half (50%) investing in cyber-insurance. They’re wise to do so, considering that 41% of those hit by ransomware lost data, while 34% lost access to devices, according to Avast.

Given that SMBs comprise over 99% of private sector businesses in the country, it’s reassuring that cyber is now being viewed as a major business risk. Nearly half (48%) ranked it as one of the biggest threats they currently face, versus 66% who cited financial risk stemming from surging operational cost. More respondents cited cyber as a top threat than did physical security (35%) and supply chain disruption (33%).

Avast argued that SMBs are among the groups most vulnerable to cyber-threats as they often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are SMB’s lacking in their defence, but they’re also slower and less able to react to incidents.

https://www.infosecurity-magazine.com/news/quarter-of-uk-smbs-hit-ransomware/

• Global Cyber Attack Volume Surges 38% in 2022

The number of cyber attacks recorded last year was nearly two-fifths (38%) greater than the total volume observed in 2021, according to Check Point.

The security vendor claimed the increase was largely due to a surge in attacks on healthcare organisations, which saw the largest year-on-year (YoY) increase (74%), and the activities of smaller, more agile hacking groups.

Overall, attacks reached an all-time high in Q4 with an average of 1168 weekly attacks per organisation. The average weekly figures for the year were highest for education sector organisations (2314), government and military (1661) and healthcare (1463).

Threat actors appear to have capitalised on gaps in security created by the shift to remote working. The ransomware ecosystem is continuing to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement. Hackers are also now increasingly widening their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These make for a rich source of sensitive data given that most organisations’ employees continue to work remotely.

It is predicted that AI tools like ChatGPT would help to fuel a continued surge in attacks in 2023 by making it quicker and easier for bad actors to generate malicious code and emails.

Recorded cyber-attacks on US organisations grew 57% YoY in 2022, while the figure was even higher in the UK (77%). This chimes with data from UK ISP Beaming, which found that 2022 was the busiest year on record for attacks. It recorded 687,489 attempts to breach UK businesses in 2022 – the equivalent of one attack every 46 seconds.

https://www.infosecurity-magazine.com/news/global-cyberattack-volume-surges/

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite the Majority of Employees Having Access to Critical Data

New research from cyber security provider Hornetsecurity has found that 33% of companies are not providing any cyber security awareness training to users who work remotely.

The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely. The popularity of hybrid work, and the associated risks, means that companies must prioritise training and education to make remote working safe.

Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations and greater responsibility falls on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk.

The independent survey, which quizzed 925 IT professionals from a range of business types and sizes globally, highlighted the security management challenges and employee cyber security risk when working remotely. The research revealed two core problems causing risk: employees having access to critical data, and not enough training being provided on how to manage cyber security or how to reduce the risk of a cyber-attack or breach.

https://www.darkreading.com/vulnerabilities-threats/1-in-3-organizations-do-not-provide-any-cybersecurity-training-to-remote-workers-despite-a-majority-of-employees-having-access-to-critical-data

• AI-Generated Phishing Attacks Are Becoming More Convincing

It's time for you and your colleagues to become more sceptical about what you read.

That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harass, and spread fake news.

Experts at WithSecure have described their investigations into just how easy it is to automate the creation of credible yet malicious content at incredible speed. Amongst the use cases explored by the research were the use of GPT-3 models to create:

• Phishing content – emails or messages designed to trick a user into opening a malicious attachment or visiting a malicious link

• Social opposition – social media messages designed to troll and harass individuals or to cause brand damage

• Social validation – social media messages designed to advertise or sell, or to legitimise a scam

• Fake news – research into how well GPT-3 can generate convincing fake news articles of events that weren’t part of its training set

All of these could, of course, be useful to cyber criminals hell-bent on scamming the unwary or spreading unrest.

https://www.tripwire.com/state-of-security/ai-generated-phishing-attacks-are-becoming-more-convincing

• Customer and Employee Data the Top Prize for Hackers

The theft of customer and employee data accounts for almost half (45%) of all stolen data between July 2021 and June 2022, according to a new report from cyber security solution provider Imperva.

The data is part of a 12-month analysis by Imperva Threat Research on the trends and threats related to data security in its report “More Lessons Learned from Analysing 100 Data Breaches”.

Their analysis found that theft of credit card information and password details dropped by 64% compared to 2021. The decline in stolen credit card and password data pointing to the uptake of basic security tactics like multi-factor authentication (MFA). However, in the long term, PII data is the most valuable data to cyber-criminals. With enough stolen PII, they can engage in full-on identity theft which is hugely profitable and very difficult to prevent. Credit cards and passwords can be changed the second there is a breach, but when PII is stolen, it can be years before it is weaponised by hackers.

The research also revealed the root causes of data breaches, with social engineering (17%) and unsecured databases (15%) two of the biggest culprits. Misconfigured applications were only responsible for 2% of data breaches, but Imperva said that businesses should expect this figure to rise in the near future, particularly with cloud-managed infrastructure where configuring for security requires significant expertise.

It’s really concerning that a third (32%) of data breaches are down to unsecured databases and social engineering attacks, since they’re both straightforward to mitigate. A publicly open database dramatically increases the risk of a breach and, all too often, they are left like this not out of a failure of security practices but rather the total absence of any security posture at all.

https://www.infosecurity-magazine.com/news/customer-employee-data-hackers/

• Royal Mail hit by Ransomware Attack, Causes ‘Severe Disruption’ to Services

Royal Mail experienced “severe service disruption” to its international export services following a ransomware attack, the company has announced. A statement said it was temporarily unable to despatch export items including letters and parcels to overseas destinations.

Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue” and advising that “Some customers may experience delay or disruption to items already shipped for export.”

The attack was later attributed to LockBit, a prolific ransomware gang with close ties to Russia. Both the NCSC and the NCA were involved in responding to the incident.

https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html

• The Guardian Confirms Personal Information Compromised in Ransomware Attack

British news organisation The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022.

The company fell victim to the attack just days before Christmas, when it instructed staff to work from home, announcing network disruptions that mostly impacted the print newspaper.

Right from the start, the Guardian said it suspected ransomware to have been involved in the incident, and this week the company confirmed that this was indeed the case. In an email to staff on Wednesday, The Guardian Media Group’s chief executive and the Guardian’s editor-in-chief said that the sophisticated cyber attack was likely the result of phishing.

They also announced that the personal information of UK staff members was compromised in the attack, but said that reader data and the information of US and Australia staff was not impacted. “We have seen no evidence that any data has been exposed online thus far and we continue to monitor this very closely,” the Guardian representatives said. While the attack forced the Guardian staff to work from home, online publishing has been unaffected, and production of daily newspapers has continued as well.

“We believe this was a criminal ransomware attack, and not the specific targeting of the Guardian as a media organisation,” the Guardian said.

The company continues to work on recovery and estimates that critical systems would be restored in the next two weeks. Staff, however, will continue to work from home until at least early February. “These attacks have become more frequent and sophisticated in the past three years, against organisations of all sizes, and kinds, in all countries,” the Guardian said.

https://www.securityweek.com/guardian-confirms-personal-information-compromised-ransomware-attack

• Ransomware Gang Releases Info Stolen from 14 UK Schools, Including Passport Scans

Another month, another release of personal information stolen from a school system. This time, it's a group of 14 schools in the United Kingdom.

Once again, the perpetrator appears to be Vice Society, which is well known for targeting educational systems in the US. As the Cybersecurity and Infrastructure Security Agency (CISA) pointed out in a bulletin from Sept. 6, "K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers."

The UK hack may have turned up even more confidential information than the Los Angeles school system breach last year. As the BBC reported on Jan. 6, "One folder marked 'passports' contains passport scans for pupils and parents on school trips going back to 2011, whereas another marked 'contract' contains contractual offers made to staff alongside teaching documents on muscle contractions."

Some prominent school cyber attacks in the US include public school districts in Chicago, Baltimore, and Los Angeles. A new study from digital learning platform Clever claims that one in four schools experienced a cyber-incident over the past year, and according to a new report from security software vendor Emsisoft, at least 45 school districts and 44 higher learning institutions suffered ransomware attacks in 2022.

Schools are an attractive target as they are typically data-rich and resource-poor. Without proper resources in terms of dedicated staffing and the necessary tools and training to protect against cyber-attacks, schools can be a soft target. Many of the 14 schools hit by this latest leak are colleges and universities, but primary and secondary schools were also hit, according to the BBC's list.

https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

• The Dark Web’s Criminal Minds See Internet of Things as Next Big Hacking Prize

Cyber security experts say 2022 may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Criminal groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when they realise that it works to do damage or to get people to pay. Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked.

What many experts are anticipating is the day enterprising criminals or hackers affiliated with a nation-state figure out an easy-to-replicate scheme using IoT devices at scale. A group of criminals, perhaps connected to a foreign government, could figure out how to take control of many things at once – like cars, or medical devices. There have already been large-scale attacks using IoT, in the form of IoT botnets. In that case, actors leveraging unpatched vulnerabilities in IoT devices used control of those devices to carry out denial of service attacks against many targets. Those vulnerabilities are found regularly in ubiquitous products that are rarely updated.

In other words, the possibility already exists. It’s only a question of when a criminal or a nation decides to act in a way that targets the physical world at a large scale. There are a handful of companies, new regulatory approaches, a growing focus on cars as a particularly important area, and a new movement within the software engineering world to do a better job of incorporating cyber security from the beginning.

https://www.cnbc.com/2023/01/09/the-dark-webs-criminal-minds-see-iot-as-the-next-big-hacking-prize.html

• Corrupted File to Blame for Computer Glitch which Grounded Every US Flight

A corrupted file has been blamed for a glitch on the Federal Aviation Administration's computer system which saw every flight grounded across the US.

All outbound flights were grounded until around 9am Eastern Time (2pm GMT) on Wednesday as the FAA worked to restore its Notice to Air Missions (NOTAM) system, which alerts pilots of potential hazards along a flight route.

On Wednesday 4,948 flights within, into or out of the US had been delayed, according to flight tracker FlightAware.com, while 868 had been cancelled. Most delays were concentrated along the East Coast. Normal air traffic operations resumed gradually across the US following the outage to the NOTAM system that provides safety information to flight crews.

A corrupted file affected both the primary and the backup systems, a senior government official told NBC News on Wednesday night, adding that officials continue to investigate. Whilst Government officials said there was no evidence of a cyber attack, it shows the real world impacts that an outage or corrupted file can cause.

https://news.sky.com/story/all-flights-across-us-grounded-due-to-faa-computer-system-glitch-us-media-12784252

Threats

Ransomware, Extortion and Destructive Attacks

• Royal Mail unable to despatch items abroad after 'cyber incident' | UK News | Sky News

• Lorenz ransomware gang plants backdoors to use months later (bleepingcomputer.com)

• Quarter of UK SMBs Hit by Ransomware in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Worldwide Ransomware Attacks Trend (informationsecuritybuzz.com)

• LastPass Faces Class-Action Lawsuit Over Password Vault Breach (pcmag.com)

• 10 of the biggest ransomware attacks of 2022 | TechTarget

• Rackspace: Ransomware actor accessed 27 customers' data | TechTarget

• Hackers demand £15 million ransom from Hull and Yorkshire schools after cyber attack - Hull Live (hulldailymail.co.uk)

• Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

• Risk & Repeat: Analysing the Rackspace ransomware attack | TechTarget

• Guardian confirms it was hit by ransomware attack | The Guardian | The Guardian

• Post-ransomware attack, The Guardian warns staff their personal data was accessed • Graham Cluley

• The Guardian Confirms Personal Information Compromised in Ransomware Attack | SecurityWeek.Com

• Royal Mail cyber attack linked to LockBit ransomware operation (bleepingcomputer.com)

• The Guardian Confirms UK Members' Data Was Accessed in Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Hive Ransomware leaked 550 GB stolen from Consulate Health Care - Security Affairs

• Iowa’s largest school district cancels classes after cyber attack (bleepingcomputer.com)

• Hackers leak sensitive files after attack on San Francisco transit police (nbcnews.com)

• Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)

• Ransomware attack at Hope Sentamu Learning Trust in York | York Press

Phishing & Email Based Attacks

• AI-generated phishing emails just got much more convincing • The Register

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• AI-generated phishing attacks are becoming more convincing | Tripwire

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

Malware

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• Dridex Malware Now Attacking macOS Systems with Novel Infection Method (thehackernews.com)

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Over 1,300 fake AnyDesk sites push Vidar info-stealing malware (bleepingcomputer.com)

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors (thehackernews.com)

• 6 PyPI Packages Detour Firewall Using Cloudflare Tunnels (informationsecuritybuzz.com)

• Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL (bleepingcomputer.com)

• Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls (bleepingcomputer.com)

• Gootkit Loader Actively Targets Australian Healthcare Industry (trendmicro.com)

• Raspberry Robin's botnet second life - SEKOIA.IO Blog

• Telegram Bot Abuse For Phishing Increased By 800% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours (thehackernews.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• VLC media player is being hiajcked to send out malware | TechRadar

• RAT malware campaign tries to evade detection using polyglot files (bleepingcomputer.com)

• Italian Users Warned of Malware Attack Targeting Sensitive Information (thehackernews.com)

• Hackers push fake Pokemon NFT game to take over Windows devices (bleepingcomputer.com)

• How to protect yourself from bot-driven account fraud - Help Net Security

Mobile

• Android spyware strikes again targeting financial institutions and your money | Fox News

• Messenger billed as better than Signal is riddled with vulnerabilities | Ars Technica

• StrongPity hackers target Android users via trojanized Telegram app (bleepingcomputer.com)

• Threema claims encryption flaws never had a real-world impact (bleepingcomputer.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

Denial of Service/DoS/DDOS

• How to Defend Against any Type of DNS Attack | A10 Networks

• The most significant DDoS attacks in the past year - Help Net Security

• Multiple Danish Banks Disrupted By DDoS Cyber-Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (thehackernews.com)

• Serbia Slammed With DDoS Attacks (darkreading.com)

Internet of Things – IoT

• The dark web's criminal minds see IoT as the next big hacking prize (cnbc.com)

• Android TV box on Amazon came pre-installed with malware (bleepingcomputer.com)

• Hackers can trick Wi-Fi devices into draining their own batteries | New Scientist

Data Breaches/Leaks

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• 14 UK schools hit by cyber attack and documents leaked - BBC News

• Air France and KLM notify customers of account hacks (bleepingcomputer.com)

• Vice Society Releases Info Stolen From 14 UK Schools, Including Passport Scans (darkreading.com)

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• 6 oversights that enable data breaches - Help Net Security

• CircleCI – code-building service suffers total credential compromise – Naked Security (sophos.com)

• Aflac's Japan says US partner leaked cancer customer info • The Register

• Data leak exposes information of 10,000 French social security beneficiaries | CSO Online

• Chick-fil-A investigates reports of hacked customer accounts (bleepingcomputer.com)

• Oxford University dating website for staff and students shut down after ‘huge data breach’ | News | The Times

• SolarWinds shareholders appeal Orion breach lawsuit to Delaware Supreme Court | SC Media (scmagazine.com)

Organised Crime & Criminal Actors

• JP Morgan must face suit over $272m cybertheft • The Register

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Russian Cyber Crew Targets Ukraine Financial Sector Via Infected USB Drives - MSSP Alert

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• Researchers Find 'Digital Crime Haven' While Investigating Magecart Activity (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• 2022 Was the Biggest Year Yet for Crypto, if You're a Crook (gizmodo.com)

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• European cops shut down fake crypto call centres • The Register

• Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL (thehackernews.com)

Fraud, Scams & Financial Crime

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

• Nationwide warns ‘checking is important’ as thousands targeted in online scam | Personal Finance |

• How to protect yourself from bot-driven account fraud - Help Net Security

Insurance

• Insurance Co. Beazley Launches $45M 'Cyber Catastrophe Bond' (gizmodo.com)

• Insurer Beazley launches first catastrophe bond for cyber threats | Financial Times (ft.com)

• 4 Cyber Insurance Requirement Predictions for 2023 (trendmicro.com)

Dark Web

• Threat actors claim access to Telegram servers through insiders - Security Affairs

• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)

• Pakistan tells government agencies to avoid the dark web • The Register

Software Supply Chain

• Software Supply Chain Security Needs a Bigger Picture (darkreading.com)

Cloud/SaaS

• Attackers abuse business-critical cloud apps to deliver malware - Help Net Security

• Top SaaS Cyber security Threats in 2023: Are You Ready? (thehackernews.com)

• Why Do User Permissions Matter for SaaS Security? (thehackernews.com)

Attack Surface Management

• Why the atomized network is growing, and how to protect it - Help Net Security

• Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security (darkreading.com)

Identity and Access Management

• 4 identity security trends to watch in 2023 - Help Net Security

Encryption

• RSA crypto cracked? Or perhaps not! – Naked Security (sophos.com)

• What is Triple DES and why is it being disallowed? | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• A fifth of passwords used by federal agency cracked in security audit | Ars Technica

• Why FIDO and passwordless authentication is the future - Help Net Security

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

Social Media

• Twitter Data Leak: What the Exposure of 200 Million User Emails Means for You | WIRED

• Twitter's mushrooming data breach crisis could prove costly | CSO Online

• New Spyware Variant with RAT Capabilities Targeting Financial Institutions, Social Media - MSSP Alert

• Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (thehackernews.com)

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• 'Copyright Infringement' Lure Used for Facebook Credential Harvesting (darkreading.com)

Training, Education and Awareness

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

Regulations, Fines and Legislation

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

Governance, Risk and Compliance

• US cyber security director: The tech ecosystem has ‘become really unsafe’ (yahoo.com)

• Global Cyber-Attack Volume Surges 38% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Customer and Employee Data the Top Prize for Hackers – Imperva - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 3 Organisations Do Not Provide Any Cyber Security Training to Remote Workers Despite a Majority of Employees Having Access to Critical Data (darkreading.com)

• Global Risks Report: Understand the risk landscape in 2023 and beyond - Help Net Security

• 6 oversights that enable data breaches - Help Net Security

• Why Analysing Past Incidents Helps Teams More Than Usual Security Metrics (darkreading.com)

• Cyber security spending and economic headwinds in 2023 | CSO Online

• How to Ensure Cyber Security Investments Remain a Priority Across Your Organisation (darkreading.com)

• Practical Risk Management - Beyond Certification (informationsecuritybuzz.com)

• Vulnerable software, low incident reporting raises risks | TechTarget

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

Careers, Working in Cyber and Information Security

• Cyber security staff are struggling. Here's how to support them better | ZDNET

Law Enforcement Action and Take Downs

• European cops shut down fake crypto call centres • The Register

• European police takes down call centres behind cryptocurrency scams (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

Artificial Intelligence

• AI-generated phishing emails just got much more convincing • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

• How hackers might be exploiting ChatGPT | Cybernews

• Better Phishing, Easy Malicious Implants: How AI Could Change Cyber attacks (darkreading.com)

• VALL-E AI can mimic a person’s voice from a 3-second snippet • The Register

• ChatGPT Artificial Intelligence: An Upcoming Cyber security Threat? (darkreading.com)

• Hackers Exploiting OpenAI’s ChatGPT to Deploy Malware (hackread.com)

• Cyber criminals are already using ChatGPT to own you | SC Media (scmagazine.com)

• Trojan Puzzle attack trains AI assistants into suggesting malicious code (bleepingcomputer.com)

• The ChatGPT bot is causing panic now – but it’ll soon be as mundane a tool as Excel | John Naughton | The Guardian

• How hackers might be exploiting ChatGPT | Cybernews

• ChatGPT Used to Develop New Malicious Tools - Infosecurity Magazine (infosecurity-magazine.com)

• Technical And Legal Risks Of ChatGPT: How Prepared Are We With Laws On AI? (informationsecuritybuzz.com)

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Turla, a Russian Espionage Group, Piggybacked on Other Hackers' USB Infections | WIRED

• Russia’s Turla falls back on old malware C2 domains to avoid detection | Computer Weekly

• Ukraine: Russian Cyber-Attacks Should Be Considered War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• Exclusive: Russian hackers targeted U.S. nuclear scientists | Reuters

• Russian cyber attacks on Ukraine halved with help from Amazon and Microsoft (telegraph.co.uk)

• How Elon Musk’s Starlink has changed warfare | The Economist

• Big Prizes, Cash on Offer for Joining 'DDosia' Anti-Ukraine Cyber attack Project (darkreading.com)

• Phishing campaign targets government institution in Moldova - Security Affairs

• Serbia Slammed With DDoS Attacks (darkreading.com)

• Russian and Belarusian men charged with spying for Russian GRU - Security Affairs

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – China

• Hidden Chinese tracking device 'found in UK Government car' sparks national security fears (inews.co.uk)

• Many of 13 New Mac Malware Families Discovered in 2022 Linked to China | SecurityWeek.Com

• If governments are banning TikTok, why is it still on your corporate devices? | CSO Online

• Musk's Starlink Satellite's Role In Ukraine War Inspires Taiwan To Thwart Potential China Attack

Nation State Actors – Iran

• Iran says it foiled cyber attack on central bank | Reuters

Nation State Actors – Misc

• New APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organisations (cyberscoop.com)

• New Dark Pink APT group targets govt and military with custom malware (bleepingcomputer.com)

Vulnerability Management

Applications Five Years or Older Likely to have Security Flaws - Infosecurity Magazine (infosecurity-magazine.com)

Patch Where it Hurts: Effective Vulnerability Management in 2023 (thehackernews.com)

70% of apps contain at least one security flaw after 5 years in production - Help Net Security

Rackspace Ransomware Incident Highlights Risks of Relying on Mitigation Alone (darkreading.com)

Does a hybrid model for vulnerability management make sense? • Graham Cluley

Vulnerabilities

• Microsoft Patch Tuesday: 97 Windows Vulns, 1 Exploited Zero-Day | SecurityWeek.Com

• Microsoft plugs actively exploited zero-day hole (CVE-2023-21674) - Help Net Security

• The Roadmap to Secure Access Service Edge (SASE) - MSSP Alert

• Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica

• Chrome 109 Patches 17 Vulnerabilities | SecurityWeek.Com

• Cyber criminals bypass Windows security with driver-vulnerability exploit | CSO Online

• Google Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion Users - Infosecurity Magazine (infosecurity-magazine.com)

• Attackers target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 - Security Affairs

• Adobe Plugs Security Holes in Acrobat, Reader Software | SecurityWeek.Com

• Zoom Patches High Risk Flaws on Windows, MacOS Platforms | SecurityWeek.Com

• Cisco warns of auth bypass bug with public exploit in EoL routers (bleepingcomputer.com)

• Swiss Threema messaging app found to have vulnerabilities • The Register

• Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability (thehackernews.com)

• Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica

• Critical bug in Cisco Small Business Routers will receive no patch - Security Affairs

• Severe Vulnerabilities Allow Hacking of Asus Gaming Router | SecurityWeek.Com

• JsonWebToken Security Bug Opens Servers to RCE (darkreading.com)

• Latest Firmware Flaws in Qualcomm Snapdragon Need Attention (darkreading.com)

Tools and Controls

• How to prevent and detect lateral movement attacks | TechTarget

• 65% of Organisations Plan to Adopt a Security Service Edge Platform in Next 2 Years: Axis Security (darkreading.com)

• How Will a Recession Will Affect CISOs? | SecurityWeek.Com

• What is Red Teaming & How it Benefits Orgs (trendmicro.com)

• Data Loss Prevention Capability Guide (informationsecuritybuzz.com)

• 4 key shifts in the breach and attack simulation (BAS) market - Help Net Security

• How to prioritize effectively with threat modeling • The Register

• XDR and the Age-old Problem of Alert Fatigue | SecurityWeek.Com

• 11 top XDR tools and how to evaluate them | CSO Online

• Why FIDO and passwordless authentication is the future - Help Net Security

• Why it might be time to consider using FIDO-based authentication devices | CSO Online

• How to Defend Against any Type of DNS Attack | A10 Networks

• DHS, CISA plan AI-based cyber security analytics sandbox • The Register

• ChatGPT: The infosec assistant that is jack of all trades, master of none - Help Net Security

Other News

• Better Include Physical Security With Cyber security | T&D World

• 6 oversights that enable data breaches - Help Net Security

• It’s official: Digital trust really matters to everyone online - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.