Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 March 2024
Black Arrow Cyber Threat Intelligence Briefing 08 March 2024:
-FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransomw Demand Reaching $600k
-Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
-Employment Law Firm Sues IT Company Over Ransomware Attack
-Stolen Passwords are a Hacker Goldmine
-Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
-Business Leaders Don’t Even Know They’ve Been Hacked
-Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
-Security Risks Plague SMEs in Shift to Remote Working
-After Collecting $22 Million, Ransomware Group Stages FBI Takedown
-Cyber Attacks Remain Chief Concern for Businesses
-Two New Ransomware Groups Join Forces to Launch Joint Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k
An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.
Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]
Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.
Source: [ITPro]
Employment Law Firm Sues IT Company Over Ransomware Attack
A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.
Source: [Law360]
Stolen Passwords are a Hacker Goldmine
Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.
Sources: [Bleeping Computer] [Axios]
Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.
Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.
Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]
Business Leaders Don’t Even Know They’ve Been Hacked
A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.
Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.
Source: [Tech.Co]
Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.
Sources: [TechRadar] [Comms Business]
C-Suite Executives: An Attacker’s Dream?
Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.
Source: [SecurityBrief New Zealand]
Security Risks Plague SMEs in Shift to Remote Working
In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.
Source: [SecurityBrief New Zealand]
After Collecting $22 Million, Ransomware Group Stages FBI Takedown
The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.
Source: [Ars Technica]
Cyber Attacks Remain Chief Concern for Businesses
A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.
Source: [TheHRDirector]
Two New Ransomware Groups Join Forces to Launch Joint Attacks
Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.
Source: [The Hacker News]
Governance, Risk and Compliance
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)
What Cyber Security Chiefs Need From Their CEOs (darkreading.com)
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)
Are C-suite executives cyber security's weakest link? (securitybrief.co.nz
30 years of the CISO role – how things have changed since Steve Katz | CSO Online
How to create an efficient governance control program - Help Net Security
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Research finds that cyber security leaders are taking on multiple roles | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard
What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)
Banning ransomware payments back on the agenda | Computer Weekly
BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register
US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)
Experts echo calls for ransomware ban as LockBit rallies • The Register
Government urged to ban ransom payments to cyber criminals (computing.co.uk)
Ransomware spikes against critical infrastructure, says FBI • The Register
Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security
Government was third-largest ransomware target last year: FBI - Defense One
JetBrains TeamCity under attack by ransomware thugs • The Register
Ransomware Victims
A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica
Change Healthcare hack cripples payment systems across health providers - The Washington Post
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED
Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)
Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine
Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week
Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)
Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times
Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Possible China link to Change Healthcare ransomware attack • The Register
Action needed to avoid repeat of Southern Water cyber attack - Utility Week
Phishing & Email Based Attacks
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
How attackers leverage social engineering for greater scamming success | CSO Online
Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week
Annual State of Email Security by the Numbers - Security Boulevard
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Other Social Engineering
How attackers leverage social engineering for greater scamming success | CSO Online
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)
Artificial Intelligence
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
AI tools put companies at risk of data exfiltration - Help Net Security
Don't Give Your Business Data to AI Companies (darkreading.com)
Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Immediate AI risks and tomorrow's dangers - Help Net Security
Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)
2FA/MFA
Malware
No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)
Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)
New Linux malware found targeting mobile networks across the world | TechRadar
ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)
Malware is coming for your ChatGPT credentials • The Register
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
AI worm that infects computers and reads emails created by researchers | The Independent
New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Mobile
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
Apple warns of increased iPhone security risks | Computerworld
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog
The Importance of Cyber security for Your Smart Devices | HackerNoon
Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)
Popular doorbell camera brands contain security flaws, making them easy to hack: Report | The Hill
NCSC flags up cyber security for connected places | UKAuthority
The Importance of Cyber Security for Your Smart Devices | HackerNoon
Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)
Data Breaches/Leaks
The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)
A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Fidelity Investments Notifying 28,000 People of Data Breach - Security Week
AI tools put companies at risk of data exfiltration - Help Net Security
4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)
Organised Crime & Criminal Actors
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Crypto fraud in 2023: How can security teams fight (securityintelligence.com)
Insider Risk and Insider Threats
Comms Business - Insider threat main concern among mid-market firms
Current workforce trends feed into rising cyber security risks | TechRadar
Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)
Supply Chain and Third Parties
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Cloud/SaaS
10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
Identity and Access Management
Encryption
Linux and Open Source
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
Malware is coming for your ChatGPT credentials • The Register
Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)
Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)
US State AGs tell Meta to fix rampant account takeovers • The Register
Social Media
Google and Meta users see their 2FA security codes leaked online - Root-Nation.com
“Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert
Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED
US State AGs tell Meta to fix rampant account takeovers • The Register
Training, Education and Awareness
Regulations, Fines and Legislation
EU council welcomes cyber solidarity act agreement (verdict.co.uk)
The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)
Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard
Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security
Models, Frameworks and Standards
NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
Data Protection
Careers, Working in Cyber and Information Security
11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Law Enforcement Action and Take Downs
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
A cyber criminal is sentenced, will it make a difference? - Help Net Security
Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru
We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters
Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)
Possible China link to Change Healthcare ransomware attack • The Register
A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Russia
The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)
A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)
Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg
Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian
Valuable Russian Military Documents Exposed: Report (newsweek.com)
Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard
North Korea
Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Organisations are knowingly releasing vulnerable applications - Help Net Security
Enhancing security through proactive patch management - Help Net Security
Vulnerabilities
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)
VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard
Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week
Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)
Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week
Tools and Controls
Why cyber maturity assessment should become standard practice - Help Net Security
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
What Is A Cyber Incident Response Policy? - Security Boulevard
Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The critical role of DNS in cyber security and digital thriving | TechRadar
What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard
How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 October 2022
Black Arrow Cyber Threat Briefing 07 October 2022:
-Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
-Former Uber Security Chief Convicted of Covering Up Data Breach
-First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
-Email Defences Under Siege: Phishing Attacks Dramatically Improve
-Remote Services Are Becoming an Attractive Target for Ransomware
-Growing Reliance on Cloud Brings New Security Challenges
-Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
-Ransomware Group Bypasses "Enormous" Range of EDR Tools
-MS Exchange Zero-Days: The Calm Before the Storm?
-Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
-Secureworks Finds Network Intruders See Little Resistance
-Regulations, Laws and Accountability are Changing the Cyber Security Landscape
-This Year’s Biggest Cyber Threats
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”
“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.
The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.
However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.
Around 100 insurance syndicates operate at Lloyd's.
Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”
https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/
Former Uber Security Chief Convicted of Covering Up Data Breach
Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.
The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.
Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.
Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.
Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.
https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9
First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.
A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.
Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.
"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."
The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.
Email Defences Under Siege: Phishing Attacks Dramatically Improve
This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.
Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.
As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.
The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.
"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."
Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.
Remote Services Are Becoming an Attractive Target for Ransomware
Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.
A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.
In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.
Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.
All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.
https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware
Growing Reliance on Cloud Brings New Security Challenges
There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.
Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.
Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.
In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.
On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.
https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges
Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.
Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.
“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.
The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.
https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/
Ransomware Group Bypasses "Enormous" Range of EDR Tools
A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.
BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.
The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.
“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”
BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”
https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/
MS Exchange Zero-Days: The Calm Before the Storm?
Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.
The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.
Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.
The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”
Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub
https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/
Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.
For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.
One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.
Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.
“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”
https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/
Secureworks Finds Network Intruders See Little Resistance
Attackers who break into networks only need to take a few basic measures in order to avoid detection.
Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.
"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."
Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.
Regulations, Laws and Accountability are Changing the Cyber Security Landscape
As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.
Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.
The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.
In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.
One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.
In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?
This Year’s Biggest Cyber Threats
OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.
Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.
“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.
“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”
While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.
https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/
Threats
Ransomware and Extortion
Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert
Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET
Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)
BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)
Ransomware attacks ravage schools, municipal governments (techtarget.com)
More and more ransomware is just data theft, no encryption • The Register
Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)
Avast releases a free decryptor for some Hades ransomware variants - Security Affairs
Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)
How Ransomware Is Causing Chaos in American Schools (vice.com)
Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian
BEC – Business Email Compromise
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)
3 ways enterprises can mitigate social engineering risks - Help Net Security
Malware
OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert
This devious malware is able to disable your antivirus | TechRadar
Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)
Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs
Mobile
Internet of Things – IoT
7 IoT Devices That Make Security Pros Cringe (darkreading.com)
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)
Acronis founder is afraid of his own vacuum cleaner • The Register
Data Breaches/Leaks
“Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs
No Shangri-La for you: Top hotel chain confirms data leak • The Register
NSA: Someone hacked military contractor and stole data • The Register
City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)
Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com
Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)
2K warns users their info has been stolen following breach of its help desk | Ars Technica
Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)
Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Insider Risk and Insider Threats
Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)
Microsoft publishes report on holistic insider risk management - Microsoft Security Blog
Unearth offboarding risks before your employees say goodbye - Help Net Security
Splunk alleges source code theft by former employee • The Register
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)
Fraud, Scams & Financial Crime
Consumers Feel Hopeless in Protecting Themselves Against Cyber crime, ISACA Reports - MSSP Alert
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Russians dodging mobilization behind flourishing scam market (bleepingcomputer.com)
Scammers and rogue callers – can anything ever stop them? – Naked Security (sophos.com)
Online romance scam boss netted $9.5m, jailed for 25 years • The Register
Deepfakes
Supply Chain and Third Parties
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
Supply Chain Attack Targets Customer Engagement Firm Comm100 | SecurityWeek.Com
Denial of Service DoS/DDoS
Cloud/SaaS
Encryption
API
More Than 30% of All Malicious Attacks Target Shadow APIs (darkreading.com)
APIs are quickly becoming the most popular attack vector - Help Net Security
The Problem of API Security and How To Fix It (informationsecuritybuzz.com)
API authentication failures demonstrate the need for zero trust - Help Net Security
Shadow APIs hit with 5 billion malicious requests - Help Net Security
Open Source
When transparency is also obscurity: The conundrum that is open-source security - Help Net Security
How Secure is Using Open Source Components? - IT Security Guru
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft warns Basic Auth users over password spray attacks • The Register
Is mandatory password expiration helping or hurting your password security? - Help Net Security
Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog
Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year | WIRED
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Models, Frameworks and Standards
Secure Disposal
Backup and Recovery
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Relentless Russian Cyber attacks on Ukraine Raise Important Policy Questions (darkreading.com)
Finnish intelligence warns of Russia's cyber espionage activities - Security Affairs
Kazakhstan Pins Wave Of Cyber attacks On Foreign Actors | OilPrice.com
Albania weighed invoking NATO’s Article 5 over Iranian cyber attack - POLITICO
We breached Russian satellite network, say pro-Ukraine partisans | Cybernews
Ukrainian forces report Starlink outages during push against Russia | Financial Times (ft.com)
Report: Mexico Continued to Use Spyware Against Activists | SecurityWeek.Com
Nation State Actors
Nation State Actors – China
US authorities name China's 20 favourite vulns to exploit • The Register
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
Nation State Actors – North Korea
Vulnerabilities
Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com)
Atlassian, Microsoft bugs make CISA’s must-patch list • The Register
US authorities name China's 20 favourite vulns to exploit • The Register
October 2022 Patch Tuesday forecast: Looking for treats, not more tricks - Help Net Security
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (bleepingcomputer.com)
CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability | SecurityWeek.Com
No fix in sight for mile-wide loophole plaguing a key Windows defence for years | Ars Technica
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (thehackernews.com)
Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs
Unpatched Zimbra flaw under attack is letting hackers backdoor servers | Ars Technica
macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks (darkreading.com)
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com)
VMware fixed a high-severity bug in vCenter Server - Security Affairs
Reports Published in the Last Week
Other News
Guilty verdict in the Uber breach case makes personal liability real for CISOs | CSO Online
Cyber attackers view smaller organisations as easier targets - Help Net Security
Moody's turns up the heat on 'riskiest' sectors for attacks • The Register
5 reasons why security operations are getting harder | CSO Online
Former NSA Employee Faces Death Penalty for Selling Secrets (darkreading.com)
Fast Company Is Back From the Dead After Being Hacked (gizmodo.com)
Ready Or Not, Web 3 Is Coming And With It Comes Cybersquatting 2.0 (informationsecuritybuzz.com)
Cyber Hygiene: 5 Best Practices for Company Buy-In (trendmicro.com)
School Is in Session: 5 Lessons for Future Cyber Security Pros (darkreading.com)
Want More Secure Software? Start Recognizing Security-Skilled Developers (thehackernews.com)
Incident responders increasingly seek out mental health assistance - Help Net Security
You Are Not Alone If You're Unclear About Extended Detection and Response (XDR) - MSSP Alert
Why digital trust is the bedrock of business relationships - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 May 2022
Black Arrow Cyber Threat Briefing 13 May 2022
-UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks
-Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk
-You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius
-Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat
-Most Organisations Hit by Ransomware Would Pay Up If Hit Again
-31,000 FTSE 100 Logins Found on Dark Web
-Ransomware: How Executives Should Prepare Given the Current Threat Landscape
-What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness
-NCSC Shut Down 2.7 Million Scams in 2021
-Top 6 Security Threats Targeting Remote Workers
-Password Reuse Is Rampant Among Employees in All Sectors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks
The Five Eyes coalition of international cyber security authorities, this week issued an advisory to warn managed service providers (MSPs), including external IT providers, of an escalating threat of attack from both everyday cyber criminals and state-sponsored threat actors.
MSPs provide or operate information and communications technology services.
With input from cyber security leaders from Australia, Canada, New Zealand, the UK and the US, the NSA provided recommendations to help bolster their cyber defences, including:
Finding and disabling dormant accounts.
Implementing and enforcing multifactor authentication on accounts.
Ensuring contracts clearly map out who owns and is responsible for securing data.
Malicious actors are targeting MSPs to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes authorities have formally warned in a joint security alert.
"The UK, Australian, Canadian, New Zealand, and US cyber security authorities expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the alert warned.
These types of supply-chain or "island-hopping" attacks can prove very lucrative for cyber criminals because once they break into an MSP, they gain access to all of the customers' networks and data being managed, and in turn commit computer crimes and fraud against those customers' customers.
Wannacry – 5 Years On, 68% Of Enterprises Are Still at Risk
5 years on from one of the world’s most damaging ransomware attacks, research from network detection and response leader ExtraHop has found that 68% of enterprises are still running insecure protocol that were exploited by the North Korean ransomware.
The events of 12 May 2017 live on in cyber security lore. WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale – from downtime to ransom paid to reputational damage. Yet despite the danger, huge numbers of organisations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.
You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius
Given it is impossible to prevent all cyber attacks, many organisations should look to reduce the size of the company’s attack surface and the limit the “blast radius” of a potential attack.
There is a danger that the biggest risk concerning cyber attacks is that we’re becoming desensitised to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like efforts to safeguard the enterprise are futile. But that’s all the more reason to strengthen your resolve—and switch up your cyber defence strategy.
The core of this strategy should be the concept of “reducing the blast radius” of an attack, and since you can’t completely eliminate cyber attacks, you need to take steps to contain the impact.
This strategy should contain basic blocking and also consider things such as Zero Trust for remote access, traffic inspection, software-based micro-segmentation and other practical measures to reduce your attack surface.
https://threatpost.com/cyberattacks-blast-radius/179612/
Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat
Boardrooms have a reputation for not paying much attention to cyber security, but it could be that executives are finally keen to take more interest in securing the systems and networks their businesses rely on.
Senior figures from American, British and Australian cyber security agencies have said that business execs are now more aware of cyber threats and are actively engaging with their chief information security officer (CISO) and information security teams.
Chief execs are starting to ask their CISOs the right questions, rather than leaving them to it because they don't have to understand complex technology. It does feel like a much more engaging strategic conversation, but there can still be a disconnect between knowing what needs to happen, then actually budgeting for and implementing a cyber security strategy.
https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/
Most Organisations Hit by Ransomware Would Pay Up If Hit Again
Almost nine in 10 organisations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.
The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.
The report is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.
Kaspersky claims that in 88 percent of organisations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.
https://www.theregister.com/2022/05/13/organizations_pay_ransomware/
31,000 FTSE 100 Logins Found on Dark Web
Researchers with Outpost24 are reporting over 31,000 corporate credentials for many of the UK’s leading FTSE 100 firms on the dark web. These are the 100 biggest companies listed on the London Stock Exchange by market capitalisation. The researchers used their threat monitoring and auditing tool Blueliv to search dark web sites for the breached credentials.
Key findings from stolen and leaked credentials study:
The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
31,135 total stolen and leaked credentials detected for FTSE 100 companies, with 38% disclosed on the underground in the past 12 months
Nearly half (42%) of FTSE 100 companies have more than 500 compromised credentials exposed on the dark web
Up to 20% of credentials are stolen via malware infection and stealers
11% disclosed in the last 3 months (21% in the last 6 months and over 68% have been exposed for over 12 months)
Over 60% of stolen credentials came from 3 industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%)
IT/Telecoms industry is the most at risk with the highest total amount (7,303) and average stolen credentials per company (730), they are most affected by malware infection and have the most amount of stolen credentials disclosed in the last 3 months
On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they found themselves increasingly in the cyber criminals’ crosshairs since the pandemic.
https://informationsecuritybuzz.com/expert-comments/31000-ftse-100-logins-found-on-dark-web/
Ransomware: How Executives Should Prepare Given the Current Threat Landscape
As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive.
Top executives are increasingly dreading the phone call from their fellow employee notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organisation has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. A recent survey showed that 37 percent of organisations surveyed had been affected by ransomware attacks in the last year.
Worse, the days when executive leadership teams could fully delegate responsibility to a CISO are over. Regardless of reality, surveys have shown that about 40 percent of the public perception of fault for a ransomware attack lands squarely on the CEO’s shoulders, and that 36 percent of attacks result in the loss of C-level talent. While executive involvement in the security program does not guarantee a successful defence, it does give the executive leadership team (ELT) a degree of ownership of the final product, as well as the ability to speak confidently and knowledgeably to the public.
What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness
The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.
If it’s the time of year for you to fill out the annual cyber insurance policy application, you will see how the focus for insurance firms is changing. Each year you can get an insight into what insurance vendors are using to rate the risks and threats to your business and what they are stressing firms should have in place as best practice or what they are expecting you should have in place as a baseline set of controls. Not having them in place could affect insurance rates, whether you are able to get cyber coverage at all, or crucially whether they would pay out in the event of you having to make a claim.
This year you might find more questions specifically around ransomware prevention techniques and protections, from Multi Factor Authentication (MFA) to Endpoint Detection and Response (EDR), and email filtering protections to the robustness of your backups.
Make sure to review your cyber insurance policy and its related questionnaire. And ask whether you are doing everything you can to protect your firm and tailoring your actions to align with what your insurance provider has deemed as a best practice.
NCSC Shut Down 2.7 Million Scams in 2021
The UK National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed this week, four times as many scams compared to 2020.
The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative at the CYBERUK summit earlier in the week.
According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails.
It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular.
Some cyber criminals even posed as NCSC CEO Lindy Cameron – victims received an email claiming the NCSC had prevented £5m of their money from being stolen, and were urged to supply personal information to retrieve the funds.
https://www.itsecurityguru.org/2022/05/10/ncsc-shut-down-2-7-million-scams-in-2021/
Security Threats Targeting Remote Workers
Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.
Being on a home network lacks the layered network security of the company environment. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office.
Not all security threats are the fault of technology. Much of it also comes from human error.
Remote work greatly exacerbates human-activated risk, and people are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack.
Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.
https://www.darkreading.com/endpoint/top-6-security-threats-targeting-remote-workers
Password Reuse Is Rampant Among Employees in All Sectors
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications.
Drawing on a database of over 200 billion recaptured assets, researchers identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26% increase from last year’s analysis.
Analysis of this data showed a 64% password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices –– all sources of cyber risk for both employers and consumers who rely on businesses to safeguard their personal data. With remote work blurring the lines between work and personal device use, a larger attack surface compounds the risk of cyber attacks proliferating beyond compromised employee and consumer identities to penetrate corporate networks.
https://www.helpnetsecurity.com/2022/05/11/fortune-1000-identity-exposure/
Threats
Ransomware
Costa Rica Shows the Damage Ransomware Can Do to a Country - The Washington Post
Ransomware Works Fast, You Need to Be Faster To Counter It - Help Net Security
A Closer Look At Today’s Ransomware Attack Landscape - MSSP Alert
Ransomware Is a National Security Threat, So Please Tell Us About Attacks, Says Government | ZDNet
5 Years That Altered the Ransomware Landscape (darkreading.com)
Colonial Pipeline Faces Nearly $1m Fine After Ransomware • The Register
These Ransomware Attackers Sent Their Ransom Note to The Victim's Printer | ZDNet
New Malware Samples Indicate Return of REvil Ransomware | SecurityWeek.Com
How to Avoid Falling Victim to PayOrGrief's Next Rebrand (darkreading.com)
Examining the Black Basta Ransomware’s Infection Routine (trendmicro.com)
Phishing & Email Based Attacks
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters | Threatpost
New Email Security Tool Launched to Help Organisations Check Their Defences - NCSC.GOV.UK
Malware
Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks | Threatpost
Low-rent Remote Access Trojan (RAT) Worries Researchers | Threatpost
Eternity Malware Kit Offers Stealer, Miner, Worm, Ransomware Tools (bleepingcomputer.com)
It costs $7 to Rent DCRat Malware to Backdoor Your Network • The Register
Shopping For Malware: $260 Gets You a Password Stealer... • The Register
Microsoft: Sysrv Botnet Targets Windows, Linux Servers with New Exploits (bleepingcomputer.com)
Google Drive Emerges as Top App For Malware Downloads - Help Net Security
Stealthy Linux Implant BPFdoor Compromised Organizations Globally For Years | CSO Online
Malware Attacks Getting More Regional, Claims Netskope • The Register
5-Buck DCRat Malware Foretells a Worrying Cyber Future (darkreading.com)
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service | Threatpost
German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)
Data Breaches/Leaks
PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram - Information Security Buzz
Victims of Horizon Actuarial Data Breach Exceed 1M (techtarget.com)
Organised Crime & Criminal Actors
Crypto Robber Who Lured Victims Via Snapchat and Stole £34,000 Jailed (bleepingcomputer.com)
Crook Jailed for Selling Stolen Credentials On Dark Web • The Register
US Agrees to International Electronic Cyber Crime Evidence Swap (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
NFTs Emerge as the Next Enterprise Attack Vector (darkreading.com)
Fake Binance NFT Mystery Box Bots Steal Victim's Crypto Wallets (bleepingcomputer.com)
Possible $1 Billion Crypto Ponzi Scheme Probed by Tax Investigators - Bloomberg
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
How Can Your Business Defend Itself Against Fraud-as-a-Service? (darkreading.com)
Scammers Impersonate Britain’s Top Cyber Crime Chief in Fake £5m Heist (telegraph.co.uk)
Caramel Credit Card Stealing Service Is Growing in Popularity (bleepingcomputer.com)
Hackers Are Exploiting WordPress Themes, Plugins to Hawk Scams (gizmodo.com)
Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (thehackernews.com)
Insurance
Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage (tripwire.com)
How Cyber Liability Insurance Can Help Protect Your Business Reputation - MSSP Alert
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cloud
Open Source
Travel
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Wars Start in Cyberspace Well Before Shots Are Fired • The Register
#CYBERUK22: Cyber Trends from the Russia-Ukraine War - Infosecurity Magazine
US Pledges to Help Ukraine Keep the Internet and Lights On (darkreading.com)
Spain’s Spy Chief Sacked Over Pegasus Scandal - Infosecurity Magazine
OpRussia Update: Anonymous Breached Other Organizations - Security Affairs
Pro-Russian Hacktivists Target Italy Government Websites - Security Affairs
Nation State Actors
Nation State Actors – Russia
Russian Hackers Targeting Opponents Of Ukraine Invasion, Warns GCHQ Chief | Hacking | The Guardian
Western Intelligence Blames Russia for Europe-Wide Cyber Attack - Infosecurity Magazine
State Department Says Russian Cyber War Against Ukraine Began in January | The Independent
Ukraine War: Don’t Underestimate Russia Cyber-Threat, Warns US - BBC News
Nation State Actors – China
Experts Uncovered a New Wave Of Attacks Conducted By Mustang Panda - Security Affairs
China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert
Nation State Actors – Iran
Vulnerability Management
Vulnerabilities
Critical F5 BIG-IP Vulnerability Exploited to Wipe Devices (bleepingcomputer.com)
Adobe Warns of 'Critical' Security Flaws in Enterprise Products | SecurityWeek.Com
Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (darkreading.com)
Intel Emits Raft of Firmware Patches For Security Flaws • The Register
Actively Exploited Zero-Day Bug Patched by Microsoft | Threatpost
HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models (bleepingcomputer.com)
Zyxel Fixes Firewall Flaws That Could Lead to Hacked Networks (bleepingcomputer.com)
Microsoft Releases Fixes for Azure Flaw Allowing RCE Attacks (bleepingcomputer.com)
Researchers Find Flaws in Word, PDF Script Handling • The Register
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (thehackernews.com)
Microsoft: May Windows Updates Cause AD Authentication Failures (bleepingcomputer.com)
Sector Specific
Health/Medical/Pharma Sector
Ransomware Group Strikes Second US Health Care System in The Last Two Months - CyberScoop
Is That Health App Safe to Use? A New Framework Aims To Provide An Answer - Help Net Security
Manufacturing
German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)
China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert
Education and Academia
Reports Published in the Last Week
Other News
An Offensive Mindset Is Crucial for Effective Cyber Defence - Help Net Security
Zero-Click Attacks Explained, And Why They Are So Dangerous | CSO Online
Britain Must Upgrade Cyber Defences ‘Or Be Hit By 9/11-Style Attack’ (telegraph.co.uk)
Everything We Learned From the LAPSUS$ Attacks (thehackernews.com)
Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes (darkreading.com)
Prepare for What You Wish For: More CISOs on Boards | SecurityWeek.Com
Ready, IAM, Fire: How Weak Identity and Access Management (IAM) Makes You a Target (darkreading.com)
How Privileged Access Management (PAM) Must Evolve - MSSP Alert
Secure Your CMS-Based Websites Against Pervasive Attacks - Help Net Security
Threats To Hardware Security Are Growing - Help Net Security
Government’s “Whole of Society” Cyber Strategy Takes Shape - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.