Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 08 September 2023

Black Arrow Cyber Threat Intelligence Briefing 08 September 2023:

-More Than Half of UK Organisations Know They Aren’t Well Protected

-Generative AI Considered a Security Risk by 60% of Board Members: How Organisations Can Prepare

-Businesses Ignore Incident Response at Their Peril

-Blame Culture: An Organisation’s Ticking Time Bomb

-Spend to Save: CFO’s and Cyber Security Investment

-Cyber Security Tools Are New Targets for Attackers, including Nation-State Actors

-Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

-Common Tactics Used by Threat Actors to Weaponise PDFs

-Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

-Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

-71% of Organisations are Impacted by Cyber Security Skills Shortage

-Multiple Schools Hit by Cyber Attacks Before Term Begins

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]



Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

BYOD

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Misinformation, Disinformation and Propaganda


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc Nation State/Cyber Warfare


Vulnerability Management

Vulnerabilities




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 May 2023

Black Arrow Cyber Threat Briefing 12 May 2023:

-79% of Cyber Pros Make Decisions Without Threat Intelligence

-61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

-Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

-Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

-AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

-Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

-Majority of US, UK CISOs Unable to Protect Company 'Secrets'

-Company Executives Can’t Afford to Ignore Cyber Security Anymore

-BEC Campaign via Israel Spotted Targeting Multinational Companies

-CISOs Worried About Personal Liability for Breaches

-UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

-Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

  • 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

  • Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

  • Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

  • AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

  • Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

  • Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

  • Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

  • BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

  • CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

  • UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

  • Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Asset Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence



Nation State Actors



Tools and Controls




Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 24 March 2023

Black Arrow Cyber Threat Briefing 24 March 2023:

-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority

-IT Security Spending to Reach Nearly $300 Billion by 2026

-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

-Board Cyber Shortage: Don’t Get Caught Swimming Naked

-Should Your Organisation Be Worried About Insider Threats?

-UK Ransomware Incident Volumes Surge 17% in 2022

-Financial Industry Hit by Rising Ransomware Attacks and BEC

-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

-Security Researchers Spot $36m BEC Attack

-New Victims Come Forward After Mass Ransomware Attack

-Ransomware Gangs’ Harassment of Victims is Increasing

-Wartime Hacktivism is Spilling Over Into the Financial Services Industry

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

  • Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

  • IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

  • 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

  • Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

  • Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

  • UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

  • Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

  • 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

  • Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

  • New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

  • Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

  • Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence


Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors


Vulnerability Management

Vulnerabilities





Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 January 2023

Black Arrow Cyber Threat Briefing 20 January 2023:

-Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

-Cost of Data Breaches to Global Businesses at Five-Year High

-European Data Protection Authorities Issue Record €2.92 Billion In GDPR Fines, an Increase of 168%

-PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

-Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

-Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

-EU Cyber Resilience Regulation Could Translate into Millions in Fines

-Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

-New Report Reveals CISOs Rising Influence

-ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

-Mailchimp Discloses a New Security Breach, the Second One in 6 Months

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Experts at Davos 2023 Call for a Global Response to the Gathering 'Cyber Storm'

As economic and geopolitical instability spills into the new year, experts predict that 2023 will be a consequential year for cyber security. The developments, they say, will include an expanded threat landscape and increasingly sophisticated cyber attacks.

"There's a gathering cyber storm," Sadie Creese, a Professor of Cyber Security at the University of Oxford, said during an interview at the World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. "This storm is brewing, and it's really hard to anticipate just how bad that will be."

Already, cyber attacks such as phishing, ransomware and distributed denial-of-service (DDoS) attacks are on the rise. Cloudflare, a major US cyber security firm that provides protection services for over 30% of Fortune 500 companies, found that DDoS attacks—which entail overwhelming a server with a flood of traffic to disrupt a network or webpage—increased last year by 79% year-over-year.

"There's been an enormous amount of insecurity around the world," Matthew Prince, the CEO of Cloudflare, stated during the Annual Meeting. "I think 2023 is going to be a busy year in terms of cyber attacks."

https://www.weforum.org/agenda/2023/01/cybersecurity-storm-2023-experts-davos23/

  • Cost of Data Breaches to Global Businesses at Five-Year High

Research from business insurer Hiscox shows that the cost of dealing with cyber events for businesses has more than tripled since 2018. The study, which collated data from the organisation’s previous five annual Cyber Readiness reports, has revealed that:

  • Since 2018 the median IT budgets for cyber security more than tripled.

  • Between 2020 and 2022 cyber-attacks increased by over a quarter.

  • Businesses are increasing their cyber security budgets year-on-year.

In the Hiscox 2022 Cyber Readiness report, the financial toll of cyber incidents, including data breaches, was estimated to be $16,950 (£15,265) on average. As the cost of cyber crime grew, so did organisations’ cyber security budgets – average spending on cyber security tripled from 2018 to 2022, rocketing from $1,470,196 (£1,323,973) to $5,235,162 (£4,714,482).

Hiscox has also revealed that half of all companies surveyed suffered at least one cyber attack in 2022, up 11% from 2020. Financial Services, as well as Technology, Media and Telecom (TMT) sectors even reported a minimum of one attack for three consecutive years. Financial Services firms, however, seemed to be hit the hardest, with 66% reporting being impacted by cyber attacks in 2021-2022.

Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realisation by businesses that the impact can be just as severe.

https://www.itsecurityguru.org/2023/01/18/cost-of-data-breaches-to-global-businesses-at-five-year-high/

  • European Data Protection Authorities Issue Record €2.92 Billion in GDPR Fines, an Increase of 168%

European data regulators issued a record €2.92 billion in fines last year, a 168% increase from 2021. That’s according to the latest GDPR and Data Breach survey from international law firm DLA Piper, which covers all 27 Member States of the European Union, plus the UK, Norway, Iceland, and Liechtenstein. This year’s biggest fine of €405 million was imposed by the Irish Data Protection Commissioner (DPC) against Meta Platforms Ireland Limited relating to Instagram for alleged failures to protect children’s personal data. The Irish DPC also fined Meta €265 million for failing to comply with the GDPR obligation for Data Protection by Design and Default. Both fines are currently under appeal.

Despite the overall increase in fines since January 28, 2022, the fine of €746 million that Luxembourg authorities levied against Amazon last year remains the biggest to be issued by an EU-based data regulator to date (though the retail giant is still believed to be appealing).

The report also revealed a notable increase in focus by supervisory authorities on the use of artificial intelligence (AI), while the volume of data breaches reported to regulators decreased slightly against the previous year’s total.

https://www.csoonline.com/article/3685789/european-data-protection-authorities-issue-record-2-92-billion-in-gdpr-fines.html#tk.rss_news

  • PayPal Accounts Breached in Large-Scale Credential Stuffing Attack

PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. This type of attack relies on an automated approach with bots running lists of credentials to "stuff" into login portals for various services. Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "password recycling."

PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorised third parties logged into the accounts with valid credentials. The electronic payments platform claims that this was not due to a breach on its systems and has no evidence that the user credentials were obtained directly from them.

According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

  • Royal Mail Boss to Face MPs’ Questions Over Russian Ransomware Attack

Royal Mail’s chief executive faced questions from MPs last week over the Russia-linked ransomware attack that caused international deliveries to grind to a halt.

Simon Thompson, chief executive of Royal Mail, was asked about the recent cyber attack when he appeared before the Commons Business Select Committee to discuss Royal Mail’s response to the cyber attack at the evidence session on Tuesday Jan 17.

A Royal Mail spokesman said: “Royal Mail has been subject to a cyber incident that is affecting our international export service. We are focused on restoring this service as soon as we are able.”

Royal Mail was forced to suspend all outbound international post after machines used for printing customs dockets were disabled by the Russia-linked Lockbit cyber crime gang. Lockbit’s attackers used ransomware, malicious software that scrambles vital computer files before the gang demands payment to unlock them again. The software also took over printers at Royal Mail’s international sorting offices and caused ransom notes to “spout” from them, according to reports.

Cyber security industry sources cautioned that while Lockbit is known to be Russian in origin, it is not known whether a stolen copy of the gang’s signature ransomware had been deployed by rival hackers.

https://www.telegraph.co.uk/business/2023/01/13/royal-mail-boss-face-mps-questions-russian-ransomware-attack/

  • Third-Party Risk Management: Why 2023 Could be the Perfect Time to Overhaul your TPRM Program

Ensuring risk caused by third parties does not occur to your organisation is becoming increasingly difficult. Every business outsources some aspects of its operations, and ensuring these external entities are a strength and not a weakness isn’t always a straightforward process.

In the coming years we’ll see organisations dedicate more time and resources to developing detailed standards and assessments for potential third-party vendors. Not only will this help to mitigate risk within their supply chain network, it will also provide better security.

As demand for third-party risk management (TPRM) grows, there are key reasons why we believe 2023 could be pivotal for the future of your organisation’s TPRM program, cyber risk being principal amongst them.

Forrester predicted that 60% of security incidents in 2022 would stem from third parties. In 2021 there was a 300% increase in supply chain attacks, a trend that has continued to increase over the past 12 months also. For example, Japanese car manufacturer Toyota was forced to completely shut down its operations due to a security breach with a third-party plastics supplier.

It’s not only the frequency of third-party attacks that has increased, but also the methods that cyber criminals are using are becoming increasingly sophisticated. For example, the SolarWinds cyber breach in 2020 was so advanced that Microsoft estimated it took over a thousand engineers to stop the impact of the attack.

As the sophistication and frequency of supply chain attacks increases, the impact they have on businesses reputations and valuations is also becoming apparent. There is a need for organisations to conduct thorough due diligence of the third parties they choose to work with, otherwise the consequences could be disastrous.

Remember always that cyber security should be a non-negotiable feature of all business transactions.

https://informationsecuritybuzz.com/third-party-risk-management-why-2023-could-be-the-perfect-time-to-overhaul-your-tprm-program/

  • EU Cyber Resilience Regulation Could Translate into Millions in Fines

The EU Commission’s Cyber Resilience Act (CRA) is intended to close the digital fragmentation problem surrounding devices and systems with network connections – from printers and routers to smart household appliances and industrial control systems. Industrial networks and critical infrastructures require special protection.

According to the European Union, there is currently a ransomware attack every eleven seconds. In the last few weeks alone, among others, a leading German children’s food manufacturer and a global Tier1 automotive supplier headquartered in Germany were hit, with the latter becoming the victim of a massive ransomware attack. Such an attack even led to insolvency at the German manufacturer Prophete in January 2023. To press manufacturers, distributors and importers into action, they face significant penalties if security vulnerabilities in devices are discovered and not properly reported and closed.

“The pressure on the industry – manufacturers, distributors and importers – is growing immensely. The EU will implement this regulation without compromise, even though there are still some work packages to be done, for example regarding local country authorities,” says Jan Wendenburg, CEO, ONEKEY.

The financial fines for affected manufacturers and distributors are therefore severe: up to 15 million euros or 2.5 percent of global annual revenues in the past fiscal year – the larger number counts. “This makes it absolutely clear: there will be substantial penalties on manufacturers if the requirements are not implemented,” Wendenburg continues.

Manufacturers, distributors and importers are required to notify ENISA – the European Union’s cyber security agency – within 24 hours if a security vulnerability in one of their products is exploited. Exceeding the notification deadlines is already subject to sanctions.

https://www.helpnetsecurity.com/2023/01/19/eu-cyber-resilience-regulation-fines/

  • Russian Hackers Try to Bypass ChatGPT's Restrictions for Malicious Purposes

Russian cyber-criminals have been observed on dark web forums trying to bypass OpenAI’s API restrictions to gain access to the ChatGPT chatbot for nefarious purposes.

Various individuals have been observed, for instance, discussing how to use stolen payment cards to pay for upgraded users on OpenAI (thus circumventing the limitations of free accounts). Others have created blog posts on how to bypass the geo controls of OpenAI, and others still have created tutorials explaining how to use semi-legal online SMS services to register to ChatGPT.

“Generally, there are a lot of tutorials in Russian semi-legal online SMS services on how to use it to register to ChatGPT, and we have examples that it is already being used,” wrote Check Point Research (CPR). “It is not extremely difficult to bypass OpenAI’s restricting measures for specific countries to access ChatGPT,” said Check Point. “Right now, we are seeing Russian hackers already discussing and checking how to get past the geofencing to use ChatGPT for their malicious purposes.”

They added that they believe these hackers are most likely trying to implement and test ChatGPT in their day-to-day criminal operations. “Cyber-criminals are growing more and more interested in ChatGPT because the AI technology behind it can make a hacker more cost-efficient,” they explained.

Case in point, just last week, Check Point Research published a separate advisory highlighting how threat actors had already created malicious tools using ChatGPT. These included infostealers, multi-layer encryption tools and dark web marketplace scripts.

More generally, the cyber security firm is not the only one believing ChatGPT could democratise cyber crime, with various experts warning that the AI bot could be used by potential cyber-criminals to teach them how to create attacks and even write ransomware.

https://www.infosecurity-magazine.com/news/russian-hackers-to-bypass-chatgpt/

  • New Report Reveals CISOs Rising Influence

Cyber security firm Coalfire this week unveiled its second annual State of CISO Influence report, which explores the expanding influence of Chief Information Security Officers (CISOs) and other security leaders.

The report revealed that the CISO role is maturing quickly, and the position is experiencing more equity in the boardroom. In the last year alone, there was a 10-point uptick in CISOs doing monthly reporting to the board. These positive outcomes likely stem from the increasingly metrics-driven reporting CISOs provide, where data is more effectively leveraged to connect security outcomes to business objectives.

An especially promising development in this year's report is how security teams are being looped into corporate projects. Of the security leaders surveyed, 78% say they are consulted early in project development when business objectives are first identified, and two-thirds are now making presentations to the highest levels of enterprise authority. 56% of CISOs present security metrics to their CEOs, up from 43% in 2021.

Cloud migration was universally identified as one of those top business objectives. The move to the cloud saddles CISOs with many challenges. The top priorities listed by CISOs include dealing with an expanding attack surface, staffing, and new compliance requirements — all within constrained budgets. In fact, 43% of security leaders said their budgets remained static or were reduced following business migration to the cloud.

Given these challenges, leading CISOs are transforming their approaches. To address multiple cloud compliance requirements, security leaders are focusing on the most onerous set of rules and creating separate environments for different requirements. Risk assessments were identified as the key tool used to secure funding for these and other cyber initiatives and to set top priorities.

"Costs and risks are up, while at the same time, cyber budgets are trending flat or down," said Colefire. "Cyber security has historically been lower in priority for organisations, but we are witnessing a big shift in enterprise cyber expectations. CISOs are rising to meet those expectations, speaking to the business, and as a result, solidifying their role in the C-suite."

https://www.darkreading.com/threat-intelligence/new-coalfire-report-reveals-cisos-rising-influence

  • ChatGPT and its Perilous Use as a "Force Multiplier" for Cyber Attacks

As a form of OpenAI technology, ChatGPT has the ability to mimic natural language and human interaction with remarkable efficiency. However, from a cyber security perspective, this also means it can be used in a variety of ways to lower the bar for threat actors.

One key method is the ability for ChatGPT to draft cunning phishing emails en masse. By feeding ChatGPT with minimal information, it can create content and entire emails that will lure unsuspecting victims to provide their passwords. With the right API setup, thousands of unique, tailored, and sophisticated phishing emails can be sent almost simultaneously.

Another interesting capability of ChatGPT is the ability to write malicious code. While OpenAI has put some controls in place to prevent ChatGPT from creating malware, it is possible to convince ChatGPT to create ransomware and other forms of malware as code that can be copied and pasted into an integrated development environment (IDE) and used to compile actual malware. ChatGPT can also be used to identify vulnerabilities in code segments and reverse engineer applications.

ChatGPT will expedite a trend that is already wreaking havoc across sectors – lowering the bar for less sophisticated threat actors, enabling them to conduct attacks while evading security controls and bypassing advanced detection mechanisms. And currently, there is not much that organisations can do about it. ChatGPT represents a technological marvel that will usher in a new era, not just for the cyber security space.

https://www.calcalistech.com/ctechnews/article/sj0lfp11oi

  • Mailchimp Discloses a New Security Breach, the Second One in 6 Months

The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company; the incident exposed the data of 133 customers.

Threat actors targeted the company’s employees and contractors to gain access to an internal support and account admin tool.

“On January 11, the Mailchimp Security team identified an unauthorised actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration. The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors, and obtained access to select Mailchimp accounts using employee credentials compromised in that attack.” reads the notice published by the company. “Based on our investigation to date, this targeted incident has been limited to 133 Mailchimp accounts.”

The malicious activity was discovered on January 11, 2023; in response to the intrusion the company temporarily suspended access for impacted accounts. The company also notified the primary contacts for all affected accounts less than 24 hours after the initial discovery.

https://securityaffairs.com/140997/data-breach/mailchimp-security-breach.html


Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Fraud, Scams & Financial Crime

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Hybrid/Remote Working

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine


Nation State Actors

Nation State Actors – Russia

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc


Vulnerability Management

Vulnerabilities



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 September 2021

Black Arrow Cyber Threat Briefing 10 September 2021

-91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

-Ransomware Attacks Increased Exponentially In 2021

-One In Three Suspect Phishing Emails Reported By Employees Really Are Malicious

-Hackers Shift From Malware To Credential Hijacking

-Attacker Breakout Time Now Less Than 30 Minutes

-Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

-The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

-Hackers Exploit Camera Vulnerabilities To Spy On Parents

-39% Of All Internet Traffic Is From Bad Bots

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.


Top Cyber Stories of the Last Week

91% Of IT Teams Have Felt 'Forced' To Trade Security For Business Operations

A new survey suggests that most IT staff have felt pressured to ignore security concerns in favour of business operations. On Thursday, a new study report was released, which combines data from an online YouGov survey targeting office workers that adopted WFH and global research conducted with IT decision-makers. In total, 91% of those surveyed said that they have felt "pressured" to compromise security due to the need for business continuity during the COVID-19 pandemic. 76% of respondents said that security had taken a backseat, and furthermore, 83% believe that working from home has created a "ticking time bomb" for corporate security incidents. https://www.zdnet.com/article/91-of-it-teams-have-felt-forced-to-trade-security-for-business-operations/

Ransomware Attacks Increased Exponentially In 2021

The growing threat of ransomware has been highlighted by NCC Group's Research Intelligence and Fusion Team (RIFT) analysis. Between January-March 2021 and April-June 2021, the number of ransomware assaults studied by the team climbed by 288%, indicating that enterprises are still facing waves of digital extortion in the form of targeted ransomware. https://www.ehackingnews.com/2021/09/ransomware-attacks-increased.html

Phishing Attacks: One In Three Suspect Emails Reported By Employees Really Are Malicious

All the time spent ticking boxes in cyber security training sessions seems to be paying off after all: according to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".  Researchers analysed over 200,000 emails that were flagged by employees from organisations across the globe in the first half of 2021 and found that 33% of the reports could be classified as phishing. https://www.zdnet.com/article/phishing-attacks-one-in-three-suspect-emails-reported-by-employees-really-are-malicious/

Hackers Shift From Malware To Credential Hijacking

Adversaries are relying less on malware to conduct attacks that are consequently more difficult to detect, according to an annual report conducted by researchers. “According to data from our customer base indexed by Threat Graph, 68% of detections from the last three months were not malware-based,” reads the report released Wednesday. “Attackers are increasingly attempting to accomplish their objectives without writing malware to the endpoint, using legitimate credentials and built-in tools (living off the land)—which are deliberate efforts to evade detection by traditional antivirus products.” https://www.nextgov.com/cybersecurity/2021/09/report-hackers-shift-malware-credential-hacking/185209/

Attacker Breakout Time Now Less Than 30 Minutes

The average time it takes threat actors to move from initial access to lateral movement has fallen by 67% over the past year, putting extra pressure on security operations (SecOps) teams, according to researchers. The findings come from researchers own investigations with customers across around 248,000 unique global endpoints. For incidents where this “breakout time” could be derived over the past year, it averaged just 1 hour 32 minutes. However, in over a third (36%) of intrusions, adversaries managed to move laterally to additional hosts in under 30 minutes. https://www.infosecurity-magazine.com/news/attacker-breakout-time-now-less/

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday. https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html

53% Find It Difficult To Prevent An Insider Attack During Data Aggregation

Recent data from researchers found that 53% of companies find it impossible or very difficult to prevent an insider attack when data is being aggregated, a key indicator of intent of an attack. The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception. To fully understand any insider incident, visibility into the entire kill chain of an attack is imperative to preventing the exfiltration of critical data. https://venturebeat.com/2021/09/02/53-find-it-difficult-to-prevent-an-insider-attack-during-data-aggregation/

The Impact Of Ransomware On Cyber Insurance Driving The Need For Broader Cyber Security Knowledge

Not only have ransomware attacks spiked, the amount of ransom demanded has grown exponentially—to somewhere between $50 and $70 million dollars. Cyber Insurers can’t cover “whatever amount the hacker demands”—so major policies lost money. Insurers have responded by raising premiums, restricting coverage, or even getting out of the cyber-insurance game altogether in vulnerable markets. https://www.helpnetsecurity.com/2021/09/10/cyber-insurance-ransomware/

Hackers Exploit Camera Vulnerabilities To Spy On Parents

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were found in the IoT gadgets, made by China based developer Victure, that were found by researchers. In a security report, researchers revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. https://www.ehackingnews.com/2021/09/hackers-exploit-camera-vulnerabilities.html

39% Of All Internet Traffic Is From Bad Bots

Automated traffic takes up 64% of internet traffic – and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals.

These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots. These advanced bots try their best to evade standard defences and attempt to perform their malicious activities under the radar. The report revealed that the most common of these persistent bots were ones that went after e-commerce applications and login portals. https://www.helpnetsecurity.com/2021/09/07/bad-bots-internet-traffic/


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptojacking

Insider Threats

DoS/DDoS

Nation State Actors

Cloud

Privacy



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 20 August 2021

Black Arrow Cyber Threat Briefing 20 August 2021:

-Third of Global Companies Have Experienced Ransomware Attack, Survey Finds

-Company Size Is A Nonissue With Automated Cyberattack Tools

-60% Of Employees Reuse Passwords Across Business And Personal Accounts

-LockBit 2.0 Ransomware Proliferates Globally

-Secret Terrorist Watchlist With 2 Million Records Exposed Online

-Phishing Costs Quadruple Over 6 Years

-Security Teams Report Rise In Cyber Risk

-Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A Third of Global Companies Have Experienced Ransomware Attack, Survey Finds

Roughly a third of large international companies have faced a ransomware attack or other data breach in the last 12 months, according to a new survey.

Analysts surveyed almost 800 companies and found 37% of international companies experienced ransomware attacks this past year. The survey focused on companies with more than 500 employees.

https://www.vice.com/en/article/jg84q3/a-third-of-global-companies-have-experienced-ransomware-attack-survey-finds

Company Size Is A Nonissue With Automated Cyber Attack Tools

Even with plenty of old problems to contend with, firms need to get ready for new and more powerful automated ransomware tools.

Cyber criminals are constantly looking for the best return on their investment and solutions that lower the chance of being caught. Sadly, that appears to mean small businesses are their current target of opportunity.

Tech media and cyber pundits have been sounding the alarm and offering small businesses specific cybersecurity solutions for a few years now, but it seems to no avail.

https://www.techrepublic.com/article/company-size-is-a-nonissue-with-automated-cyberattack-tools/

Over 60% Of Employees Reuse Passwords Across Business And Personal Accounts

Nearly two thirds of employees are using personal passwords to protect corporate data, and vice versa, with even more business leaders concerned about this very issue. Surprisingly, 97% of employees know what constitutes a strong password, yet over half (53%) admit to not always using one.

http://hrnews.co.uk/over-60-of-employees-reuse-passwords-across-business-and-personal/

LockBit 2.0 Ransomware Proliferates Globally 

Fresh attacks target companies’ employees, promising millions of dollars in exchange for valid account credentials for initial access.

The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.

https://threatpost.com/lockbit-ransomware-proliferates-globally/168746/

Secret Terrorist Watchlist With 2 Million Records Exposed Online

A secret terrorist watchlist with 1.9 million records, including classified "no-fly" records was exposed on the internet.

The list was left accessible on an Elasticsearch cluster that had no password on it.

https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/

Phishing Costs Nearly Quadrupled Over 6 Years

Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not pay-outs to crooks.

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large US companies are now losing, on average, $14.8 million annually, or $1,500 per employee.

That’s up sharply from 2015’s figure of $3.8 million, according to a new study from Ponemon Institute that was sponsored by Proofpoint.

According to the study, released Tuesday, phishing leads to some of the costliest cyber attacks.

https://threatpost.com/phishing-costs-quadrupled/168716/

Security Teams Report Rise In Cyber Risk

A recent report shows declining confidence in many organisations’ security function to address today’s threats.

80% of respondents to the Trend Micro’s biannual Cyber Risk Index (CRI) report said they expect to experience a data breach that compromises customer data in the next 12 months.

The report surveyed more than 3,600 businesses of all sizes and industries across North America, Europe, Asia-Pacific, and Latin America for their thoughts on cyber risk. Despite an increased focus on security due to high-profile ransomware and other attacks in the past year, respondents reported a rise in risk due to inadequate security processes like backing up key assets.

Organisations are overwhelmed as they pivot from traditional to distributed networks. Pandemic-driven work-from-home growth is potentially how businesses will be run going forward. That distributed network means that it’s harder for IT staff to know what assets are under their control and what security controls should be in place. With the line blurring between corporate and personal assets, organizations are overwhelmed with the pace of change.

https://www.csoonline.com/article/3629477/security-teams-report-rise-in-cyber-risk.html

Organisations Aware Of The Importance Of Zero Trust, Yet Still Relying On Passwords

Organisations have become more security conscious over the course of the pandemic, leading them to invest heavily in zero trust, according to a new study.

The report surveyed over 600 global security leaders about their initiatives and found that remote work has led to a change in how organizations view the importance of zero trust, with financial services, healthcare organisations and the software industry seeing the most significant progress.

78% of companies globally say that zero trust has increased in priority and nearly 90% are currently working on a zero trust initiative, up from just 41% a year ago.

https://www.helpnetsecurity.com/2021/08/11/importance-of-zero-trust/

Reliance On Third Party Workers Making Companies More Vulnerable To Cyber Attacks

A new survey revealed 83% of respondents agree that because organisations increasingly rely on contractors, freelancers, and other third party workers, their data systems have become more vulnerable to cyber attacks.

Further, 88% of people say organisations and government entities must have better data security systems in place to protect them from the increase in third party remote attacks.

Recent high-profile breaches, including SolarWinds, Colonial Pipeline, and JBS Foods, have exposed how vulnerable organisations are to cyber crime and in particular ransomware attacks. Of note with recent attacks is how data breaches can quickly affect aspects of everyday life, such as the ability to fill a car with petrol or buy meat at the supermarket.

https://www.helpnetsecurity.com/2021/08/16/reliance-on-third-party-workers/

The Cyber Security Skills Gap Persists For The Fifth Year Running

Most organisations are still lacking talent, according to a new report, but experts think expanding the definition of a cybersecurity professional can help.

https://www.techrepublic.com/article/the-cybersecurity-skills-gap-persists-for-the-fifth-year-running/

T-Mobile Hack Is A Return To The Roots Of Cyber Crime

In the world of cyber crime, ransomware attacks might be the sophisticated bank heists. The hack of T-Mobile is more akin to smashing a window, grabbing merchandise, and running.

The attack that exposed the personal information of millions of T-Mobile customers spotlights a common type of cyber threat that can inflict significant damage to consumers, much like the recent rash of ransomware attacks hitting companies.

The breach exposed the data of more than 40 million people, T-Mobile confirmed Wednesday, including customer’s full names and driver’s license information. A hacker posted about the stolen information on a cyber crime forum late last week, offering to sell the information to buyers for the price of six bitcoin, or about $270,000.

This type of attack, in which hackers worm their way into companies’ systems, steal data and try to sell it online, has been a common tactic for years, cyber security experts say. Unlike the high-profile ransomware attacks that have disrupted fuel supplies, hospital systems and food production in recent months, these data exfiltration hacks do not lock down computer systems.

https://www.washingtonpost.com/technology/2021/08/19/tmobile-breach-data-hacks/

Phishing Attacks Increase In H1 2021, Sharp Jump In Crypto Attacks

The first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, a new report reveals. Notably, however, phishing volume in June dipped dramatically for the first time in six months, immediately following a very high-volume in May.

Bad actors continue to utilise phishing to fleece proprietary information, and are developing more sophisticated ways to do so based on growth in areas such as cryptocurrency and sites that use single-sign-on.

https://www.helpnetsecurity.com/2021/08/19/phishing-attacks-h1-2021/

Connected Devices Increasingly At Risk As New Ransomware Attacks Are Reported Almost Daily

A new report has shined a light on the state of connected devices. The number of agentless and un-agentable devices increased to 42% in this year’s report (compared to 32% of agentless or un-agentable devices in 2020). These devices include medical and manufacturing devices that are critical to business operations along with network devices, IP phones, video surveillance cameras and facility devices (such as badge readers) that are not designed with security in mind, cannot be patched, and cannot support endpoint security agents.

With almost half of devices in the network that are either agentless or un-agentable, organisations need to complement their endpoint security strategy with a network-based security approach to discover and secure these devices.

https://www.helpnetsecurity.com/2021/08/12/connected-devices-risks/

 


Threats

Ransomware

BEC

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches/Leaks

Dark Web

Supply Chain

DoS/DDoS

OT, ICS, IIoT and SCADA

Nation State Actors

Cloud



As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Urgent: We are receiving an increasing number of reports of email addresses ending in cwgsy.net sending phishing emails

Urgent: We are receiving an increasing number of reports of email addresses ending in cwgsy.net sending phishing emails. The most likely cause of this is unauthorised access to the mailbox using credentials harvested from other breaches.

Urgent: We are receiving an increasing number of reports of email addresses ending in cwgsy.net sending phishing emails. The most likely cause of this is unauthorised access to the mailbox using credentials harvested from previous phishing emails in which the victim has unwittingly provided their credentials.

Action: Change the password on your email account as soon as possible via the Sure web portal: https://webmail.sure.com/

Here is the body of the most common phishing email we’ve seen so far


Subject: Re: Important

I am sending this message from your email box xxx@cwgsy.net for you to know i watch you and see all you do

Hi xxx@cwgsy.net

I am a programmer and a Black Hat Hacker, I had hacked your PC over 6months ago. I kept saving informations you inputted on your device and also store them such as: browsing history, screen recordings, contacts, messages and much more.

I already wanted to forget you, but recently I saw something interesting on your system device .your business transactions and financial details, I have them written down on my notepad and this is very disatrous for you.

I am ready to forget about all this and completely stop accessing your computer and emails. I guarantee I will stop accesing your PC and delete all archives with them. After that I will leave and no longer bother you, but for that I want to have $500 worth of bitcoins in my wallet. You have 48 hours after reading this email. I still control your emails and computer - and I know when you open them and read them.

Don't try to change your email password, everything is under control. Do not try to contact me and answer this letter. I sent it to you from your email address. Take a look at the sender, you will see that I have complete control over your email and your computer.

Bitcoin wallet address:

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

If you do not know how to buy bitcoins, you can find information on how to buy bitcoins online. If you need help, you can read several articles about it.

I look forward to your actions. If you don't need this data online and with all your friends, send $500 to my wallet ASAP. After that I will erase all data and disappear from your life.

Do not be offended by me. If you pay, nothing happens

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 May 2021

Black Arrow Cyber Threat Briefing 28 May 2021: Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise; Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack; The 10 Most Dangerous Cyber Threat Actors; Dramatic Increase In Ransomware Attacks Is Causing Harm On A Significant Scale; Deepfakes Could Be The Next Big Security Threat To Businesses; Two-Thirds Of Organisations Say They'll Take Action To Boost Their Ransomware Defences

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.



Top Cyber Stories of the Last Week

Cyber Insurance Firms Start Tapping Out As Ransomware Continues To Rise

In early May, global insurer AXA made a landmark policy decision: The company would stop reimbursing French companies for ransomware payments to cyber criminals. The decision, which reportedly came after French authorities questioned whether the practice had fuelled the current epidemic in ransomware attacks, may be just the beginning of a general retreat that will force companies to reconsider their attempts to outsource cyber-risk to insurance firms. Already, the massive damages from one damaging crypto worm, NotPetya, caused multiple lawsuits when insurers refused to pay out on cyber insurance claims.

https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109

Irish Health Service Faces Final Bill Of At Least €100M Following Cyber Attack

The cyber attack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients. Appointments for about 7,000 patients a day are being cancelled, almost two weeks after a criminal gang hacked the HSE systems. Mr Reid said the HSE was keen to see an independent and objective assessment of the cyber attack.

https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

Ransomware: Dramatic Increase In Attacks Is Causing Harm On A Significant Scale

A dramatic increase in the number of ransomware attacks and their severity is causing harm on a significant scale, the UK's National Crime Agency (NCA) has warned. The NCA's annual National Strategic Assessment (NSA) of Serious and Organised Crime details how the overall threat from cyber crime has increased during the past year, with more severe and high-profile attacks against victims. Ransomware attacks have grown in frequency and impact over the course of the last year, to such an extent that they rank alongside other major crimes "causing harm to our citizens and communities on a significant scale," warns the report.

https://www.zdnet.com/article/ransomware-dramatic-increase-in-attacks-is-causing-harm-on-a-significant-scale/

Deepfakes Could Be The Next Big Security Threat To Businesses

An overwhelming majority of businesses say that manipulated online content and media such as deepfakes are a serious security risk to their organisation. Deepfakes have already been shown to pose a threat to people portrayed in the manipulated videos, and could have serious repercussions when the individual holds a position of importance, be it as a leader of a country, or a leader of an enterprise. Earlier in 2021, the FBI’s cyber division warned that deepfakes are a critical emerging threat that can be used in all manners of social engineering attacks including ones aimed at businesses.

https://www.techradar.com/news/deepfakes-could-be-the-next-big-security-threat-to-businesses

Ransomware: Two-Thirds Of Organisations Say They'll Take Action To Boost Their Defences

The severe disruption caused by the Colonial Pipeline ransomware attack has alerted organisations to the need to bolster their defences against cyber attacks – and two-thirds are set to take actions required to prevent them becoming another ransomware victim following the incident. The ransomware attack against Colonial Pipeline – one of the largest pipeline operators in the United States, providing almost half of the East Coast's fuel – caused disruption to operations and led to gas shortages, demonstrating how cyber attacks can have physical consequences.

https://www.zdnet.com/article/ransomware-two-thirds-of-organisations-say-theyll-take-action-to-boost-their-defences/

The 10 Most Dangerous Cyber Threat Actors

When hacking began many decades ago, it was mostly the work of enthusiasts fuelled by their passion for learning everything they could about computers and networks. Today, nation-state actors are developing increasingly sophisticated cyber espionage tools, while cyber criminals are cashing in millions of dollars targeting everything from Fortune 500 companies to hospitals. Cyber attacks have never been more complex, more profitable, and perhaps even more baffling. At times, drawing clear lines between different kinds of activities is a challenging task. Nation-states sometimes partner with each other for a common goal, and sometimes they even appear to be working in tandem with cyber criminal gangs.

https://www.csoonline.com/article/3619011/the-10-most-dangerous-cyber-threat-actors.html

Cyber Security Leaders Lacking Basic Cyber Hygiene

Constella Intelligence released the results of a survey that unlocks the behaviours and tendencies that characterize how vigilant organisations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge. The findings from the survey, which polled over 100 global cyber security leaders, senior-level to C-suite, across all major industries, including financial services, technology, healthcare, retail, and telecommunications, revealed that 57% have suffered an account takeover (ATO) attack in their personal lives—most frequently through email (52%), followed by LinkedIn (31%) and Facebook (26%).

https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Watch Out: Crypto Jacking Is On The Rise Again

During the last year, though, malicious crypto mining has seen a resurgence, with NTT’s 2021 Global Threat Intelligence Report, published this month, revealing that crypto miners have now overtaken spyware as the world’s most common malware. Crypto miners, says NTT, made up 41% of all detected malware in 2020, and were most widely found in Europe, the Middle East, Africa, and the Americas. The most common coinminer variant was XMRig, which infects a user’s computer to mine Monero, accounting for 82% of all mining activity. Others included Crypto miner and XMR-Stack.

https://cybernews.com/security/watch-out-cryptojacking-is-on-the-rise-again/


Threats

Ransomware

Phishing

Other Social Engineering

Malware

Mobile

IOT

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

Cryptocurrency

Dark Web

OT, ICS, IIoT and SCADA

Nation State Actors

Privacy




As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 April 2021

Black Arrow Cyber Threat Briefing 30 April 2021: Ransomware Demands Up By 43% So Far In 2021, 61% Of Organisations Impacted By Ransomware In 2020 - Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief; Flubot Spyware Spreading Through Android Devices; Buying Cyber Insurance In 2021? Expect Greater Scrutiny, Higher Premiums

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.



Top Cyber Stories of the Last Week

Ransomware Demands Up By 43% So Far In 2021

The average demand for a digital extortion payment shot up in the first quarter of this year to $220,298, up 43% from the previous quarter. The median payment, too, jumped up 58% from $49,450 to $78,398. The majority of ransomware attacks in the first quarter also involved theft of corporate data, a continuation of a trend of ransomware actors increasingly relying on exfiltration and extortion demands. Seventy-seven percent of ransomware attacks included the threat to publish stolen data in the first quarter of this year, which is up 10%.

https://www.cyberscoop.com/ransomware-extortion-demands-increasing-coveware/

US Tech Pushes For Ransomware To Be Designated A National Security Threat

Big US tech companies and officials are urging governments to designate ransomware as a national security threat in a push to combat a hacking epidemic that has cost businesses tens of millions of dollars. Tech groups including Microsoft, Cisco and Amazon, cyber security companies such as FireEye and officials from the FBI and US Department of Justice have published a report calling for several measures to tackle the lucrative criminal enterprise.

https://www.ft.com/content/6e69efc8-66e2-4a1c-95d4-0a84d80091c7

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot”. The malware is delivered to targets through SMS texts and prompts them to install a “missed package delivery” app. Instead, it takes victims to a scam website where they download the “app” — which is just the spyware. Once installed, it then sets about gaining permissions, stealing banking information and credentials, lifting passwords stored on the device and squirreling away various pieces of personal information. It also sends out additional text messages to the infected device’s contact list, which allows it to “go viral” — like the flu.

https://threatpost.com/flubot-spyware-android-devices/165607/

Ransomware: Do Not Expect A Full Recovery, However Much You Pay

When it comes to all the various types of malware out there, none has ever dominated the headlines quite as much as ransomware. Sure, several individual malware outbreaks have turned into truly global stories over the years. The LoveBug mass-mailing virus of 2000 springs to mind, which blasted itself into hundreds of millions of mailboxes within a few days; so, does CodeRed in 2001, the truly fileless network worm that squeezed itself into a single network packet and spread worldwide literally within minutes.

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

61% Of Organisations Impacted By Ransomware In 2020

A full 79% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. Other insights include: 61% indicated they had been impacted by ransomware in 2020, a 20% increase over the number of companies reporting such disruption in last year’s report. Companies impacted by ransomware lost an average of six working days to system downtime, with 37% saying downtime lasted one week or more. 52% of ransomware victims paid threat actor ransom demands, but only 66% of those were able to recover their data. The remaining 34% never saw their data again, despite paying the ransom.

https://www.helpnetsecurity.com/2021/04/26/ransomware-2020/

SolarWinds Campaign Even Wider Than First Thought

A new analysis of the SolarWinds breach suggests that the attacker infrastructure behind the campaign is far larger than first believed. The catastrophic SolarWinds security incident involved the compromise of the IT software vendor's network and later the deployment of malicious SolarWinds Orion updates to clients that contained a backdoor called Sunburst. Now researchers have now uncovered eighteen additional command-and-control servers used in the SolarWinds hacking campaign, indicating that the operation was broader in scope than previously known.  The researchers found that this infrastructure was registered under varying names and at different times over several years to avoid establishing a traceable pattern.

https://www.cybersecurityintelligence.com/blog/solarwinds-campaign-even-wider-than-first-thought-5602.html

Buying Cyber Insurance In 2021? Expect Greater Scrutiny, Higher Premiums

Organisations will face significant challenges in purchasing, renewing, and benefitting from cyber insurance policies this year as various factors drive the sector towards a stricter, more specialized position, global specialists in law, risk, and cyber security predict. These include the continued evolution and impact of cyber threats throughout 2020 and the early months of 2021, chiefly in the form of ransomware attacks and wide-ranging supply chain security issues.

https://www.csoonline.com/article/3616595/buying-cyber-insurance-in-2021-expect-greater-scrutiny-higher-premiums-thanks-to-ransomware-supply.html

Ransomware Is Growing At An Alarming Rate, Warns GCHQ Chief

The scale and severity of ransomware is growing at an alarming rate as cyber criminals look to exploit poor cyber security to maximise profit, the director of GCHQ has warned. Organisations and their employees have been forced to adapt to different ways of working over the past year, with many now even more reliant on remote services and online collaboration platforms. But cyber-criminal gangs also represent a major threat and Fleming warned that ransomware represents a cyber security danger for organisations of all kinds.

https://www.zdnet.com/article/ransomware-is-growing-at-an-alarming-rate-warns-gchq-chief/


Threats

Ransomware

Phishing

Malware

Vulnerabilities

Data Breaches

Organised Crime & Criminal Actors

Supply Chain

Nation State Actors

 Reports Published in the Last Week

Other News


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More