Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber War in Ukraine, Ransomware Fears Drive 2022 Surge in Demand for Threat Intelligence Tools

Amid the heightened fear of ransomware in 2022, threat intelligence emerged as a core requirement of doing business in a world gone mad.

A sizable amount of interest in the historically tech-centric discipline was fuelled in part by fear of cyber attacks tied to the war between Russia and Ukraine. In one example, the Ukrainian government warned the world that the Russian military was planning for multi-pronged attacks targeting the energy sector. Other nation-state cyber attack operations also contributed to the demand, including one June 2022 incident were Iran’s Cobalt Mirage exploited PowerShell vulnerabilities to launch ransomware attacks.

And of course, headlines of data breaches tied to vulnerabilities that organisations did not even know existed within their networks caught the attention not just of security teams, but the C-Suite and corporate board. A misconfigured Microsoft server, for example, wound up exposing years of sensitive data for tens of thousands of its customers, including personally identifiable information, user data, product and project details and intellectual property.

Indeed, according to 183 security pros surveyed by CyberRisk Alliance Business Intelligence in June 2022, threat intelligence has become critical in arming their security operations centres (SOCs) and incident response teams with operational data to help them make timely, informed decisions to prevent system downtime, thwart the theft of confidential data, and protect intellectual property.

Threat intelligence has emerged as a useful tool for educating executives. Many also credited threat intelligence for helping them protect their company and customer data — and potentially saving their organisation's reputation.

https://www.scmagazine.com/resource/threat-intelligence/2022-year-in-review-threat-intelligence-tools

• Cyber Premiums Holding Firms to Ransom

Soaring premiums for cyber security insurance are leaving businesses struggling to pay other bills, a key industry player has warned.

Mactavish, which buys insurance policies on behalf of companies, said that more than half of big businesses that had bought cyber security insurance had been forced to make cuts elsewhere to pay for it.

In a survey of 200 companies with a turnover above £10 million, Mactavish found that businesses were reducing office costs and staff bonuses and were cutting other types of insurance to meet the higher payments.

Last month Marsh, an insurance broker, revealed that costs for cyber insurance had increased by an average of 66 per cent in the third quarter compared with last year.

Meanwhile, the risk to businesses from hackers continues to rise. A government report on digital threats, published this month, showed the proportion of businesses experiencing cyber security incidents at least monthly had increased from 53 per cent to 60 per cent in the past year. Uber, Cisco and InterContinental Hotels Group were among high-profile targets this year.

https://www.thetimes.co.uk/article/cyber-safety-premiums-hold-firms-to-ransom-tnrsz3vs2

• Ransomware Ecosystem Becoming More Diverse for 2023

The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratisation of ransomware is bad news for organisations because it also brought in a diversification of tactics, techniques, and procedures (TTPs), more indicators of compromise (IOCs) to track, and potentially more hurdles to jump through when trying to negotiate or pay ransoms.

Since 2019 the ransomware landscape has been dominated by big and professionalised ransomware operations that constantly made the news headlines and even looked for media attention to gain legitimacy with potential victims. We've seen ransomware groups with spokespeople who offered interviews to journalists or issued "press releases" on Twitter and their data leak websites in response to big breaches.

The DarkSide attack against Colonial Pipeline that led to a major fuel supply disruption along the US East Coast in 2021 highlighted the risk that ransomware attacks can have against critical infrastructure and led to increased efforts to combat this threat at the highest levels of government. This heightened attention from law enforcement made the owners of underground cyber crime forums reconsider their relationship with ransomware groups, with some forums banning the advertising of such threats. DarkSide ceased operations soon thereafter and was followed later in the year by REvil, also known as Sodinokibi, whose creators were indicted and one was even arrested. REvil was one of the most successful ransomware groups since 2019.

Russia's invasion of Ukraine in February 2022 quickly put a strain on the relationship between many ransomware groups who had members and affiliates in both Russia and Ukraine, or other former USSR countries. Some groups, such as Conti, rushed to take sides in the war, threatening to attack Western infrastructure in support of Russia. This was a departure from the usual business-like apolitical approach in which ransomware gangs had run their operations and drew criticism from other competing groups.

This was also followed by a leak of internal communications that exposed many of Conti's operational secrets and caused uneasiness with its affiliates. Following a major attack against the Costa Rican government the US State Department put up a reward of $10 million for information related to the identity or location of Conti's leaders, which likely contributed to the group's decision to shut down operations in May.

Conti's disappearance led to a drop in ransomware activity for a couple of months, but it didn't last long as the void was quickly filled by other groups, some of them newly set up and suspected to be the creation of former members of Conti, REvil and other groups that ceased operations over the past two years.

https://www.csoonline.com/article/3684248/ransomware-ecosystem-becoming-more-diverse-for-2023.html#tk.rss_news

• Attackers Evolve Strategies to Outmanoeuvre Security Teams

Attackers are expected to broaden their targeting strategy beyond regulated verticals such as financial services and healthcare. Large corporations (41%) will be the top targeted sector for cyber attacks in 2023, favoured over financial institutions (36%), government (14%), healthcare (9%), and education (8%), according to cyber security solution provider Titaniam.

The fast pace of change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers. To compete in the digital marketplace, large companies are adopting more cloud services, aggregating data, pushing code into production faster, and connecting applications and systems via APIs.

As a result, misconfigured services, unprotected databases, little-tested applications, and unknown and unsecured APIs abound, all of which can be exploited by attackers.

The top four threats in 2022 were malware (30%), ransomware and extortion (27%), insider threats (26%), and phishing (17%).

The study found that enterprises expected malware (40%) to be their biggest challenge in 2023, followed by insider threats (26%), ransomware and related extortion (21%), and phishing (16%).

Malware, however, has more enterprises worried for 2023 than it did for 2022. It is important to note that these threats can overlap, where insiders can have a hand in ransomware attacks, phishing can be a source of malware, etc.

Attackers are evolving their strategies to surprise and outmanoeuvre security teams, which have hardened ransomware defences and improved phishing detection. They’re using new malware, such as loaders, infostealers, and wipers to accelerate attacks, steal sensitive data and create mayhem.

They’re also buying and stealing employee credentials to walk in through the front door of corporate networks.

https://www.helpnetsecurity.com/2023/01/04/attackers-evolve-strategies-outmaneuver-security-teams/

• Building a Security-First Culture: The Key to Cyber Success

Everyone has heard a car alarm go off in the middle of the night, but how often does that notification actually lead to action? Most people will hear the alarm, glance in its direction and then hope the owner will quickly remedy the situation.

Cars alarms often fail because they go off too often, leading to apathy and annoyance instead of being a cause for emergency. For many, cyber security has also become this way. While we see an increase in the noise surrounding the need for organisations to improve the security skillset and knowledge base of employees, there continues to be little proactive action on this front. Most organisations only provide employees with elementary-grade security training, often during their initial onboarding process or as part of a standard training requirement.

At the same time, many organisations also make the grave mistake of leaving all of their security responsibilities and obligations in the hands of IT and security teams. Time and time again, this approach has proven to be highly ineffective, especially as cyber criminals refine their social engineering tactics and target user accounts to execute their attacks.

Alarmingly, recent research found that 30% of employees do not think that they play a role in maintaining their company’s cyber security posture. The same report also revealed that only 39% of employees say they are likely to report a security incident.

As traditional boundaries of access disintegrate and more employees obtain permissions to sensitive company data and systems to carry out their tasks, business leaders must change the mindset of their employees when it comes to the role they play in keeping the organisation safe from cyber crime. The key is developing an integrated cyber security strategy that incorporates all aspects—including all stakeholders—of the organisation. This should be a strategy that breaks down departmental barriers and creates a culture of security responsibility where every team member plays a part.

https://www.forbes.com/sites/forbestechcouncil/2023/01/03/building-a-security-first-culture-the-key-to-cyber-success/

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of Known Exploited Vulnerabilities Catalogue

Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalogue to help federal agencies and critical infrastructure organisations identify and remediate vulnerabilities that are actively being exploited. CISA added 548 new vulnerabilities to the catalogue across 58 updates from January to end of November 2022, according to cyber security solution provider Grey Noise in its first-ever "GreyNoise Mass Exploits Report."

Including the approximately 300 vulnerabilities added in November and December 2021, CISA listed approximately 850 vulnerabilities in the first year of the catalogue's existence.

Actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products accounted for over half of the updates to the KEV catalogue in 2022, Grey Noise found. Seventy-seven percent of the updates to the KEV catalogue were older vulnerabilities dating back to before 2022. Many of these vulnerabilities have been around for two decades.

Several of the vulnerabilities in the KEV catalogue are from products that have already entered end-of-life (EOL) and end-of-service-life (EOSL), according to an analysis by a team from cyber security solution provider Cyber Security Works. Even though Windows Server 2008 and Windows 7 are EOSL products, the KEV catalogue lists 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

Even though the catalogue was originally intended for critical infrastructure and public-sector organisations, it has become the authoritative source on which vulnerabilities are – or have been – exploited by attackers. This is key because the National Vulnerability Database (NVD) assigned Common Vulnerabilities and Exposures (CVE) identifiers for over 12,000 vulnerabilities in 2022, and it would be unwieldy for enterprise defenders to assess every single one to identify the ones relevant to their environments. Enterprise teams can use the catalogue's curated list of CVEs under active attack to create their priority lists.

https://www.darkreading.com/edge-threat-monitor/adobe-apple-cisco-microsoft-flaws-make-up-half-of-kev-catalog

• First LastPass, Now Slack and CircleCI. The Hacks Go On (and will likely worsen)

In the past week, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording—“security issue” and “security incident,” respectively—you'd be forgiven for thinking these events were minor.

The compromises—in Slack’s case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores—come two weeks after password manager LastPass disclosed its own security failure: the theft of customers’ password vaults containing sensitive data in both encrypted and clear text form. It’s not clear if all three breaches are related, but that’s certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. The company reported a “security incident” that prompted it to advise customers to rotate “all secrets” they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

CircleCI says it’s used by more than 1 million developers in support of 30,000 organisations and runs nearly 1 million daily jobs. The potential exposure of all those secrets—which could be login credentials, access tokens, and who knows what else—could prove disastrous for the security of the entire Internet.

It’s possible that some or all of these breaches are related. The Internet relies on a massive ecosystem of content delivery networks, authentication services, software development tool makers, and other companies. Threat actors frequently hack one company and use the data or access they obtain to breach that company's customers or partners. That was the case with the August breach of security provider Twilio. The same threat actor targeted 136 other companies. Something similar played out in the last days of 2020 when hackers compromised Solar Winds, gained control of its software build system, and used it to infect roughly 40 Solar Winds customers.

For now, people should brace themselves for additional disclosures from companies they rely on. Checking internal system logs for suspicious entries, turning on multifactor authentication, and patching network systems are always good ideas, but given the current events, those precautions should be expedited. It’s also worth checking logs for any contact with the IP address 54.145.167.181, which one security practitioner said was connected to the CircleCI breach.

https://arstechnica.com/information-technology/2023/01/first-lastpass-now-slack-and-circleci-the-hacks-go-on-and-will-likely-worsen/

• Data of 235 Million Twitter Users Leaked Online

A data leak containing email addresses for 235 million Twitter users has been published on a popular hacker forum. Many experts have immediately analysed it and confirmed the authenticity of many of the entries in the huge leaked archive.

In January 2022, a report claimed the discovery of a vulnerability that can be exploited by an attacker to find a Twitter account by the associated phone number/email, even if the user has opted to prevent this in the privacy options. The vulnerability was exploited by multiple threat actors to scrape Twitter user profiles containing both private (phone numbers and email addresses) and public data, and was present within the social media platforms application programming interface (API) from June 2021 until January 2022.

At the end of July 2022, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting the forementioned, now-fixed vulnerability in the popular social media platform. The scraped data was then put up for sale on various online cyber crime marketplaces. In August, Twitter confirmed that the data breach was caused by a now-patched zero-day flaw.

In December another Twitter data leak made the headlines, a threat actor obtained data of 400,000,000 Twitter users and attempted to sell it. The seller claimed the database is private, and he provided a sample of 1,000 accounts as proof of claims which included the private information of prominent users such as Donald Trump JR, Brian Krebs, and many more. The seller, who is a member of a popular data breach forum, claimed the data was scraped via a vulnerability. The database includes emails and phone numbers of celebrities, politicians, companies, normal users, and a lot of special usernames.

https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html

• 16 Car Makers, including BMW, Ferrari, Ford, Honda, Kia, Land Rover, Mercedes and Toyota, and Their Vehicles Hacked via Telematics, APIs, and Infrastructure

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.

Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personally identifiable information (PII) belonging to customers and employees, and account takeover, among others. The hacks targeted telematic systems, automotive APIs, and infrastructure.

Impacted car models include Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota. The vulnerabilities were identified over the course of 2022. Car manufacturers were informed about the security holes and they released patches.

According to the researchers, they were able to send commands to Acura, Genesis, Honda, Hyundai, Kia, Infiniti, Nissan, and Porsche vehicles.

Using only the VIN (vehicle identification number), which is typically visible on the windshield, the researchers were able to start/stop the engine, remotely lock/unlock the vehicle, flash headlights, honk vehicles, and retrieve the precise location of Acura, Honda, Kia, Infiniti, and Nissan cars.

They could also lock users out of remote vehicle management and could change car ownership.

https://www.securityweek.com/16-car-makers-and-their-vehicles-hacked-telematics-apis-infrastructure

• Ransomware Gang Apologises, and Gives SickKids Hospital Free Decrypter

The LockBit ransomware gang has released a free decrypter for the Hospital for Sick Children (SickKids), saying one of its members violated rules by attacking the healthcare organisation. SickKids is a teaching and research hospital in Toronto that focuses on providing healthcare to sick children.

On December 18th, the hospital suffered a ransomware attack that impacted internal and corporate systems, hospital phone lines, and the website. While the attack only encrypted a few systems, SickKids stated that the incident caused delays in receiving lab and imaging results and resulted in longer patient wait times.

On December 29th, SickKids announced that it had restored 50% of its priority systems, including those causing diagnostic or treatment delays. Two days after SickKids' latest announcement, the LockBit ransomware gang apologised for the attack on the hospital and released a decrypter for free.

“We formally apologise for the attack on sikkids.ca and give back the decrypter for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate programme," stated the ransomware gang.

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Hackers Leverage Compromised Fortinet Devices to Distribute Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Rackspace: Customer email data accessed in ransomware attack (bleepingcomputer.com)

• Ransomware gang cloned victim’s website to leak stolen data (bleepingcomputer.com)

• Rackspace identifies hacking group responsible for early December ransomware attack | TPR

• Ransomware ecosystem becoming more diverse for 2023 | CSO Online

• Lockbit apologized for the attack on SickKids pediatric hospital and releases a free decryptor - Security Affairs

• The FBI's Perspective on Ransomware (thehackernews.com)

• Rackspace Sunsets Email Service Downed in Ransomware Attack (darkreading.com)

• Ransomware: The security debt collector - Help Net Security

• December ransomware disclosures reveal high-profile victims | TechTarget

• The Guardian ransomware attack hits week two as staff WFH • The Register

• Unraveling the techniques of Mac ransomware - Microsoft Security Blog

• Bitdefender releases free MegaCortex ransomware decryptor (bleepingcomputer.com)

• Ransomware Research: More than 200 US Infrastructure Organisations Attacked in 2022 - MSSP Alert

• Ransomware impacts over 200 govt, edu, healthcare orgs in 2022 (bleepingcomputer.com)

• Guardian ransomware attack: Staff told work from home to 23 Jan (pressgazette.co.uk)

• Rail giant Wabtec discloses data breach after Lockbit ransomware attack (bleepingcomputer.com)

• Hackers target Arnold Clark in Christmas Eve cyber attack as bosses insist customer information is safe – Car Dealer Magazine

• Christmas Eve 'cyber attack' forced Arnold Clark's network down | STV News

• Royal ransomware claims attack on Queensland University of Technology (bleepingcomputer.com)

• LockBit: Sorry for SickKids, but not housing authority • The Register

• New Survey: 1 In 4 Schools Were Victims Of Cyber Attacks In the Last Year; Administrators To Increase Spending On Privacy and Security (darkreading.com)

• Canadian mining firm shuts down mill after ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Data of 235 million Twitter users leaked online - Security Affairs

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• New Phishing Campaign Targets Cyber security Professionals Using Hacking Tool Flipper Zero - Infosecurity Magazine (infosecurity-magazine.com)

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Other Social Engineering; Smishing, Vishing, etc

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

Malware

• Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe (thehackernews.com)

• Hackers abuse Windows error reporting tool to deploy malware (bleepingcomputer.com)

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• Bluebottle hackers used signed Windows driver in attacks on banks (bleepingcomputer.com)

• Dridex Returns, Targets MacOS Using New Entry Method (trendmicro.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

• PyTorch discloses malicious dependency chain compromise over holidays (bleepingcomputer.com)

• Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware (thehackernews.com)

• WordPress Sites Under Attack from Newly Found Linux Trojan (darkreading.com)

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

• Raspberry Robin Worm Hatches a Highly Complex Upgrade (darkreading.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

Denial of Service/DoS/DDOS

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Ongoing Flipper Zero phishing attacks target infosec community (bleepingcomputer.com)

Data Breaches/Leaks

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

• Five Guys Data Breach Puts HR Data Under a Heat Lamp (darkreading.com)

• Analysis Of Top 10 Countries Mostly Targeted By Data Breaches (informationsecuritybuzz.com)

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

• Toyota, Mercedes, BMW API flaws exposed owners’ personal info (bleepingcomputer.com)

• Threat actors stole Slack private source code repositories - Security Affairs

• Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley

Organised Crime & Criminal Actors

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• A sneak peek into the dark web dealings | Nation

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

• Cyber criminals we lost to law in 2022

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

Insider Risk and Insider Threats

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Fraud, Scams & Financial Crime

• Avast: Expect Cyber crime "Scamdemic" to Continue in 2023 - MSSP Alert

• Software engineer busted after being inspired by Office Space scam | PC Gamer

• US regulators warn banks over cryptocurrency risks - BBC News

• What Is a Pig Butchering Scam? | WIRED

• RedZei Chinese Scammers Targeting Chinese Students in the UK (thehackernews.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call Centre - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Is NHS The Most Impersonated UK Government "Brand"? (informationsecuritybuzz.com)

AML/CFT/Sanctions

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Insurance

• Cyber safety premiums holding firms to ransom | Business | The Times

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Dark Web

• A sneak peek into the dark web dealings | Nation

Supply Chain and Third Parties

• First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen) | Ars Technica

Software Supply Chain

• There is no secure software supply-chain. - by John McBride (substack.com)

Cloud/SaaS

• Attackers create 130K fake accounts to abuse limited-time cloud computing resources | CSO Online

Encryption

• Encryption Faces an Existential Threat in Europe | WIRED

• 2023 Will See Renewed Focus on Quantum Computing (darkreading.com)

• Chinese researchers claim to find way to break encryption using quantum computers | Financial Times (ft.com)

API

• API Security Is the New Black (darkreading.com)

• Car companies massively exposed to web vulnerabilities | The Daily Swig (portswigger.net)

• 16 Car Makers and Their Vehicles Hacked via Telematics, APIs, Infrastructure | SecurityWeek.Com

• What Are Some Ways to Make APIs More Secure? (darkreading.com)

• Critical flaws found in Ferrari, BMW, Porsche, and other carmakers - Security Affairs

Open Source

• New SHC-compiled Linux malware installs cryptominers, DDoS bots (bleepingcomputer.com)

• New Linux malware uses 30 plugin exploits to backdoor WordPress sites (bleepingcomputer.com)

Social Media

• Data of 235 million Twitter users leaked online - Security Affairs

• Twitter said to have suffered data breach as hackers expose 235 million users' information (thenationalnews.com)

• The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media (thehackernews.com)

• Are Meta and Twitter Ushering in a New Age of Insider Threats? (darkreading.com)

• Meta fined €390m over use of data for targeted ads - BBC News

• More Political Storms for TikTok After US Government Ban | SecurityWeek.Com

Parental Controls and Child Safety

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Governance, Risk and Compliance

• Cyber safety premiums holding firms to ransom | Business | The Times

• Cyber war in Ukraine, ransomware fears drive 2022 surge in demand for threat intelligence tools | SC Media (scmagazine.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

• Attackers evolve strategies to outmanoeuvre security teams - Help Net Security

• How to start planning for disaster recovery - Help Net Security

• Building A Security-First Culture: The Key To Cyber Success (forbes.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Threat Actors Evade Detection Through Geofencing & Fingerprinting (darkreading.com)

• How can businesses decrease cyber insurance premiums while maintaining coverage? - Help Net Security

Secure Disposal

• I bought a $15 router at Goodwill — and found a millionaire's dirty secrets (nypost.com)

Backup and Recovery

• Data backup is no longer just about operational fallback - Help Net Security

Data Protection

• Getting data loss prevention right - Help Net Security

Law Enforcement Action and Take Downs

• Cyber criminals we lost to law in 2022

• Cops Catch Serial Child Abuser After Tech Breakthrough - Infosecurity Magazine (infosecurity-magazine.com)

• Inside a scammers’ lair: Ukraine busts 40 in fake bank call-centre raid – Naked Security (sophos.com)

• Ukrainian Cops Bust Prolific Fraud Call centre - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• National security fears over police using Chinese tech | News | The Times

• Meta fined €390m over use of data for targeted ads - BBC News

• Google will pay $29.5M to settle two lawsuits over its location tracking practices - Security Affairs

Artificial Intelligence

• ChatGPT: An Easy Cyber crime Target For Cyber attacks (informationsecuritybuzz.com)

• OpenAI's ChatGPT previews how AI can help hackers breach more networks (axios.com)

• How hackers might be exploiting ChatGPT - Security Affairs

• NATO tests AI’s ability to protect critical infrastructure against cyber attacks | CSO Online

Misinformation, Disinformation and Propaganda

• It's time to focus on information warfare's hard questions (cyberscoop.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• War and Geopolitical Conflict: The New Battleground for DDoS Attacks (darkreading.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

• It's time to focus on information warfare's hard questions (cyberscoop.com)

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

• Pro-Russia cyber attacks aim at destabilizing Poland - Security Affairs

• Poland warns of attacks by Russia-linked Ghostwriter hacking group (bleepingcomputer.com)

Nation State Actors

Nation State Actors – Russia

• Russia Cyber attacks, China Covid Are Overlooked 2023 Threats - Bloomberg

Nation State Actors – China

• National security fears over police using Chinese tech | News | The Times

• Ex-GE engineer sentenced for stealing turbine tech for China • The Register

Nation State Actors – Iran

• Iran's Revolutionary Guards set to be labelled as terrorist group by UK - BBC News

Nation State Actors – Misc

• Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain (thehackernews.com)

Vulnerability Management

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Attackers never let a critical vulnerability go to waste - Help Net Security

Vulnerabilities

• Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks (bleepingcomputer.com)

• Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog (darkreading.com)

• Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations (darkreading.com)

• Zoho urges admins to patch severe ManageEngine bug immediately (bleepingcomputer.com)

• Android's First Security Updates for 2023 Patch 60 Vulnerabilities | SecurityWeek.Com

• Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (thehackernews.com)

• Qualcomm, Lenovo flag multiple high impact firmware vulnerabilities | SC Media (scmagazine.com)

• Netgear Wi-Fi routers need to be patched immediately | TechRadar

• Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (thehackernews.com)

• Fortinet Releases Security Updates for FortiADC | CISA

Tools and Controls

• How Confidential Computing Can Change Cyber security (darkreading.com)

• Data backup is no longer just about operational fallback - Help Net Security

• Getting data loss prevention right - Help Net Security

• Things to know and do before you switch from VPN to ZTNA - Help Net Security

Other News

• The cyber security industry will undergo significant changes in 2023 - Help Net Security

• SecurityAffairs Top 10 cybersecurity posts of 2022 - Security Affairs

• BleepingComputer's most popular cybersecurity stories of 2022

• WordPress Security: 22 Ways To Protect Your Website (informationsecuritybuzz.com)

• Cyber attacks against governments jumped 95% in last half of 2022, CloudSek says | CSO Online

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Morgan Stanley Client Accounts Breached in Social Engineering Attacks

Morgan Stanley Wealth Management says some of its customers had their accounts compromised in social engineering attacks.

The account breaches were the result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity (in this case Morgan Stanley) during a voice call to convince their targets into revealing sensitive information such as banking or login credentials.

The company said in a notice sent to affected clients that, "on or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

After successfully breaching their accounts, the attacker also electronically transferred money to their own bank account by initiating payments using the Zelle payment service.

https://www.bleepingcomputer.com/news/security/morgan-stanley-client-accounts-breached-in-social-engineering-attacks/

• Ransomware Is Scary, But Another Scam Is Costing Victims Much, Much More

Business email compromise (BEC) remains the biggest source of financial losses, which totalled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020, according to the Federal Bureau of Investigation's (FBI) Internet Crime Center (IC3).

The FBI says in its 2021 annual report that Americans last year lost $6.9 billion to scammers and cyber criminals through ransomware, BEC, and cryptocurrency theft related to financial and romance scams. In 2020, that figure stood at $4.2 billion.

Last year, FBI's Internet Crime Complaint Center (IC3) received 847,376 complaints about cybercrime losses, up 7% from 791,790 complaints in 2020.

BEC has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines.

https://www.zdnet.com/article/ransomware-is-scary-but-another-scam-is-costing-victims-much-much-more-says-fbi/#ftag=RSSbaffb68

• Phishing Kits Constantly Evolve to Evade Security Software

Modern phishing kits sold on cybercrime forums as off-the-shelf packages feature multiple, sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won’t mark them as a threat.

Fake websites that mimic well-known brands are abundant on the internet to lure victims and steal their payment details or account credentials.

Most of these websites are built using phishing kits that feature brand logos, realistic login pages, and in cases of advanced offerings, dynamic webpages assembled from a set of basic elements.

https://www.bleepingcomputer.com/news/security/phishing-kits-constantly-evolve-to-evade-security-software/

• Ransomware Payment Demands Rose Dramatically in 2021

Ransomware attackers demanded dramatically higher ransom fees last year, and the average ransom payment rose by 78% to $541,010, according to data from incident response (IR) cases investigated by Palo Alto Networks Unit 42.

IR cases by Unit 42 also saw a whopping 144% increase in ransom demands, to $2.2 million. According to the report, the most victimised sectors were professional and legal services, construction, wholesale and retail, healthcare, and manufacturing.

Cyber extortion spiked, with 85% of ransomware victims — some 2, 556 organisations — having their data dumped and exposed on leak sites, according to the "2022 Unit 42 Ransomware Threat Report."

Conti led the ransomware attack volume, representing some one in five cases Unit 42 investigated, followed by REvil, Hello Kitty, and Phobos.

https://www.darkreading.com/attacks-breaches/ransomware-payments-demands-rose-dramatically-in-2021

• 7 Suspected Members of LAPSUS$ Hacker Gang, aged 16 to 21, Arrested in UK

The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta.

"The City of London Police has been conducting an investigation with its partners into members of a hacking group," Detective Inspector, Michael O'Sullivan, said in a statement shared with The Hacker News. "Seven people between the ages of 16 and 21 have been arrested in connection with this investigation and have all been released under investigation. Our enquiries remain ongoing."

The development, which was first disclosed by BBC News, comes after a report from Bloomberg revealed that a 16-year-old Oxford-based teenager is the mastermind of the group. It's not immediately clear if the minor is one among the arrested individuals. The said teen, under the online alias White or Breachbase, is alleged to have accumulated about $14 million in Bitcoin from hacking.

https://thehackernews.com/2022/03/7-suspected-members-of-lapsus-hacker.html

• Here's How Fast Ransomware Encrypts Files

Forty-two minutes and 54 seconds: that's how quickly the median ransomware variant can encrypt and lock out a victim from 100,000 of their files.

The data point came from Splunk's SURGe team, which analysed in its lab how quickly the 10 biggest ransomware strains — Lockbit, REvil, Blackmatter, Conti, Ryuk, Avaddon, Babuk, Darkside, Maize, and Mespinoza — could encrypt 100,000 files consisting of some 53.93 gigabytes of data. Lockbit won the race, with speeds of 86% faster than the median. One Lockbit sample was clocked at encrypting 25,000 files per minute.

Splunk's team found that ransomware variants are all over the map speed-wise, and the underlying hardware can dictate their encryption speeds.

https://www.darkreading.com/application-security/here-s-how-fast-ransomware-encrypts-files

• HEAT Attacks: A New Class of Cyber Threats Organisations Are Not Prepared For

Web malware (47%) and ransomware (42%) now top the list of security threats that organisations are most concerned about. Yet despite the growing risks, just 27% have advanced threat protection in place on every endpoint device that can access corporate applications and resources.

This is according to research published by Menlo Security, exploring what steps organisations are taking to secure themselves in the wake of a new class of cyber threats – known as Highly Evasive Adaptive Threats (HEAT).

As employees spend more time working in the browser and accessing cloud-based applications, the risk of HEAT attacks increases. Almost two-thirds of organisations have had a device compromised by a browser-based attack in the last 12 months. The report suggests that organisations are not being proactive enough in mitigating the risk of these threats, with 45% failing to add strength to their network security stack over the past year. There are also conflicting views on the most effective place to deploy security to prevent advanced threats, with 43% citing the network, and 37% the cloud.

https://www.helpnetsecurity.com/2022/03/22/web-security-threats/

• The Cyber Warfare Predicted in Ukraine May Be Yet to Come

In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But that’s not how it has played out. At least, not yet.

The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust. Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the west. Russian ransomware actors may also take advantage of the situation, possibly resorting to cyber crime as one of the few means of revenue generation.

https://www.ft.com/content/2938a3cd-1825-4013-8219-4ee6342e20ca

• The Three Russian Cyber Attacks the West Most Fears

The UK's cyber authorities are supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.

Russia has previously stated that such accusations are "Russophobic".

However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.

Ukraine has remained relatively untroubled by Russian cyber-offensives but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.

"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.

This article from the BCC outlines the hacks that experts most fear, and they are repeats of things we have already seen coming out of Russia, only potentially a lot more destructive this time around.

https://www.bbc.co.uk/news/technology-60841924

• Do These 8 Things Now to Boost Your Security Ahead of Potential Russian Cyber Attacks

The message comes as the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) ramp up warnings about Russian hacking of everything from online accounts to satellite broadband networks. CISA's current campaign is called Shields Up, which urges all organisations to patch immediately and secure network boundaries. This messaging is being echoed by UK and other Western Cyber authorities:

The use of Multi-Factor Authentication (MFA) is being very strongly advocated. The White House and other agencies both sides of the Atlantic also urged companies to take seven other steps:

• Deploy modern security tools on your computers and devices to continuously look for and mitigate threats

• Make sure that your systems are patched and protected against all known vulnerabilities, and change passwords across your networks so that previously stolen credentials are useless to malicious actors

• Back up your data and ensure you have offline backups beyond the reach of malicious actors

• Run exercises and drill your emergency plans so that you are prepared to respond quickly to minimize the impact of any attack

• Encrypt your data so it cannot be used if it is stolen

• Educate your employees to common tactics that attackers will use over email or through websites

• Work with specialists to establish relationships in advance of any cyber incidents.

https://www.zdnet.com/article/white-house-warns-do-these-8-things-now-to-boost-your-security-ahead-of-potential-russian-cyberattacks/

• Cyber Crime Victims Suffered Losses of Over $6.9B in 2021 in the US Alone

The FBI's Internet Crime Complaint Center (IC3) reported a record-breaking year for 2021 in the number of complaints it received, among which business email compromise (BEC) attacks made up the majority of incidents.

IC3 handled 847,376 complaint reports last year — an increase of 7% over 2020 — which mainly revolved around phishing attacks, nonpayment/nondelivery scams, and personal data breaches. Overall, losses amounted to more than $6.9 billion.

BEC and email account compromises ranked as the No. 1 attack, accounting for 19,954 complaints and losses of around $2.4 billion.

"In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government. Cyber incidents are in fact crimes deserving of an investigation, leading to judicial repercussions for the perpetrators who commit them," Paul Abbate, deputy director of the FBI wrote in the IC3's newly published annual report.

https://www.darkreading.com/attacks-breaches/fbi-cybercrime-victims-suffered-losses-of-over-6-9b-in-2021

• Expanding Threat Landscape: Cyber Criminals Attacking from All Sides

Research from Trend Micro warns of spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organisations and individuals.

“Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks,” said Jon Clay, VP of threat intelligence at Trend Micro.

“Our latest research shows that while Trend Micro threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted.”

Ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit. Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge – but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.

Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period. Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk.

https://www.helpnetsecurity.com/2022/03/22/threat-actors-increase-attack/

Threats

Ransomware

• Ransomware Infections Follow Precursor Malware – Lumu • The Register

• Ransomware, Malware-as-a-Service Dominate Threat Landscape | SecurityWeek.Com

• Serious Security: DEADBOLT – The Ransomware That Goes Straight For Your Backups – Naked Security (sophos.com)

• AvosLocker Ransomware - What You Need To Know | The State of Security (tripwire.com)

• What the Conti Ransomware Group Data Leak Tells Us (darkreading.com)

• Ransomware Demands And Payments Increase With Use Of Leak Sites (computerweekly.com)

• Ten Notorious Ransomware Strains Put to The Encryption Speed Test (bleepingcomputer.com)

• Lockbit Wins Ransomware Speed Test, Encrypts 25k Files/Min • The Register

• Talos warns of BlackMatter-linked BlackCat Ransomware • The Register

• Report: 89% of Organizations Say Kubernetes Ransomware Is A Problem Today | VentureBeat

• Top Russian Meat Producer Hit with Windows BitLocker Encryption Attack (bleepingcomputer.com)

• Greece's Public Postal Service Offline Due To Ransomware Attack (bleepingcomputer.com)

• Hackers Demand $15 Million Ransom from TransUnion After Cracking "password" Password (bitdefender.com)

• Lawsuit Claims Kronos Breach Exposed Data For 'Millions' (techtarget.com)

• Estonian Man Sentenced To Prison For Role In Cyber Intrusions, Ransomware Attacks - CyberScoop

Phishing & Email

• New Phishing Toolkit Lets Anyone Create Fake Chrome Browser Windows (bleepingcomputer.com)

• Browser-in-the-Browser Attack Makes Phishing Nearly Invisible | Threatpost

• 'Unique Attack Chain' Drops Backdoor in New Phishing Campaign (darkreading.com)

Other Social Engineering

• Social Engineering Attacks To Dominate Web3, The Metaverse | ZDNet

Malware

• Malicious Microsoft Excel Add-Ins Used to Deliver RAT Malware (bleepingcomputer.com)

• BitRAT Malware Now Spreading As A Windows 10 License Activator (bleepingcomputer.com)

Mobile

• URL Rendering Trick Enabled WhatsApp, Signal, iMessage Phishing (bleepingcomputer.com)

• Downloaders Currently the Most Prevalent Android Malware (darkreading.com)

• Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users (thehackernews.com)

• Android Password-Stealing Malware Infects 100,000 Google Play Users (bleepingcomputer.com)

IoT

• Botnet of Thousands of MikroTik Routers Abused in Glupteba, TrickBot Campaigns (thehackernews.com)

• Honda Civics Vulnerable To Remote Unlock, Start Hack • The Register

• How to Secure Your Home WiFi Router - The Washington Post

Data Breaches/Leaks

• UK MoD's Capita-Run Recruitment Portal Support Offline • The Register

• Background Check Company Sued Over Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Over 40,000 London Voters Have Data Leaked to Strangers - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Who is LAPSUS$, the Gang Hacking Microsoft, Samsung, and Okta? (gizmodo.com)

• Hackers Are Targeting European Refugee Charities -Ukrainian Official | Reuters

• Hackers Steal From Hackers By Pushing Fake Malware On Forums (bleepingcomputer.com)

• Oxford Teen Accused Of Making More Than £10m As A Leader Of International Cyber Gang (telegraph.co.uk)

Cryptocurrency/Cryptomining/Cryptojacking

• An Investigation of Cryptocurrency Scams and Schemes (trendmicro.com)

• Global Regulators Monitor Crypto Use in Ukraine War | Reuters

• Cryptocurrency Companies Impacted by HubSpot Breach (techtarget.com)

Insider Risk and Insider Threats

• 6 Types Of Insider Threats And How To Prevent Them (techtarget.com)

• HP Staffer Blew $5m On Personal Expenses With Company Card • The Register

Fraud, Scams & Financial Crime

• Internet Crime in 2021: Investment Fraud Losses Soar - Help Net Security

• NFT Fraud in the UK Soars 400% in 2021 - Infosecurity Magazine (infosecurity-magazine.com)

• DeFiance Capital Founder Loses $1.7M in NFTs To Phishing Scam - Decrypt

Insurance

• How The Increase in Ransomware Has Impacted The Cyber Insurance Market - Help Net Security

• Cyber Insurance and War Exclusions (darkreading.com)

Dark Web

• Dark Web Drug Peddler Gets Nine Years - Infosecurity Magazine

Supply Chain

• 'Secrets Sprawl' Haunts Software Supply Chain Security | SecurityWeek.Com

Cloud

• As Breaches Soar, Companies Must Turn to Cloud-Native Security Solutions For Protection - Help Net Security

Passwords & Credential Stuffing

• The Top 5 Things the 2022 Weak Password Report Means for IT Security (bleepingcomputer.com)

Spyware, Espionage & Cyber Warfare

• Russia Preparing To Conduct Cyber Attacks, White House warns - IT Security Guru

• New Mustang Panda Hacking Campaign Targets Diplomats, ISPs (bleepingcomputer.com)

• Vidar Spyware Is Now Hidden in Microsoft Help Files | ZDNet

• FCC Adds Kaspersky To Covered List Due To Unacceptable Risks To Security - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Internet Sanctions Against Russia Pose Risks, Challenges For Businesses | CSO Online

• Is It Safe To Use Russian-Based Kaspersky Antivirus? No, And Here's Why (komando.com)

• Anonymous Leaked 28gb of Data Stolen from The Central Bank of Russia - Security Affairs

• President Biden Says Russia Exploring Revenge Cyber Attacks • The Register

• Analysis: Putin's next escalation could be a direct cyberattack on the West - CNNPolitics

• Russia-backed Hackers Bypassed MFA, Exploited Print Vulnerability - MSSP Alert

• Hackers Around The World Deluge Russia's Internet With Simple, Effective Cyber Attacks (nbcnews.com)

• Anonymous Targets Western Companies Still Active in Russia - Security Affairs

• Ukrainian Enterprises Hit with the DoubleZero Wiper - Security Affairs

• NATO, G-7 Leaders Promise Bulwark Against Retaliatory Russian Cyber Attacks (cyberscoop.com)

• Russia Hacked Ukrainian Satellite Communications, Officials Believe - BBC News

• Russia-linked InvisiMole APT Targets State Organizations Of Ukraine - Security Affairs

• Corrupted Open-Source Software Enters the Russian Battlefield | ZDNet

• Nestlé Says 'Anonymous' Data Leak Actually A Self-Own • The Register

Nation State Actors – China

• Another Chinese Hacking Group Spotted Targeting Ukraine Amid Russia Invasion (thehackernews.com)

• Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection | Threatpost

• Mustang Panda Hacking Group Takes Advantage Of Ukraine Crisis In New Attacks | ZDNet

Nation State Actors – North Korea

• Dual North Korean Hacking Efforts Found Attacking Google Chrome Vulnerability for 6 Weeks - CyberScoop

Vulnerabilities

• CISA Adds 66 Vulnerabilities To List Of Bugs Exploited In Attacks (bleepingcomputer.com)

• Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (thehackernews.com)

• Three Critical RCE Flaws Affect Hundreds of HP Printer Models - Security Affairs

• Critical Sophos Firewall vulnerability allows remote code execution (bleepingcomputer.com)

• Vulnerabilities Found in 250 HP Printer Models | CSO Online

• VMware Fixes Carbon Black Command Injection, Upload Bugs • The Register

• Western Digital Fixes Critical Bug Giving Root On My Cloud NAS Devices (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Scottish Mental Health Charity SAMH Targeted In Cyber Attack - BBC News

• 12,000 Sensitive Patient Images Leaked - IT Security Guru

• Over 1 Million Impacted in Data Breach at Texas Dental Services Provider | SecurityWeek.Com

Retail/eCommerce

• For Magecart groups and other credit-card skimmers, old and new opportunities abound - CyberScoop

Transport and Aviation

• SATCOM Networks on High Alert After US Govt Warning • The Register

Energy & Utilities

• US Charges Four Russians Over Hacking Campaign on Energy Sector - BBC News

Education and Academia

• Heriot-Watt University in Second Week of Outage • The Register

Reports Published in the Last Week

• The 2022 State of Cyber Assets Report (jupiterone.com)

• 2022 Weak Password Report - Specops Software

Other News

• A Better Grasp of Cyber Attack Tactics Can Stop Criminals Faster (bleepingcomputer.com)

• The Chaos (and Cost) of the Lapsus$ Hacking Carnage | SecurityWeek.Com

• Soldiers told to use Signal instead of WhatsApp for security | The Times

• Cyber Security Compliance: Start With Proven Best Practices - Help Net Security

• Only 27% of Orgs Have Advanced Threat Protection on Endpoints | VentureBeat

• Okta Breach Leads To Questions On Disclosure, Reliance On Third-Party Vendors - CyberScoop

• The Challenges Audit Leaders Need To Look Out For This Year - Help Net Security

• South Korean DarkHotel Hackers Targeted Luxury Hotels in Macau (thehackernews.com)

• ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed - Infosecurity Magazine

• Security Teams are Responsible for Over 165k Assets - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.