Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 10 May 2024
Black Arrow Cyber Threat Intelligence Briefing 10 May 2024:
-China Suspected of Hacking MoD, Through Its Payroll Provider
-Security Tools Fail to Translate Risks for Executives
-Gang Accused of MGM Hack Shifts Attacks to Finance Sector
-Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
-Misconfigurations Drive 80% of Security Exposure, Report Finds
-Only 45% of Organisations Employ MFA Protections
-You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
-The Rise and Stealth of The Socially Engineered Insider
-Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
-Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
-Ransomware Activity Thrives, Despite Law enforcement Efforts
-NATO Warns of Russian Hybrid Warfare
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider
UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.
Sources: [LBC] [The Register] [Sky News]
Security Tools Fail to Translate Risks for Executives
Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.
The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.
Source: [Help Net Security]
Gang Accused of MGM Hack Shifts Attacks to Finance Sector
The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.
Sources: [Bloomberg Law] [Claims Journal]
Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.
Sources: [Insurance Times] [Dark Reading]
Misconfigurations Drive 80% of Security Exposure, Report Finds
A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.
Sources: [Security Magazine]
Only 45% of Organisations Employ MFA Protections
A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.
Source: [Help Net Security]
You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.
Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.
Sources: [Security Brief] [Help Net Security] [IT Security Guru]
The Rise and Stealth of The Socially Engineered Insider
Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.
Source: [Forbes]
Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.
Sources: [Help Net Security] [IT Security Guru]
Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.
Source: [JDSupra]
Ransomware Activity Thrives, Despite Law enforcement Efforts
Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.
Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]
NATO Warns of Russian Hybrid Warfare
NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”. The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.
Sources: [EU Reporter] [Financial Times]
Governance, Risk and Compliance
You cannot protect what you do not understand (securitybrief.co.nz)
Security tools fail to translate risks for executives - Help Net Security
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)
Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)
Why SMBs are facing significant security, business risks - Help Net Security
Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)
92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire
Three strategies for winning the cyber security arms race | Fintech Nexus
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
CIOs and CFOs, two parts of the same whole - IT Security Guru
Threats
Ransomware, Extortion and Destructive Attacks
Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)
Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)
Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
Ransomware evolves from extortion to 'psychological attacks' • The Register
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)
Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security
An overwhelming majority of organisations paid ransomware last year - eCampus News
The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)
Law enforcement seized Lockbit group's website again (securityaffairs.com)
Consultant charged with $1.5M extortion of IT giant • The Register
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
Ransomware crooks SIM swap kids to pressure parents • The Register
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
CISA boss: Secure software needed to stop ransomware • The Register
Shields Up: How to Minimize Ransomware Exposure - Security Week
Ransomware Victims
UnitedHealth’s 'egregious negligence' led to that ransomware • The Register
Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)
London Drugs president tight-lipped over recent cyber attack | CBC News
Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop
Cyber attack disrupts operations at major US health care network | CNN Business
City of Wichita Shuts Down Network Following Ransomware Attack - Security Week
Patient appointments imperilled by cyber attack on French radiologist (therecord.media)
Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Other Social Engineering
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
What is social engineering penetration testing? | Definition from TechTarget
Artificial Intelligence
Organisations go ahead with AI despite security risks - Help Net Security
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Strategies for preventing AI misuse in cyber security - Help Net Security
AI is changing the game when it comes to cyber security | ITPro
Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET
LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)
Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)
Criminal Use of AI Growing, But Lags Behind Defenders - Security Week
2FA/MFA
Only 45% of organisations use MFA to protect against fraud - Help Net Security
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Malware
ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Mobile
Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Ransomware crooks SIM swap kids to pressure parents • The Register
Denial of Service/DoS/DDOS
Data Breaches/Leaks
How does a data breach affect you and why should you care? | TechRadar
Dell customer order database stolen, for sale on dark web • The Register
The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)
Security breach affects 6,000 German military VC meetings (avinteractive.com)
Security company exposes 1.2M guard and suspect records • The Register
Children's mental health records published after cyber attack - BBC News
Georgia education agency's MOVEit data theft impacted 800K • The Register
Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru
Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week
UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)
'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News
Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)
Dating apps kiss'n'tell all sorts of sensitive user info • The Register
Organised Crime & Criminal Actors
Hackers of all kinds are attacking routers across the world | TechRadar
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED
Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
Supply Chain and Third Parties
UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)
Details of UK military personnel exposed in huge payroll data breach | AP News
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)
The complexities of third-party risk management - Help Net Security
Cloud/SaaS
Encryption
Cop complaints won't stop E2EE, says encryption advocate • The Register
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Linux and Open Source
Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)
Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News
Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)
How secure is the “Password Protection” on your files and drives? - Help Net Security
Social Media
Training, Education and Awareness
Regulations, Fines and Legislation
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
How workforce reductions affect cyber security postures - Help Net Security
One in Four Tech CISOs Unhappy with Compensation - Security Boulevard
Law Enforcement Action and Take Downs
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)
LockBit leader unmasked and sanctioned - National Crime Agency
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
German police bust Europe's 'largest' scam call centre – DW – 05/02/2024
Consultant charged with $1.5M extortion of IT giant • The Register
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)
Nation State Actors
China
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)
Russia
Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter
Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)
How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)
EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)
Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK
Foreign Ministry: Czech institutions targeted by GRU cyber attacks | Radio Prague International
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)
Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED
Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters
Poland says it too was targeted by Russian hackers – POLITICO
Kaspersky denies claims it helped Russia with drones • The Register
Iran
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
Patch management vs. vulnerability management: Key differences | TechTarget
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
CISA’s KEV list improving private and public-sector patching • The Register
CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week
Vulnerabilities
Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security
LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)
New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)
Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Tools and Controls
Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)
Security tools fail to translate risks for executives - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)
Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
Strategies for preventing AI misuse in cyber security - Help Net Security
Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)
What is social engineering penetration testing? | Definition from TechTarget
How workforce reductions affect cyber security postures - Help Net Security
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
Top 10 physical security considerations for CISOs | CSO Online
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
A SaaS Security Challenge: Getting Permissions All in One Place (thehackernews.com)
Tips for Controlling the Costs of Security Tools - The New Stack
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)
Reports Published in the Last Week
Other News
Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
Complexity leads to trade-off between risk and innovation (betanews.com)
When has the UK faced cyber attacks in the past? | The Independent
Man-in-the-middle attack: The new cyber security threat | YourStory
Paris 2024 gearing up to face unprecedented cyber security threat | Reuters
38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)
Why undersea cables need high-priority protection • The Register
GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)
Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar
Fujitsu sets aside £200m as calls mount for Post Office scandal payout
FE News | Why the education sector needs to do the homework on cyber security as attacks soar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 November 2023
Black Arrow Cyber Threat Intelligence Briefing 03 November 2023:
-Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
-Are You and Your Clients Soft Targets?
-Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
-Executives May be The Biggest Risk to Your Business
-Organisations Can Only Stop 57 Percent of Cyber Attacks
-Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
-Business Email Compromise is Most Common Entry Point for Cyber Attack
-US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
-Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
-Your End-Users are Reusing Passwords, That’s a Big Problem
-Cyber Workforce Demand is Outpacing Supply
-What the Boardroom Is Missing: CISOs
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Surviving a Ransomware Attack Begins by Acknowledging it’s Inevitable
The best defence against a ransomware attack is assuming it will happen before it does. Research by Visa Inc found that ransomware continues to rapidly rise. One of the main factors is the use of AI services to mass produce highly personalised and plausible emails. The second is the proliferation of highly professional do-it-yourself ransomware kits, which frequently come with 24/7 tech support. These two factors drastically lower the skill level required for cyber criminals to successfully pull off an attack.
Another new ransomware trend is “dual ransomware attacks”. This is where criminals carry out two or more attacks in close proximity of each other, ranging between 48 hours to a maximum of 10 days. With an 80% chance of re-attack, small and medium sized businesses in hard-hit industries including healthcare and manufacturing are primary targets; organisations must be extra vigilant as the holidays approach because this is when cyber criminals are most likely to attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Venture Beat] [SC Media] [Help Net Security] [Infosecurity Magazine] [Help Net Security] [Tech Crunch]
Are You and Your Clients Soft Targets?
Cyber attacks are not a matter of "if" but "when," and the question you need to ask yourself is, ‘Are you a soft target?’. A soft target is a network or organisation that is relatively unprotected or vulnerable to cyber attacks.
You may feel confident in your ability to recover from an attack, but if you've never thoroughly tested your backup and recovery procedures, and when the time comes you find that it does not work, the result will leave you more likely to pay a ransom in an encryption based ransomware scenario. Reliance on legacy antivirus, which often fails to detect modern threats, can also render your network a soft target. Additionally, the absence of a rigorous vulnerability scanning and patching process leaves vulnerabilities undiscovered, and attackers are quick to exploit them. If you rely solely on prevention measures like firewalls and endpoint protection platforms, you are making yourself an appealing soft target for cyber criminals.
No organisation is entirely immune to cyber attacks. The key to defending you and your client's information effectively is to anticipate attacks, understand your security posture, recognise potential adversaries, and recover correctly in the event of an attack.
Source: [MSSP Alert]
Cyber Attacks Cause Revenue Losses in 42% of Small Businesses
Small businesses may be discouraged from investing in preventive cyber security measures due to the expense involved and the mistaken belief that only larger companies are the target of cyber crimes. However, according to a recent report nearly 8 in 10 small business leaders admit they are anxious about the safety of their company’s sensitive data and information. The report found that employee and customer data continue to be the most impacted categories of information in data breaches with 42% of small businesses losing revenue due to a cyber event.
The widespread use of internet-connected devices has given rise to a substantial surge in threat actors targeting small and medium-sized businesses, with malware, phishing and botnets being the most common threats. Daily malware activity has doubled year over year, and peaks in holiday seasons.
Sources: [Help Net Security] [Security Magazine] [Help Net Security] [JDSupra]
Executives May be The Biggest Risk to Your Business as One in Five Share Work Passwords Outside the Company
According to a recent report, nearly half (49%) of C-level executives have requested to bypass one or more security measures in the past year, highlighting a concerning disparity between what business leaders say about cyber and what they do. The research reported one in five sharing their work password with someone outside the company, 77% using easy-to-remember passwords including birth dates, and a third admitting to accessing unauthorised files and data with nearly two-thirds having the ability to edit those files/data.
Additionally, the C-suite was found to be more than three times as likely than regular users to share work devices with unauthorised users. An essential approach to reducing the risks is a tailored training programme that enables all users, including the C-suite, to understand the objective of security controls and the risks caused by bypassing them. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Sources: [Infosecurity Magazine] [Tech Radar] [Security Magazine] [Help Net Security]
Organisations Can Only Stop 57 Percent of Cyber Attacks
According to a report from Tenable, over the last two years, the average organisation's cyber security program was prepared to preventatively defend against, or block, just 57 percent of the cyber attacks it encountered. The report found that 58% of respondents focus almost entirely on fighting successful attacks rather than working to prevent them in the first place. This is put down largely to a struggle to obtain an accurate picture of their attack surface. When it came to risks, 75% viewed cloud infrastructure as the greatest source of exposure risk in their organisation.
Source: [Beta News]
Many Businesses Remain Unprepared for AI as Phishing Attacks Rise 1,265% Since Launch of ChatGPT
Generative AI has revolutionised many aspects of life, offering new opportunities that have also greatly benefited malicious actors. A report has found that since the launch of ChatGPT, phishing attacks have increased by 1,265%. A separate report found that many businesses remain unprepared for the impact of AI, with just 16% of respondents satisfied in their organisation’s understanding of these AI tools.
Sources: [Decrypt] [Infosecurity Magazine] [Emerging Risks]
Business Email Compromise is Most Common Entry Point for Cyber Attack
According to cyber insurance provider Hiscox, almost half of UK businesses have experienced a cyber attack in the last year, an increase of 9% from the previous year. Business email compromise was recorded as the most common point of entry, mentioned by 35% of companies who suffered an attack.
The report found that 20% of attacked organisations received a ransomware demand, slightly up from 19% the previous year. The proportion paying the ransom fell from 66% to 63%, but the median ransom rose 13%.
Sources: [Hiscox] [Digital Journal]
US Regulator Charges Firm and its CISO For Fraud and Cyber Security Failures
The US Securities and Exchange Commission (SEC) announced plans to charge a Chief Information Security Officer (CISO) with fraud for their role in allegedly lying to investors, overstating cyber security practices, and understating or failing to disclose known risks. A key piece of evidence presented by the SEC involved a presentation that was shared with the CISO, detailing a lack of security in the CISO employer’s setup. The presentation highlighted how exploitation could lead to major reputational and financial loss.
The case represents a larger shift in the dynamics and corporate reporting of security issues and within this, lies the professionalism of the CISO role. It is likely that this incident could become the start of something larger.
Sources: [The Record] [Security Week ] [Forbes]
Companies Scramble to Integrate Immediate Recovery into Ransomware Plans
A survey found that 66% of companies are reevaluating their data protection and cyber resilience strategies. Despite this, 35% are not prioritising recovery and only half (56.6%) focused on both recovery and prevention.
Whilst it is important to prevent attacks, nothing is 100% secure and organisations need to ensure that their ransomware plans include recovery as a part of this. If, or when, you experience an attack, you will not want to improvise your recovery.
Source: [Help Net Security]
Your End-Users are Reusing Passwords: That’s a Big Problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until it turns up in the form of hackers using compromised credentials as an initial access vector. A recent survey revealed that 53% of people admit to reusing passwords, making it easier for attackers to gain access to multiple applications with a single compromised password.
While it is difficult for organisations to maintain visibility over who is reusing passwords, especially if employees are reusing passwords outside of the organisation, there are still ways to combat this. Implementing tools that can check for compromised passwords, using multi-factor authentication and ensuring all employees carry out cyber security and awareness training are a few methods to help combat password re-use.
Source: [Bleeping Computer]
Cyber Workforce Demand is Outpacing Supply
A study by ISC2 stated that we would need to double the cyber workforce to adequately protect organisations and their critical assets. The study found that the gap between the demand and supply grew 12.6%. For organisations, this can mean a struggle in hiring cyber expertise.
To address the challenge of attracting and retaining quality senior security professionals, Black Arrow offers a fractional CISO service that gives flexible access to a whole team of specialists with wide expertise, experience and backgrounds in technology, governance and transformation, for less than the cost of hiring one individual.
Source: [Cyber Scoop]
What the Boardroom Is Missing: CISOs
According to a new study only 12% of S&P 500 companies have board directors with relevant cyber credentials, highlighting a major gap in expertise needed to keep organisations secure. As most organisations shift to digital and cloud-first strategies, businesses of all shapes and sizes must protect their assets. Unfortunately, there's a considerable gap between security leaders and the board directors responsible for managing businesses. A recent Harvard Business Review survey revealed just 47% regularly interact with their company's Chief Information Security Officer (CISO). That's a severe knowledge gap for a company's security and business leaders.
Introducing CISOs to the boardroom is not just about compliance, it's also about ensuring transparency and accountability. CISOs are already building security programs from the ground up. They provide business compliance, hire the right people, and find the right technology to supplement their team's efforts. Security posture is critical to an enterprise's future success, and having a CISO on the board that speaks the language can help a board understand if their business is making suitable security investments.
Source: [Dark Reading]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
SolarWinds Is A Game Changer - You Cannot Sugarcoat Cyber security (forbes.com)
Part of an executive team? You might be the biggest security risk to your business | TechRadar
One in five executives have shared work passwords outside the company | Security Magazine
Organisations can only stop 57 percent of cyber attacks (betanews.com)
Cyber attacks cause revenue losses in 42% of small businesses - Help Net Security
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
'Are we adversary aligned?' is the new 'Are we secure?' (betanews.com)
Cyber security habits and behaviours executives need to be aware of - Help Net Security
The hidden costs of data breaches for small businesses - Help Net Security
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
How Do We Truly Make Security 'Everyone's Responsibility'? (darkreading.com)
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Why there’s no one-size-fits all solution to security maturity | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Ransom Groups Threaten Physical Violence as Social Engineering Tactic (darkreading.com)
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Surviving a ransomware attack begins by acknowledging it's inevitable | VentureBeat
Do government sanctions against ransomware groups work? | TechCrunch
Why rookie hackers are capitalizing on ransomware | SC Media (scmagazine.com)
Experts Reconsider Banning Ransom Payments as Ransomware Attacks Surge (pymnts.com)
Why ransomware victims can’t stop paying off hackers | TechCrunch
Key Learnings from “Big Game” Ransomware Campaigns - SecurityWeek
New Hunters International ransomware possible rebrand of Hive (bleepingcomputer.com)
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
One of the most dangerous ransomware kits around might have just gotten a rebrand | TechRadar
Ransomware attacks set to break records in 2023 - Help Net Security
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
Ransomware Victims
Boeing Confirms Cyber Attack, System Compromise (darkreading.com)
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Stanford University investigating security incident • The Register
Massive ransomware attack hinders services in 70 German municipalities (therecord.media)
Medical research exec hit in SIM-swap attack by Alphv gang • The Register
Caesars Hackers Accessed Customer Data; Costs to Be Determined (bloomberglaw.com)
Mortgage and loan giant Mr. Cooper blames cyber attack for ongoing outage | TechCrunch
Ransomware attack shuts down Central Florida radiology imager sites (wmfe.org)
British, Toronto Libraries Struggle After Cyber Incidents (darkreading.com)
Ace Hardware says 1,202 devices were hit during cyber attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Artificial Intelligence
Email Phishing Attacks Up 1,265% Since ChatGPT Launched: SlashNext - Decrypt
AI poses new cyber threats with many businesses unprepared (emergingrisks.co.uk)
AI is making cyber attacks even smarter and more dangerous | TechRadar
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Enterprise AI applications are threatening security | TechRadar
What Lurks in the Dark: Taking Aim at Shadow AI (darkreading.com)
ChatGPT, Bard, lack effective defences against fraudsters, Which? warns | Computer Weekly
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Malware
Over a million Windows and Linux systems infected by this tricky new malware | TechRadar
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Daily malware activity doubled year over year for small businesses | Security Magazine
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Malvertising via Dynamic Search Ads delivers malware bonanza (malwarebytes.com)
Windows PCs are being targeted with a nasty new malware - here's what you need to know | TechRadar
Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware (thehackernews.com)
These Seemingly Innocent Search Terms Could Lead Kids to Malware-Filled Websites (pcmag.com)
Malware 'Meal Kits' Serve Up No-Fuss RAT Attacks (darkreading.com)
Arid Viper Camouflages Malware in Knockoff Dating App (darkreading.com)
Ghostpulse Malware Targets Windows PCs With Fake App Installers (pcmag.com)
Latest RAT attack surge bypasses Microsoft's XLL block • The Register
Mozi malware botnet goes dark after mysterious use of kill-switch (bleepingcomputer.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection (thehackernews.com)
Mobile
16 more infected Android apps you need to delete ASAP (bgr.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Android 14’s user-profile data bug seems indistinguishable from ransomware | Ars Technica
New banking scams delivered instantly via WhatsApp - F-Secure Blog
Security Expert: Apple's Lockdown Mode Still Defeats Commercial Spyware | PCMag
Google One data breach: Dark web report at your hand - gHacks Tech News
SIM swapping crypto crook jailed, ordered to pay $945,833 • The Register
SIM Swappers Are Working Directly with Ransomware Gangs Now (404media.co)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
Denial of Service/DoS/DDOS
DDoS attacks are getting bigger and more powerful, and that's a really bad thing | TechRadar
Why Does "Anonymous" Launch DDoS Cyber Attacks? (makeuseof.com)
Internet of Things – IoT
IoT's convenience comes with cyber security challenges - Help Net Security
RCE exploit for Wyze Cam v3 publicly released, patch now (bleepingcomputer.com)
Data Breaches/Leaks
CCleaner says hackers stole users’ personal data during MOVEit mass-hack | TechCrunch
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
ServiceNow Data Exposure: A Wake-Up Call for Companies (thehackernews.com)
LastPass breach linked to theft of $4.4 million in crypto (bleepingcomputer.com)
Public exposure of data breaches is becoming inevitable – Help Net Security
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Seiged Sec Breach Top Israeli Telecom, Leak Customers Data (dailydot.com)
Organised Crime & Criminal Actors
‘Prolific Puma’ Hacker Gives Cyber criminals Access to .us Domains (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
How cyber criminals adapt and thrive amidst changing consumer trends – Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto thief steals $4.4M in a day as toll rises from LastPass breach (cointelegraph.com)
UK's National Crime Agency Establishes Crypto Investigative Team (mpost.io)
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
N. Korean Lazarus Group Targets Software Vendor Using Known Flaws (thehackernews.com)
North Korean Hackers Are Trying to Stage Another Supply Chain Hack (pcmag.com)
Okta discloses a data breach after a third-party vendor was hacked (securityaffairs.com)
Cloud/SaaS
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cyber securitynews.com)
Cryptojackers steal AWS credentials from GitHub in 5 minutes • The Register
Microsoft is Getting Serious About Security. Again. - Thurrott.com
Microsoft is overhauling its software security after major Azure cloud attacks - The Verge
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your end-users are reusing passwords – that’s a big problem (bleepingcomputer.com)
One in five executives have shared work passwords outside the company | Security Magazine
Within 5 Minutes, Hackers Were Able to Get AWS Credentials From GitHub (cybersecuritynews.com)
Browser extensions could capture passwords and sensitive info as plain text (techxplore.com)
Social Media
DUCKTAIL Malware employs LinkedIn messages Execute Attacks (gbhackers.com)
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
Malvertising
Training, Education and Awareness
Finding the right approach to security awareness - Help Net Security
Why lack of training can put cyber security at risk [Q&A] (betanews.com)
Regulations, Fines and Legislation
FTC orders non-bank financial firms to report breaches in 30 days (bleepingcomputer.com)
SEC Charges SolarWinds and Its CISO With Fraud and Cyber security Failures - SecurityWeek
Why The SEC Cyber Security Disclosure Rules Will Improve Cybersecurity (forbes.com)
The UK Online Safety Bill Becomes Law, What Does It Mean? | Hackaday
Biden Issues Executive Order on Safe, Secure AI - Infosecurity Magazine (infosecurity-magazine.com)
Setting the standard for cyber security across the EU | Business Post
Models, Frameworks and Standards
Top 12 IT security frameworks and standards explained | TechTarget
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile - SecurityWeek
Careers, Working in Cyber and Information Security
UK cyber skills gap grows 29% despite record hiring (computing.co.uk)
Cyber workforce demand is outpacing supply, survey finds | CyberScoop
Cyber security workforce shortages: 67% report people deficits - Help Net Security
CISO Skills in a Changing Security Market: Are You Prepared? (darkreading.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Misc Nation State/Cyber Warfare/Cyber Espionage
Geopolitical Threats/Activity
Hacktivist Activity Related to Gaza Conflict Dwindles (darkreading.com)
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (bleepingcomputer.com)
Israel Calls In Hackers And Spyware Companies To Break Into Abductees’ Phones (forbes.com)
China
Spies and Lies: China’s Cyber Espionage Is on an Unprecedented Level | Mind Matters
Microsoft upgrades security for signing keys in wake of Chinese breach | CyberScoop
Russia
Boeing. ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia - The Messenger
Russian hacking tool floods social networks with bots, researchers say (therecord.media)
FSB arrests Russian hackers working for Ukrainian cyber forces (bleepingcomputer.com)
Russia to launch its own version of VirusTotal due to US snooping fears (therecord.media)
A Ukrainian Company Shares Lessons in Wartime Resilience (darkreading.com)
Two Russians indicted for hacking JFK taxi dispatch system • The Register
Iran
Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (thehackernews.com)
Iranian Cyber Spies Use 'LionTail' Malware in Latest Attacks - SecurityWeek
New Iranian state-sponsored hacking campaign uncovered - SiliconANGLE
FBI Director Warns of Increased Iranian Attacks (darkreading.com)
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign (thehackernews.com)
'Scarred Manticore' Unleashes the Most Advanced Iranian Cyber Espionage Yet (darkreading.com)
North Korea
Vulnerability Management
Lazarus Group Looking for Unpatched Software Vulnerabilities (databreachtoday.co.uk)
CVSS 4.0 keys-in on threat intelligence metrics and OT, ICS and IoT | SC Media (scmagazine.com)
Vulnerability management metrics: How to measure success - Help Net Security
From Windows 9x to 11: Tracing Microsoft's security evolution - Help Net Security
It's Cheap to Exploit Software — and That's a Major Security Problem (darkreading.com)
Vulnerabilities
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (bleepingcomputer.com)
F5 fixes BIG-IP auth bypass allowing remote code execution attacks (bleepingcomputer.com)
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (bleepingcomputer.com)
Cisco Patches 27 Vulnerabilities in Network Security Products - SecurityWeek
Atlassian warns users: patch critical Confluence flaw ASAP • The Register
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (thehackernews.com)
Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (thehackernews.com)
D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges (gbhackers.com)
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (bleepingcomputer.com)
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library (darkreading.com)
No patches yet for Apple iLeakage side-channel attack | TechTarget
HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability (thehackernews.com)
iOS 17.1 finally fixes a three-year-old Private Wi-Fi Address security hole | Macworld
Tools and Controls
Companies scramble to integrate immediate recovery into ransomware plans - Help Net Security
Vulnerability management metrics: How to measure success - Help Net Security
6 steps to accelerate cyber security incident response | SC Media (scmagazine.com)
Ethical hackers are helping more and more business stay safe | TechRadar
Getting Smart With Cyber security: AI Can Help the Good Guys, Too (darkreading.com)
Massive cyber crime URL shortening service uncovered via DNS data (bleepingcomputer.com)
Huge Cyber security Industry Survey Reveals Concerns Over Cuts Amid New Threats - The Messenger
Defence in depth: Layering your security coverage (securityintelligence.com)
Finding the right approach to security awareness - Help Net Security
Mainframes are around to stay, it’s time to protect them - Help Net Security
Reports Published in the Last Week
Other News
Four Under-The-Radar Security Risks That Can Endanger Your Business (forbes.com)
ING CISO says data sharing is key to financial cyber security (finextra.com)
Threat Prevention Begins With IT & Security Team Collaboration (darkreading.com)
F5 Labs Report Reveals Rise in Malicious Automation | The Fintech Times
Microsoft Vows to Revamp Security Products After Repeated Hacks - Bloomberg
Microsoft launches Secure Future Initiative to bolster security | TechTarget
The 5 Cs of effective cyber defence: Beyond traditional technical skills | SC Media (scmagazine.com)
9 Innovative Ways to Boost Security Hygiene for Cyber Awareness Month (darkreading.com)
How governments can keep data secure in a digital age - New Statesman
Cyber security insights for secure manufacturing - Aerospace Manufacturing and Design
Demystifying the top five OT security myths | Computer Weekly
20 scary cyber security facts and figures for a haunting Halloween (welivesecurity.com)
Construction among industries most at risk from cyber attacks, insurer warns | News | Building
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23 July 2021
Black Arrow Cyber Threat Briefing 23 July 2021: 40% Fell Victim To A Phishing Attack In The Past Month; Traditional Ransomware Defences Are Failing Businesses; The Number Of Employees Going Around IT Security May Surprise You; 740 Ransomware Victims Named On Data Leak Sites In Q2 2021; A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats; Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack; UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack; Even after Emotet takedown, Office docs deliver 43% of all malware downloads now; Gun owners' fears after firearms dealer data breach
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
40% Fell Victim To A Phishing Attack In The Past Month
The global shift to remote work has exacerbated the onslaught, sophistication, and impact of phishing attacks, according to Ivanti. Nearly three-quarters (74%) of respondents said their organisations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month.
Eighty percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. In fact, 73% of respondents said that their IT staff had been targeted by phishing attempts, and 47% of those attempts were successful.
Smishing and vishing scams are the latest variants to gain traction and target mobile users. According to recent research by Aberdeen, attackers have a higher success rate on mobile endpoints than on servers – a pattern that is trending dramatically worse. Meanwhile, the annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M.
https://www.helpnetsecurity.com/2021/07/23/risk-phishing-attacks/
Traditional Ransomware Defences Are Failing Businesses
Traditional cyber security strategies are failing to protect organisations from ransomware attacks, new research suggests. Based on a poll of 200 IT decision-makers whose businesses recently suffered ransomware attacks, 54 percent of all victims had their employees go through anti-phishing training. Furthermore, almost half (49 percent) had perimeter defences set up at the time of the attack. However, attack methods have grown too sophisticated for traditional security measures to keep up. Many attacks (24 percent) still start with a successful phishing attempt, while almost a third (31 percent) see attacker enter the network through public cloud.
https://www.itproportal.com/news/traditional-ransomware-defenses-are-failing-businesses/
Cyber Security Risk: The Number Of Employees Going Around IT Security May Surprise You
Last month, a report was published highlighting challenges associated with enabling IT freedoms while ensuring tight security procedures. The findings detail a complex balancing act between IT teams and network users. Calibrating this equilibrium is particularly challenging in the age of remote work as employees log on and virtually collaborate via a host of digital solutions. Overall, the survey found that virtually all employees (93%) "are working around IT restrictions," and a mere 7% said they were "satisfied with their corporate IT restrictions." Interestingly, this information about IT workarounds does not match security leaders' and IT expectations.
740 ransomware victims named on data leak sites in Q2 2021: report
More than 700 organizations were attacked with ransomware and had their data posted to data leak sites in Q2 of 2021, according to a new research report from cyber security firm Digital Shadows.
Out of the almost 2,600 victims listed on ransomware data leak sites, 740 of them were named in Q2 2021, representing a 47% increase compared to Q1.
https://www.zdnet.com/article/740-ransomware-victims-named-on-data-leak-sites-in-q2-2021-report/
A More Dynamic Approach Is Needed To Tackle Today’s Evolving Cyber Security Threats
For decades, the cyber security industry has followed a defense-in-depth strategy, which allowed organisations to designate the battlefield against bad actors at their edge firewall. Nowadays, cyber criminals have become as creative as ever. New cyber threats are emerging every day, and with the constantly increasing rate of Ransomware, Phishing, etc. We’re forced to take a more dynamic approach when tackling these cyber threats on a day to day basis. Recent statistics demonstrate the scale of the cyber security issues faced by companies. In 2020, malware attacks increased by 358% and ransomware increased by 435%, and the average cost of recovering from a ransomware attack has doubled in the last 12 months, reaching almost $2 million in 2021.
https://www.helpnetsecurity.com/2021/07/13/dynamic-approach-cybersecurity-threats/
Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack
Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February. In a statement, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cyber security companies for help.
UK And Allies Accuse China Of 'Reckless' Cyber Extortion And Microsoft Hack
The Government was hinting yet again at covertly using Britain’s own offensive cyber capabilities – hitting back at cyber attacks with cyber attacks of our own. This approach goes all the way back to 2013, when then defence secretary told the Conservative Party conference that the UK would “build a dedicated capability to counter-attack in cyber space and, if necessary, to strike in cyber space”.
Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
Malware delivered over the cloud increased by 68% in Q2, according to data from cyber security firm Netskope.
The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter.
The report noted that cloud storage apps account for more than 66% of cloud malware delivery.
"In Q2 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. This increase comes even after the Emotet takedown, indicating that other groups observed the success of the Emotet crew and have adopted similar techniques," the report said.
Gun Owners' Fears After Firearms Dealer Data Breach
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a "security breach".
Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner's Office.
Police, including the National Crime Agency, are investigating.
One affected gun owner said he was afraid the breach could lead to his family being targeted by criminals.
Gun ownership is tightly controlled in the UK, making guns difficult to acquire, and potentially valuable on the black market.
The individual, who did not wish to be named, told the BBC the breach "seriously compromises my security arrangements for my firearms and puts me in a situation where me and my family could be targeted and in danger".
Threats
Ransomware
BEC
Phishing
Malware
Leaked NSO Group Data Hints At Widespread Pegasus Spyware Infections
This New Malware Hides Itself Among Windows Defender Exclusions To Evade Detection
MacBook Users Beware! Hackers Are Buying $49 Malware To Wreak Havoc On MacOS
New MosaicLoader Malware Targets Software Pirates Via Online Ads
CISA Warns Of Stealthy Malware Found On Hacked Pulse Secure Devices
This Password-Stealing Windows Malware Is Distributed Via Ads In Search Results
Mobile
Vulnerabilities
Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
16-Year-Old Security Bug Affects Millions Of HP, Samsung, Xerox Printers
Fortinet Fixes Bug Letting Unauthenticated Hackers Run Code As Root
Windows 10 Vulnerability Lets Anyone Get Administrator Privileges
Researchers Discover Security Flaws In Telegram Encryption Protocol
Microsoft Shares Workaround For Windows 10 SeriousSAM Vulnerability
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Data Breaches
Organised Crime & Criminal Actors
Supply Chain
DoS/DDoS
OT, ICS, IIoT and SCADA
Nation State Actors
UK And Allies Hold Chinese State Responsible For Pervasive Pattern Of Hacking
Chinese Hacking Group APT31 Uses Mesh Of Home Routers To Disguise Attacks
France Warns Of APT31 Cyber Spies Targeting French Organisations
APT Hackers Distributed Android Trojan Via Syrian E-Government Portal
Cloud
Privacy
Other News
Application Security Tools Ineffective Against New And Growing Threats
Pegasus: What Is The Israeli Spyware And How Can You Tell If It’s On Your Phone?
DHS Releases New Mandatory Cyber Security Rules For Pipelines After Colonial Ransomware Attack
1 in 5 companies fail PCI compliance assessments of their infrastructure
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.