Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 March 2024
Black Arrow Cyber Threat Intelligence Briefing 29 March 2024:
-Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
-China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
-Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
-Hackers Hit High-Risk Individuals’ Personal Accounts
-Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
-High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
-Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
-Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
-IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
-Only 5% of Boards Have Cyber Security Expertise
-Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
-Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Only 3% of Organisations Globally are Fully Prepared for Cyber Threats
A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.
Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.
Sources: [PR Newswire] [SiliconANGLE]
China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security
The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”
Sources: [Sky News] [GovInfoSecurity] [The Guardian]
Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers
A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.
Source: [Business Wire] [Computer Weekly]
Hackers Hit High-Risk Individuals’ Personal Accounts
Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.
A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.
Source: [Gov Info Security]
Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?
Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.
The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.
Source: [Eurasia Review]
High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime
High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.
As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.
Source: [Financial Times]
Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account
Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.
Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.
Source: [The Hacker News]
Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach
Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.
Source: [Dark Reading]
IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time
A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.
Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.
With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.
Source: [Beta News] [The Fast Mode]
Only 5% of Boards Have Cyber Security Expertise
There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.
Source: [Infosecurity Magazine]
Google’s New AI Search Results Promotes Sites Pushing Malware and Scams
Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.
Source: [Bleeping Computer]
Report Calls Out Cyber Risks to Financial Sector Fuelled by AI
A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.
Source: [CyberScoop]
Governance, Risk and Compliance
Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)
Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
How threat intelligence data maximizes business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
More than half of organisations fall victim to cyber attacks (betanews.com)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Shareholders win when businesses do better at cyber | Computer Weekly
Getting Security Remediation on the Boardroom Agenda (darkreading.com)
New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)
The cyber security skills shortage: A CISO perspective | CSO Online
Cyber security essentials during M&A surge - Help Net Security
Companies told cyber security has to be cross business concern (emergingrisks.co.uk)
It's Time to Stop Measuring Security in Absolutes (darkreading.com)
True Cost of a Cyber Security Breach for Your Business - Converge
35 cyber security statistics to lose sleep over in 2024 (techtarget.com)
3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)
Cyber security plans should centre on resilience | MIT Sloan
Debunking compliance myths in the digital era - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Building Resiliency in the Face of Ransomware - Security Boulevard
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)
Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay
Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay
Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay
Ransomware Victims
Hackers threaten to publish huge cache of NHS Scotland data - BBC News
Alleged sale of Communication Workers Union’s users data (marcoramilli.com)
Scullion LAW becomes victim of cyber attack | Scottish Legal News
Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)
Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)
Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru
Western Isles council tax bills delayed due to cyber attack - BBC News
Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)
Phishing & Email Based Attacks
'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
Artificial Intelligence
Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)
Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)
Scammers exploit tax season anxiety with AI tools - Help Net Security
Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)
Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru
Beware of rogue chatbot hacking incidents (securityintelligence.com)
The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)
AI weaponisation becomes a hot topic on underground forums - Help Net Security
AI bots hallucinate software packages and devs download them • The Register
Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)
Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)
2FA/MFA
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)
Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)
Malware
New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)
Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)
39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek
ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)
US organisations targeted with emails delivering NetSupport RAT - Help Net Security
Python devs are being targeted by this massive infostealing malware campaign | TechRadar
TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)
Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar
New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)
AI bots hallucinate software packages and devs download them • The Register
Mobile
In-app browsers still a privacy, security, and choice issue • The Register
Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica
Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)
Internet of Things – IoT
Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)
Data Breaches/Leaks
AT&T won’t say how its customers’ data spilled online | TechCrunch
SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)
Scammers steal millions from FTX, BlockFi claimants - Help Net Security
Insider Risk and Insider Threats
Insurance
Supply Chain and Third Parties
Cloud/SaaS
Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Identity and Access Management
Tackling DORA Compliance With a Focus on PAM - IT Security Guru
Organisations Grapple With Identity Pain Points | Decipher (duo.com)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Apple users targeted by annoying 'Reset Password' attack | Mashable
67% of businesses sync on-premises passwords to cloud environments | Security Magazine
Social Media
Malvertising
Training, Education and Awareness
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Regulations, Fines and Legislation
Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)
techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK
Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Models, Frameworks and Standards
Backup and Recovery
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
US and UK accuse China of cyber operations targeting domestic politics | CyberScoop
UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)
China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)
New Zealand follows UK in accusing China of hacking its parliament | The Independent
Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)
China linked to UK cyber-attacks on voter data, Dowden to say - BBC News
Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard
After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com
SNP MP claims Scottish universities 'overdependent' on Chinese money | The National
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)
Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes
What to make of China’s massive cyber-espionage campaign (economist.com)
Pump the brakes: National security concerns surround connected cars - Nextgov/FCW
UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)
Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)
Chinese hackers target family members to surveil hard targets | CyberScoop
Russia
Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)
Russia's Cozy Bear tries to phish Germans with party invites • The Register
Iran
North Korea
Vulnerability Management
Spyware vendors behind 75% of zero-days targeting Google | TechTarget
On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)
NVD slowdown leaves thousands of vulns without analysis data • The Register
Can Compensating Controls Be the Answer in a Sea of Vulnerabilities? - Security Boulevard
Vulnerabilities
Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)
SQL injection vulnerability in Fortinet software under attack | TechTarget
GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)
MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET
Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)
Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)
China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)
Double trouble for DNSSEC though the devil is in the details • The Register
Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)
Tools and Controls
How threat intelligence data maximises business operations - Help Net Security
IT leaders struggle to keep up with emerging threats (betanews.com)
78% of organisations plan to increase ransomware protection | Security Magazine
Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)
Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)
Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)
Cyber security training costs surge as firms battle skills gaps | ITPro
Organisations Grapple with Identity Pain Points | Decipher (duo.com)
Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)
Cyber security plans should center on resilience | MIT Sloan
Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)
Reports Published in the Last Week
Other News
Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)
Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro
8 cyber security predictions shaping the future of cyber defence - Help Net Security
Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)
Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)
Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon
How to Prevent Your Company from Being Hacked in 2024 - DevX
Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs
US and Japan plan biggest upgrade to security pact in over 60 years
Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)
French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 March 2024
Black Arrow Cyber Threat Intelligence Briefing 22 March 2024:
-UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023
-1% of Users are Responsible for 88% of Data Loss Events
-Microsoft Report Says 87% of UK organisations are vulnerable to cyber attacks in the age of AI
-Cyber Naivety Leaves 4 out of 5 Businesses Wide Open and Only 1 in 5 Has a Plan
-Risk and Regulation: Preparing for the Era of Cyber Security Compliance
-Ransomware Attacks Jump 73% Within a Year
-The New CISO - Rethinking the Role
-90% of Attacks Involve Data or Credential Theft, SMBs Primary Target
-Chief Risk Officers Say Cyber Security is Most Pressing Risk
-Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats
-Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them
-Supply Chain Cyber Attacks Create Weak Spots, You Need to Prepare
-Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK’s Cyber Resilience Stagnates as More Fall Victim to Attacks, 75% of UK Businesses & 79% of UK Charities Experienced a Cyber Incident in 2023
The UK Government’s Joint Committee on the National Security Strategy (JCNSS) has published its response to a ransomware enquiry with stark conclusions, stating that there is a lot to be done to truly tackle the threat posed by ransomware. The chair of the JCNSS said that the UK is and will remain exposed and unprepared if it continues to take a “head in the sand” attitude to ransomware. The minister for artificial intelligence (AI) called upon organisations to “step up their cyber security plans to guard against threats, protect their customers and workforce, and our wider economy.” This comes as the Government’s Cyber Security Longitudinal Survey (CSLS) found that three-quarters of UK businesses and 79% of UK charities experienced a cyber security incident in the last 12 months.
Despite progress, there's a pressing need for organisations to shift from viewing cyber security as solely an IT concern to recognising its integral role across all business functions, particularly in the face of escalating cyber threats. With only half of UK board members having had security training, only a quarter of businesses assessing suppliers for possible security risks, and a fifth of UK boards failing to discuss cyber security even once, the time to improve UK businesses is now.
Sources: [Emerging Risks Media Ltd] [CITY A.M.] [Verdict] [Computer Weekly]
1% of Users are Responsible for 88% of Data Loss Events
New research has shown that that 85% of organisations experienced a data loss in the past year, with 9 out of 10 of those facing a negative outcome such as business disruption, revenue loss and reputational damage. The research found that 1% of users were responsible for 88% of events. It is important to understand this is not always intentionally malicious; it can be accidental or negligent. The research found for example, that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.
With as little as 1% of users causing most alerts, organisations need to monitor their most sensitive data and who can access it. This should also include data loss prevention features, to further reduce the risk.
Source: [Help Net Security]
Microsoft Report Says 87% of UK Organisations are Vulnerable to Cyber Attacks in the Age of AI
New research conducted by Microsoft has found that 87% of UK Businesses are unprepared for the age of AI due to their vulnerability to cyber attacks, leaving a mere 13% considered resilient. Further, Microsoft stated that 39% of organisations were at high risk. For organisations, AI can be a tough obstacle to overcome in their journey to cyber resiliency, and it’s important to seek guidance if the available skills are not in-house.
Sources: [Microsoft] [TechRadar ] [The Times] [Infosecurity Magazine]
Cyber Naivety Leaves 4 out of 5 Businesses Wide Open, Only 1 in 5 Has a Plan
Research conducted by Cowbell Insurance has found that the UK is exhibiting a rather cavalier approach to security with 77% of UK SMEs not having any in-house security, 32% of CEOs being confident a cyber attack would not impact their ability to do business and 87% not considering reputational damage as a significant risk. This contrasts with the UK Government’s latest cyber security breaches survey, which found 59% of medium businesses experienced breaches or attacks in the last 12 months. Cowbell have stated that that UK SMEs are leaving themselves wide open to the threats and only 1 in 5 organisations had a dedicated plan to deal with a cyber attack.
A cyber security incident response plan (IRP) allows an organisation to have a documented and formalised process for dealing with a cyber incident. The IRP should be exercised annually, and cover roles and responsibilities, communications and escalations to detect, analyse, contain, eradicate and recover from an incident.
Sources: [Business Mondays] [Insurance Times] [Reinsurance News] [Gloucestershire Live]
Risk and Regulation: Preparing for the Era of Cyber Security Compliance
The next twelve months will see new regulations in many countries, and that means more things to comply with. The EU has two new regulations relating to cyber security: the NIS2 directive and the Digital Operational Resilience Act (DORA). However, despite their EU origin, the inclusion of supply chain companies within the regulations means their impact and reach will extend outside of the European Union itself. Both regulations are risk-management based in their approach.
In order to prepare, decision makers need to first understand what they are complying with and in some cases, this may require sourcing external help to fully ensure the organisation is compliant. Once this is understood, they can start implementing their compliance strategy. Research has shown that some 43% of enterprises surveyed had failed a compliance audit, making them ten times more likely to suffer a data breach.
Sources: [Security Week] [Verdict]
Ransomware Attacks Jump 73% Within a Year
A recent report has shown that ransomware surged by 46% in February 2024, compared to January of the same year and 73% higher than February of the previous year. The LockBit ransomware group claimed responsibility for 110 attacks in February alone. The results show that ransomware is not only still an issue, but one that is consistently rising and if your organisation isn’t already implementing procedures to their risk, it is imperative to start now. Lockbit was taken down in a coordinated law enforcement operation earlier this year; only time will tell how effective that operation was or whether, as with the Hydra from Greek mythology, cutting off one head just causes more to grow in its place.
Source: [TechTarget]
The New CISO - Rethinking the Role
The role of Chief Information Security Officers (CISOs) faces a pivotal transformation. Traditionally tasked with safeguarding company assets against cyber threats, CISOs now find themselves straddling the realms of security and business operations. This shift reflects a growing expectation for CISOs to align security measures with broader business objectives while navigating an increasingly complex risk landscape. With the average cost of a data breach soaring, reaching $4.45 million in 2023 according to IBM, the stakes are higher than ever. As businesses grapple with the integration of cyber security into operational strategies, CISOs are compelled to cultivate new skills, communicate effectively with boards, embrace risk-based approaches, fortify technical fundamentals, leverage automation, and meticulously document incident response plans. The evolving threat landscape demands a new breed of CISO, one who is adept at balancing resilience with operational imperatives, collaborating closely with leadership, and steering organisations through turbulent cyber waters.
Source: [Dark Reading]
90% of Attacks Involve Data or Credential Theft, SMBs Primary Target
The 2024 Sophos Threat Report sheds light on the changing tactics of ransomware operators, particularly in their targeting of small and medium-sized businesses (SMBs). Notably, the report reveals a significant surge in ransomware attacks employing remote encryption, rising by 62% between 2022 and 2023. Sophos' Managed Detection and Response (MDR) team encountered multiple cyber attacks leveraging exploits in remote monitoring and management (RMM) software, a vital component used by many MSPs and external IT providers, and thus affecting many businesses. With almost half of malware detections for SMBs attributed to data-stealing malware, the report underscores the growing value of stolen data as currency in cyber criminal circles, with initial access brokers (IABs) facilitating network breaches. Data protection emerges as a critical challenge, with over 90% of attacks involving credential theft, and business email compromise (BEC) attacks becoming increasingly sophisticated. While ransomware remains a persistent threat, the report also highlights the proliferation of malware-as-a-service (MaaS) activities, emphasising the importance for SMBs to bolster their cyber security defences against these evolving threats.
Source: [MSSP Alert]
Chief Risk Officers Say Cyber Security is Most Pressing Risk
In an inaugural global insurance risk management survey conducted by EY/Institute of International Finance (IIF), cyber security was ranked as the highest immediate concern for chief risk officers. It placed above insurance, business model change and credit risk. When it came to emerging risks over the next three years, it remained at the top spot, followed by geopolitical risk, environmental risk and machine learning and artificial intelligence.
Source: [Insurance Journal]
Humans Still Cyber Security’s Weakest Link, Cyber Security Training Equips Your Workforce to Spot Threats
The latest findings from Mimecast's annual report emphasise that human error continues to be the leading cause of cyber breaches, responsible for 74% of incidents. As emerging threats like AI and deepfake technology pose increasingly sophisticated challenges, it's crucial for businesses to prioritise employee training and bolster their defence strategies.
Providing cyber security training is essential to creating a security conscious culture that educates on risk and in turn increases a company’s cyber culture. Committing to cyber security training needs to be beyond ticking a checkbox, as it allows the workforce the ability to understand, scrutinise and know how to report threats in the corporate environment. Training allows workers to be able to understand the types of threats they may face, along with red flags to look out for. Knowing how the employee should report a threat can determine whether your organisation can deal with a ransomware attack. While generic or off the shelf computer based training can be seen as an easy fix, training needs to be tailored to the organisation, its operating environment and the organisation’s culture and ways of doing business.
To mitigate this risk, organisations should consider implementing tailored cyber security education, tabletop exercises, phishing simulations, and one-on-one consulting for board members. As the responsibility of board members for cyber security strategy increases, it’s crucial to ensure their own security against evolving threats.
Sources: [Emerging Risks] [The HR Director] [WSJ] [The HR Director]
Most IT Pros Think Cyber Attacks are Getting Worse, and Many Firms Don’t Know How to Deal with Them
A recent report from Thales reveals a stark reality, with 93% of IT and security professionals noting a worsening trend in cyber attacks. Ransomware incidents have surged by over a quarter year-on-year, yet less than half of companies have adequate plans to address such threats, leading to 8% resorting to paying attackers' demands. Compliance failures are also on the rise, with 43% of enterprises falling short in audits, correlating with a higher incidence of cyber attacks among non-compliant organisations.
A separate report shows that despite record spending on cyber security, reaching $188 billion globally in 2023, reported data breaches in the US surged to an all-time high of 3,205, up 78% from the previous year. This paradox underscores the evolving tactics of cyber criminals. Ransomware attacks have transitioned from merely locking data to stealing and threatening to disclose it, termed Ransomware 2.0. Cloud misconfigurations, involving 82% of breaches, and exploitation of vendor systems further exacerbate the issue. Heightened awareness and improved practices are imperative to counteract the escalating threat landscape.
Supply Chain Cyber Attacks Create Weak Spots: You Need to Prepare
A recent poll by Deloitte found that nearly half of senior executives anticipate a rise in supply chain attacks in the coming year, with 33% already experiencing at least one supply-chain cyber incident within the past year. This especially rings true for healthcare, with the sector accounting for 33% of third-party data breaches in 2023. Many organisations are unsure where to even begin.
Organisations need to manage their third party risks through risk assessments, to understand the third parties that they currently or plan to use, and the data that the third party would hold or access. This enables the third parties to be prioritised with clear communications to notify the organisation in the event of a data breach.
Sources: [Security Brief ] [Beta News]
Ransomware Attack on Change Healthcare Pegged as “Most Significant” in Sector History
In a landmark incident, the American Hospital Association has dubbed the recent ransomware attack on Change Healthcare, a division of UnitedHealth Group’s Optum, as the most significant cyber threat ever faced by the US healthcare system. The attack, which occurred on February 21st, has severely impacted operations, affecting various healthcare entities reliant on Change Healthcare's services. UnitedHealth Group, in response, has been working to restore critical systems, aiming to reinstate electronic payment and medical claims services later this month. However, challenges persist, with cyber security experts warning that recovery efforts could extend for at least 30 days. The attack's aftermath sheds light on the healthcare sector's susceptibility to cyber threats and underscores the need for robust security measures and swift governmental responses. Reports reveal that the ransomware group responsible has received a substantial payout, raising concerns about the broader implications for healthcare providers. Cyber insurance policies are expected to help mitigate financial losses, especially for smaller entities facing cash flow disruptions.
Source: [Reinsurance News]
Governance, Risk and Compliance
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
Nine in ten companies at risk of cyber attacks as hackers use AI (thetimes.co.uk)
Microsoft: The UK is woefully unprepared for future AI cyber threats | ITPro
Minister: Cyber brings 'risks we can't ignore' with UK firms still vulnerable (cityam.com)
UK’s cyber resilience stagnates as more fall victim to attacks | Computer Weekly
Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell - Reinsurance News
Only 1 in 5 SMEs have a plan in case of cyber attack - Gloucestershire Live
Chief Risk Officers Say Cyber Security Most Pressing Risk: Survey (insurancejournal.com)
Using A Security Assessment As A Measuring Stick (forbes.com)
From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)
Secrets sprawl: Protecting your critical secrets - Help Net Security
Cyber Security: Why it’s becoming harder to stay safe online (holyrood.com)
Cyber security must be a priority if the UK is serious about digitising the economy (uktech.news)
Organisations under pressure to modernize their IT infrastructures - Help Net Security
Board-level buy-in: preparing cyber defences the right way | Computer Weekly
Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware surges as compliance falters - Thales Group - Verdict
Whistleblowing And Cyber Swatting: Cyber Extortion Reaches A New Low (forbes.com)
NCC Group: Ransomware attacks jump 73% in February | TechTarget
RaaS groups increasing efforts to recruit affiliates - Help Net Security
If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ
After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)
Lockbit Strikes Back After FBI Takedown With New Ransomware Attack Details (pcmag.com)
Government not facing up to CNI cyber risks, committee warns | Computer Weekly
6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard
STOP ransomware, more common than LockBit, gains stealthier variant | SC Media (scmagazine.com)
Crypto scams more costly to US than ransomware, Feds say • The Register
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
What the Latest Ransomware Attacks Teach About Defending Networks (bleepingcomputer.com)
Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)
Ransomware Victims
VIEW: On the lessons learned from the British Library cyber incident - CIR Magazine
UnitedHealth advances $2 billion to providers post-cyber attack By Investing.com
Why UnitedHealth, Change Healthcare were targets of ransomware hackers
Criminal investigation into Leicester City Council cyber attack - BBC News
Yacht dealer to the celebs attack claimed by Rhysida gang • The Register
UK council eerily cagey about 'cyber incident' details • The Register
Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
Phishing & Email Based Attacks
Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar
Five key takeaways from 2024 State of the Phish: Europe and Middle East | ITPro
Tax Hackers Blitz Small Business With Phishing Emails (darkreading.com)
Hackers Posing as Law Firms Phish Global Orgs (darkreading.com)
IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (thehackernews.com)
A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine
'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)
Spa Grand Prix email account hacked to phish banking info from fans (bleepingcomputer.com)
How to defend against phishing as a service and phishing kits | TechTarget
Other Social Engineering
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
IMF Investigates Serious Cyber Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Don't Answer the Phone: Inside a Real-Life Vishing Attack (darkreading.com)
Artificial Intelligence
87% of UK organisations are vulnerable to cyber attacks in the age of AI (microsoft.com)
UK’s AI ambitions pointless while cyber security is still neglected | Computer Weekly
In the rush to build AI apps, don't leave security behind • The Register
AI adoption by hackers pushed financial scams in 2023 | CSO Online
Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle - Security Week
From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)
Shadow AI is the latest cyber security threat you need to prepare for - Help Net Security
Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network
Malware
The most prevalent malware behaviours and techniques - Help Net Security
Malware stands out as the fastest-growing threat of 2024 - Help Net Security
Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)
New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (thehackernews.com)
Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)
From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (thehackernews.com)
A newly uncovered phishing campaign that spreads remote access trojans | Security Magazine
'Fluffy Wolf' Spreads Meta Stealer in Corporate Phishing Campaign (darkreading.com)
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
More sophisticated BunnyLoader malware variant emerges | SC Media (scmagazine.com)
Evasive Sign1 malware campaign infects 39,000 WordPress sites (bleepingcomputer.com)
Mobile
Denial of Service/DoS/DDOS
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
300,000 Systems Vulnerable to New Loop DoS Attack - Security Week
Telecoms is evolving – and unfortunately, so are DDoS attacks | TechRadar
Internet of Things – IoT
Unsaflok flaw can let hackers unlock millions of hotel doors (bleepingcomputer.com)
Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)
Data Breaches/Leaks
1% of users are responsible for 88% of data loss events - Help Net Security
If Companies Are So Focused on Cyber Security, Why Are Data Breaches Still Rising? - WSJ
Secrets sprawl: Protecting your critical secrets - Help Net Security
Hackers steal personal data of 43 million French job seekers | ITPro
International Monetary Fund email accounts hacked in cyber attack (bleepingcomputer.com)
IMF Investigating Cyber Security Incident Detected on Feb. 16 (bloomberglaw.com)
Threat actors leaked 70M+ records allegedly stolen from AT&T (securityaffairs.com)
AT&T says leaked data of 70 million people is not from its systems (bleepingcomputer.com)
Fujitsu: Malware on Company Computers Exposed Customer Data (darkreading.com)
Misconfigured Firebase Instances Expose 125 Million User Records - Security Week
Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert
Serial data thief pleads guilty to cyber crime charges • The Register
Fake data breaches: Countering the damage - Help Net Security
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals - Security Week
Organised Crime & Criminal Actors
RaaS groups increasing efforts to recruit affiliates - Help Net Security
IT helpdeskers increasingly targeted by cyber criminals • The Register
Serial data thief pleads guilty to cyber crime charges • The Register
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
Crypto scams more costly to US than ransomware, Feds say • The Register
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
Insider Risk and Insider Threats
1% of users are responsible for 88% of data loss events - Help Net Security
Cyber criminals capitalise on businesses’ biggest flaw - human risk | theHRD (thehrdirector.com)
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
Why human risk management is key to data protection (betanews.com)
As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ
FE News | How to Protect Your Data With Cyber Security Training
China-based Canadian accused of stealing Tesla trade secret • The Register
Insurance
New Regulations Make D&O Insurance a Must for CISOs (darkreading.com)
Insurers told cyber cover remains attractive but beware of accumulation risk (emergingrisks.co.uk)
Supply Chain and Third Parties
Third-party breaches create network weak spots (betanews.com)
How to Prepare for a Surge in Supply-Chain Cyber Attacks (securitybrief.co.nz)
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl (thehackernews.com)
Cloud/SaaS
Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week
Identity and Access Management
Encryption
Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)
Future inevitability of quantum computers is a security problem today - Breaking Defence
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
New acoustic attack determines keystrokes from typing patterns (bleepingcomputer.com)
WordPress Brute-Force Attacks: Sites Used As Staging Ground - Security Boulevard
What is Credential Harvesting? Examples & Prevention Methods - Security Boulevard
Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)
Misconfigured Firebase instances leaked 19 million plaintext passwords (bleepingcomputer.com)
Sophos: 90% of Attacks Involve Data or Credential Theft | MSSP Alert
Fujitsu exposed client data, AWS keys and passwords for nearly a year, report (computing.co.uk)
Social Media
Training, Education and Awareness
How does cyber security training equip your workforce to spot threats? (thehrdirector.com)
As Boards Focus More on Cyber Security, Are They Missing One of the Biggest Threats? - WSJ
FE News | How to Protect Your Data With Cyber Security Training
The Weakest Link: Securing The Human Element From Cyber Attack - Security Boulevard
Regulations, Fines and Legislation
Risk and Regulation: Preparing for the Era of Cyber Security Compliance - Security Week
SEC Website Goes Dark, BTC Tumbles in Aftermath (financemagnates.com)
Why do 60% of SEC Cyber Security Filings Omit CSO, CISO Info? | MSSP Alert
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
How to Battle Burnout While Protecting Your Most Valuable Asset — Your People - Benzinga
3 Ways Businesses Can Overcome the Cyber Security Skills Shortage (darkreading.com)
AI Won't Solve Cyber Security's Retention Problem (darkreading.com)
Law Enforcement Action and Take Downs
Filipino police break up forced labour cyber operation • The Register
Court jails first person convicted of cyberflashing in England | Crime | The Guardian
Ukraine cyber police arrested crooks selling 100 million compromised accounts (securityaffairs.com)
After LockBit, ALPHV Takedowns, RaaS Startups Go on a Recruiting Drive (darkreading.com)
Serial data thief pleads guilty to cyber crime charges • The Register
Takedowns spark affiliate bidding war among ransomware gangs | SC Media (scmagazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Cyber Warfare: Understanding New Frontiers in Global Conflicts (darkreading.com)
Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)
Nation State Actors
China
Chinese Earth Krahang hackers breach 70 orgs in 23 countries (bleepingcomputer.com)
Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon - Security Week
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
“Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica
Chinese media exposes criminal smartphone farms • The Register
Chinese-made electric cars in UK could be jammed remotely by Beijing (thetimes.co.uk)
A look inside the Chinese cyber threat at the biggest ports in US
CISA shares critical infrastructure defence tips against Chinese hackers (bleepingcomputer.com)
Russia
Microsoft Under Attack by Russian Cyber Attackers - Security Boulevard
UK Defence Secretary jet hit by electronic warfare attack in Poland (securityaffairs.com)
Russian hacker group exploits Microsoft Windows feature in worldwide phishing attack | TechRadar
Russian Intelligence Targets Victims Worldwide in Rapid-Fire Cyber Attacks (darkreading.com)
The cyberwar in Ukraine is as crucial as the battle in the trenches (economist.com)
Russian cyber attacks rampant as key elections cycle begins (verdict.co.uk)
Russia’s Hybrid Warfare with the United States | Geopolitical Monitor
Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices (thehackernews.com)
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
“Disabling cyber attacks” are hitting critical US water systems, White House warns | Ars Technica
The West Should Help Expand Ukraine’s Cyber Offensive against Russia | Geopolitical Monitor
Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems (thehackernews.com)
I’m a disaster expert - this is what will happen after a Russian cyber attack (inews.co.uk)
Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop
Top 5 Russian-Speaking Dark Web Forums - SOCRadar® Cyber Intelligence Inc.
Putin Sees Disastrous Start to Presidential Election (newsweek.com)
Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News
Iran
North Korea
North Korea gets 50% of foreign earnings due to weak security measures in crypto industry, UN says
North Korea's Kimsuky gang now exploiting Windows Help files • The Register
Hacks Account for Half of N. Korea Foreign-Currency Income: UN (bloomberglaw.com)
Moscow says no clear proof North Korea stole Russian weapons data: UN report | NK News
Vulnerability Management
NIST NVD Disruption Sees CVE Enrichment on Hold - Infosecurity Magazine (infosecurity-magazine.com)
No Easy Fix For Untangling Web of Critical Dependencies | Decipher (duo.com)
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
NIST's Vuln Database Downshifts, Prompting Questions About Its Future (darkreading.com)
Navigating cyber vulnerabilities in AI-enabled military systems | European Leadership Network
Vulnerabilities
Exploitation activity increasing on Fortinet vulnerability | TechTarget
Vulnerability Allowed One-Click Takeover of AWS Service Accounts - Security Week
Ivanti Keeps Security Teams Scrambling With 2 More Vulns (darkreading.com)
Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (thehackernews.com)
Critical Fortinet's FortiClient EMS flaw actively exploited in the wild (securityaffairs.com)
Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (thehackernews.com)
Remove WordPress miniOrange plugins, a critical flaw can allow site takeover (securityaffairs.com)
Another Microsoft vulnerability is being used to spread malware | TechRadar
Misconfigured Firebase Instances Expose 125 Million User Records - Security Week
The Windows 11 KB5035853 update is causing BSOD errors for some users. | Windows Central
The Magnet Goblin group is leveraging one-day vulnerabilities | Security Magazine
Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (thehackernews.com)
TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (thehackernews.com)
iOS 17.4.1 release includes bug fixes and security updates | Macworld
Discontinued Security Plugins Expose Many WordPress Sites to Takeover - Security Week
Tools and Controls
Using A Security Assessment As A Measuring Stick (forbes.com)
Mastering Physical Security In Information Security (informationsecuritybuzz.com)
Microsoft announces deprecation of 1024-bit RSA keys in Windows (bleepingcomputer.com)
How to choose the best cyber security vendor for your business | ITPro
Shadow SaaS Dangers in Cyber Security Compliance Standards - Security Boulevard
Unlocking Security Architecture In Information Security (informationsecuritybuzz.com)
6 Reasons Your Business Should Have Ransomware Plan - Security Boulevard
From Reactive to Proactive: The Evolution of Cyber Security (cryptopolitan.com)
Tracking Everything on the Dark Web Is Mission Critical (darkreading.com)
Identity Concepts Underlie Cyber Risk 'Perfect Storm' (darkreading.com)
95% of companies face API security problems - Help Net Security
Responding to a cyber incident – a guide for CEOs - NCSC.GOV.UK
Reports Published in the Last Week
Other News
At 35, the web is broken, but its inventor hasn't given up hope of fixing it yet | ZDNET
The UK energy sector faces an expanding OT threat landscape (securityintelligence.com)
Government not facing up to CNI cyber risks, committee warns | Computer Weekly
UK in ‘better position’ against cyber attacks, but most businesses not resilient | Evening Standard
Cyber Threats Escalate Ahead of Global Elections (cryptopolitan.com)
The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (securityaffairs.com)
Aviation sector, e-commerce platforms face separate cyber threats | SC Media (scmagazine.com)
Public anxiety mounts over critical infrastructure resilience to cyber attacks - Help Net Security
Change Healthcare hack highlights lack of medical industry’s cyber security - The Washington Post
How Can We Reduce Threats From the IABs Market? (darkreading.com)
UK renewables firms facing up to 1,000 cyber attacks a day (energyvoice.com)
Cyber Attacks on Higher Ed Rose Dramatically Last Year, Report Shows | EdTech Magazine
Cyber security is an urgent priority for the museums sector - Museums Association
Ethiopian Bank's Technical Glitch Lets Customers Withdraw Millions (ndtv.com)
Making Sense of Operational Technology Attacks: The Past, Present, and Future (thehackernews.com)
The Consequences for Schools and Students After a Cyber Attack - Security Boulevard
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 March 2024
Black Arrow Cyber Threat Intelligence Briefing 15 March 2024:
-Mind The Gap - Mimecast Report Finds Humans Are Biggest Security Flaw
-Three-Quarters of Cyber Victim Are SMBs - Why SMBs are Becoming More Vulnerable
-Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
-UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
-Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
-Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
-Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
-Independent Cyber Security Audits Are Powerful Tools for Boards
-Navigating Cyber Security in The Era of Mergers
-Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw
A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.
No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.
Sources: [IT Security Guru] [Beta News] [Verdict]
Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable
According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.
The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.
Sources: [Infosecurity Magazine] [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]
Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc
The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.
Source: [TechRadar]
UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’
The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.
Source: [The Record Media]
Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024
Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.
Sources: [JDSupra]
Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture
Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.
Source:[ SC Media] [TechRadar]
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.
Source: [The Hacker News]
Independent Cyber Security Audits Are Powerful Tools for Boards
Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.
Source: [Bloomberg Law]
Navigating Cyber Security in The Era of Mergers
In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.
Source: [Forbes]
Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm
According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.
Sources: [Help Net Security] [Dark Reading]
Governance, Risk and Compliance
Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
Navigating Cyber Security In The Era Of Mergers (forbes.com)
SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)
Your tech tools won’t save you from cyber threats | TechRadar
The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
Threats
Ransomware, Extortion and Destructive Attacks
Sophos: Remote ransomware attacks on SMBs increasing | TechTarget
UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)
Understanding the multi-tiered impact of ransomware. (thecyberwire.com)
Ransomware tracker: The latest figures [March 2024] (therecord.media)
The effects of law enforcement takedowns on the ransomware landscape - Help Net Security
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar
StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)
Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica
Ransomware Victims
British Library’s legacy IT blamed for lengthy rebuild • The Register
British Library shares lessons from cyber attack | UKAuthority
Stanford University failed to detect intruders for 4 months • The Register
Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)
Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert
Play ransomware group stole 65,000 Swiss government files • The Register
Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)
Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)
Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
What is phishing? Examples, types, and techniques | CSO Online
Other Social Engineering
Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)
Your tech tools won’t save you from cyber threats | TechRadar
Artificial Intelligence
AI Poses Extinction-Level Risk, State-Funded Report Says | TIME
Cyber crime underworld has removed all the guardrails on AI frontier
Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)
Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)
Intelligence officials warn pace of innovation in AI threatens US | CyberScoop
How advances in AI are impacting business cyber security - Help Net Security
NCSC Blog - AI and cyber security: what you need to know (techuk.org)
4 types of prompt injection attacks and how they work | TechTarget
Former Google engineer charged with stealing AI trade secrets | TechTarget
How to craft a generative AI security policy that works | TechTarget
2FA/MFA
Malware
Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security
SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)
RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)
Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)
Mobile
Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard
SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)
PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)
Denial of Service/DoS/DDOS
French government sites disrupted by très grande DDOS • The Register
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR
DDoS attacks reach critical levels in 14 seconds | Security Magazine
Internet of Things – IoT
Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard
Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week
Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)
Data Breaches/Leaks
Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra
Jersey regulator's data breach leaks names and addresses - BBC News
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)
Okta denies it was hacked again after data appears on hacking site | TechRadar
Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)
French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)
How to Identify a Cyber Adversary: What to Look For (darkreading.com)
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)
US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week
Insider Risk and Insider Threats
Insider threats can damage even the most secure organisations - Help Net Security
Your tech tools won’t save you from cyber threats | TechRadar
Former Google engineer charged with stealing AI trade secrets | TechTarget
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Building a Security Culture of Shared Responsibility - Security Boulevard
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Insurance
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)
Supply Chain and Third Parties
Play ransomware group stole 65,000 Swiss government files • The Register
Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International
Cloud/SaaS
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
How Not to Become the Target of the Next Microsoft Hack (darkreading.com)
Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Cloud security vs. network security: What's the difference? | TechTarget
Encryption
Linux and Open Source
How to Ensure Open Source Packages Are Not Landmines (darkreading.com)
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)
Overcoming the threat of account takeover fraud (securitybrief.co.nz)
LastPass suffers worldwide outage causing site 404 error - 9to5Mac
Social Media
Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)
Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Training, Education and Awareness
Your tech tools won’t save you from cyber threats | TechRadar
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Regulations, Fines and Legislation
Everything you need to know about the EU's Cyber Solidarity Act | ITPro
The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra
Models, Frameworks and Standards
4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)
Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)
Backup and Recovery
Data Protection
EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch
How do you lot feel about Pay or OK model, ICO asks Brits • The Register
Careers, Working in Cyber and Information Security
Half of firms struggling to hire cyber security experts (securitybrief.co.nz)
UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)
How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur
Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar
Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)
How To Overcome The Machismo Problem In Cyber Security (forbes.com)
Law Enforcement Action and Take Downs
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Nation State Actors
China
TikTok Ban Raises Data Security, Control Questions (darkreading.com)
Lithuania security services warn of China's espionage against the country (securityaffairs.com)
Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)
Chinese spies want to steal IP by backdooring safe locks • The Register
Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)
Russia
Microsoft says Russian hackers stole source code after spying on its executives - The Verge
Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)
Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)
Microsoft says it hasn't been able to evict Russian state hackers | AP News
Kremlin accuses US of plotting election-day cyber attack • The Register
Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC
First-ever South Korean national detained for espionage in Russia (securityaffairs.com)
Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)
North Korea
Vulnerability Management
How to Streamline the Vulnerability Management Life Cycle - Security Boulevard
Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
Vulnerabilities
Adobe Patches Critical Flaws in Enterprise Products - Security Week
Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week
Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)
Fortinet Releases Security Updates for Multiple Products | CISA
SAP Patches Critical Command Injection Vulnerabilities - Security Week
Cisco addressed severe flaws in its Secure Client (securityaffairs.com)
5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard
New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register
Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)
Threat actors breached two crucial systems of the US CISA (securityaffairs.com)
Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)
Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week
Tools and Controls
Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)
NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)
Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)
Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)
Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)
How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro
Cloud security vs. network security: What's the difference? | TechTarget
Immutability: A boost to your security backup (betanews.com)
MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense
How teams can improve incident recovery time to minimize damages - Help Net Security
Reports Published in the Last Week
Other News
Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar
French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)
Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard
78% of MSPs state cyber security is a prominent IT challenge | Security Magazine
No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED
Maritime cyber security: threats and challenges - Port Technology International
What resources do small utilities need to defend against cyber attacks? | CyberScoop
10 free cyber security guides you might have missed - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 February 2024
Black Arrow Cyber Threat Intelligence Briefing 09 February 2024:
-Over Half of Companies Experienced Cyber Security Incidents Last Year
-Deepfake Video Conference Costs Business $25 Million
-Watershed Year for Ransomware as Victims Rose by Almost 50% and Payments Hit $1 Billion All-Time High
-Malware-as-a-Service Now the Top Threat to Organisations
-Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
-Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
-Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
-Security Leaders, C-Suite Unite to Tackle Cyber Threats
-UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
-What Does a ‘Cyber Security Culture’ Actually Entail?
-Beyond Checkboxes: Security Compliance as a Business Enabler
-No One in Cyber Security Is Ready for the SolarWinds Prosecution
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Over Half of Companies Experienced Cyber Security Incidents Last Year
According to a recent global survey, over half of the participating companies faced major security incidents in the past year, necessitating additional resources to tackle these challenges. Despite these incidents, many organisations claim improved performance on key cyber security indicators and express confidence in their threat detection capabilities. The research highlights a concerning discrepancy between perceived security measures and the actual state of security operations, underscoring a lack of comprehensive visibility and effective response mechanisms within companies. Particularly concerning is the finding that organisations can typically monitor only two-thirds of their IT environments, exposing significant vulnerabilities. Furthermore, the study points to a greater need for greater automation and third-party assistance in threat detection and response, suggesting that while companies are aware of their shortcomings, the path to enhanced security involves embracing AI-driven solutions to close these gaps. This insight highlights to leadership the importance of investing in advanced cyber security technologies and expertise to safeguard the organisation’s digital assets effectively.
Sources: [Beta News] [Verdict]
Deepfake Video Conference Costs Business $25 Million
There has been a surge in the number of artificial intelligence deepfake attacks where technology is being used to impersonate individuals. In one case, a finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call, faking both the CFO’s look and voice. The scam involved the fake CFO making increasingly urgent demands to execute money transfers, resulting in 15 transfers from the victim employee. The reality of the attack was only discovered by the victim after he had contacted the company’s corporate head office.
Sources: [The Register] [Help Net Security] [TechCentral ] [Tripwire]
Watershed Year for Ransomware as Victims Rose by Almost 50% And Payments Hit $1 Billion All-Time High
Even with enforcers shutting down some ransomware gangs, the business of ransomware is booming. A recent report from Palo Alto Networks Unit 42 found a 49% increase in the number of victims reported on ransomware leak sites; this does not include those who were victims but did not appear on sites. This comes as ransomware hit an all time high, with over $1b made in ransomware payments. Of note, this is just ransom payments; this does not take in to account reputational damage, recovery costs and loss in share value. The real effects of a ransomware attack may take months or even years to materialise. As ransomware remains a constant threat, it is important for organisations to be prepared.
Sources: [The Verge ] [Malwarebytes] [Infosecurity Magazine] [CSO Online] [ITPro] [TechRadar]
Malware-as-a-Service Now the Top Threat to Organisations
Recent studies have underscored a significant shift in the cyber threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) now dominating. These ‘as-a-service’ tools are particularly concerning as they lower the barrier to entry for cyber criminals, enabling even those with limited technical knowledge to launch sophisticated attacks. The report found that the most common as-a-Service tools were Malware loaders (77% of investigated threats), crypto-miners (52% of investigated threats) and botnets (39% of investigated threats). These findings underscore the adaptability of these threats, with malware strains being developed with multiple functions to maximise damage. Despite these trends, traditional methods like phishing continue to pose significant challenges for security teams. It’s clear that staying ahead of these evolving threats requires a proactive and comprehensive approach to cyber security.
Sources:[Infosecurity Magazine] [Beta News] [Help Net Security]
Over 9 in 10 UK Firms Who Fell Victim to Ransomware Paid the Ransom, Despite Alleged “No Pay” Stances
A recent report has found that over 97% of UK firms have paid a ransom in the last two years, finding even more reason to operate in a when-not-if environment. When asked about their recovery in an event, 38% said they could recover in four to six days, and 34% need one to two weeks to recover; almost one in four (24%) need over three weeks to recover data and restore business processes. Only 12% said their company had stress-tested their data security, data management, and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.
Sources: [The FinTech Times] [ Help Net Security]
Chinese State Hackers Hid in National Infrastructure for at Least 5 Years
US cyber officials have said that they discovered China-sponsored hackers lurking in American computer networks, positioning themselves to disrupt communications, energy, transportation and water systems; and this had been going on for at least 5 years. This has led to a joint warning from the US FBI, National Security Agency and Cyber Infrastructure and Security Agency, which has been cosigned by Britain, Canada, Australia and New Zealand. This dwell time isn’t just something that is encountered in critical infrastructure networks; attackers lurk on networks, undiscovered often for years, allowing them to see everything going on in the corporate environment.
Sources: [NTD] [Washington Times]
Email Attacks on Businesses Tripled and AI is a Huge Contributing Factor
Email attacks against businesses have increased dramatically as hackers continually use generative AI tools to optimise their content and streamline malicious campaigns, new research has claimed.
The report from Acronis is based on data collected from more than a million unique endpoints across 15 countries, and found AI-powered phishing affected more than 90% of organisations last year. AI helped has email attacks grow by 222% since the second half of 2023.
Sources: [New Electronics] [TechRadar]
Security Leaders, C-Suite Unite to Tackle Cyber Threats
A recent survey found that CEOs are taking a more hands-on approach and prioritising cyber resilience in 2024, leading to the breakdown of traditional silos between IT operations and security teams. The survey polled over 200 C-Suite and senior-level IT executives globally, and revealed a growing recognition of the importance of collaboration in combating sophisticated cyber threats, with 99% of respondents observing increased connectivity between the teams over the past year. While progress has been made, challenges remain, with only 48% of organisations establishing joint protocols for incident mitigation or recovery. Looking ahead, respondents anticipate a significant role for artificial intelligence (AI) in enhancing security efforts, with 68% expecting AI to streamline threat detection and response. Despite advancements, fragmented data protection solutions persist as a challenge, impacting over 90% of organisations' cyber resiliency. This underscores the need for a top-down approach to cyber security, with CEOs and boards driving collaboration between IT operations and security teams to optimise cyber preparedness initiatives and mitigate cyber risks effectively.
Source: [Security Boulevard]
UN Experts Investigate Cyber Attacks by North Korea that Raked in $3 Billion to Build Nuclear Weapons
UN sanction monitors are investigating dozens of suspected cyber attacks by North Korea that have raked in $3 billion to help North Korea further its nuclear weapons programme, according to excerpts of an unpublished UN report. “The panel is investigating 58 suspected DPRK cyber attacks on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help fund DPRK’s WMD development,” according to the monitors, who report twice a year to the 15-member security council.
Source: [The Guardian]
What Does a ‘Cyber Security Culture’ Actually Entail?
Fostering a robust cyber security culture emerges as a critical imperative for organisations in 2023, as revealed by ITPro Today's "State of Cybersecurity in 2023" study. Despite this recognition, organisations grapple with various challenges, including budget constraints, staffing shortages, and the failure to implement fundamental security practices like the principle of least privilege and zero trust. Insufficient staffing and constrained budgets elevate the risk of breaches, emphasising the need for a collective effort to bolster security measures.
Cultivating a cyber security culture entails educating every employee on security risks and holding them accountable for risk reduction efforts. While security teams play a pivotal role in setting expectations and providing guidance, a culture of cyber security necessitates continuous training, integration of security into everyday work, and clear delineation of risk ownership throughout the organisation. By prioritising proactive measures and fostering individual responsibility, organisations can fortify their defences against evolving cyber threats and mitigate risks effectively.
Source: [ITPro Today]
Beyond Checkboxes: Security Compliance as a Business Enabler
In today's complex business landscape, regulatory requirements are increasingly intricate, especially concerning cyber security compliance. While compliance might evoke images of stringent regulations and time-consuming audits, reframing our perspective reveals its potential as a vital business enabler. Security leaders, in collaboration with senior management, must cultivate a culture where commitment to cyber security compliance permeates the organisation, emphasising its role in fostering trust, facilitating global market access, and even serving as a competitive advantage. Moreover, robust compliance programs drive operational efficiency, innovation, and cost savings in the long run. Embracing cyber security compliance as a strategic enabler, rather than a regulatory burden, positions businesses for success, innovation, and resilience in an ever-evolving digital landscape.
Source: [Forbes]
No One in Cyber Security Is Ready for the SolarWinds Prosecution
The concept of "materiality" has taken centre stage for Chief Information Security Officers (CISOs) in light of new SEC regulations, requiring US public companies to disclose "material cyber security incidents" within four days. The SolarWinds breach and subsequent SEC charges against the company and its CISO highlight the seriousness of these regulations. This shift necessitates a deeper understanding of what constitutes "material" risk in cyber security and a more transparent approach to risk communication. However, many CISOs face challenges in quantifying and communicating cyber risks effectively to boards and executives, who often lack familiarity with cyber security terminology. This regulatory change underscores the need for CISOs to bridge the gap between cyber security and financial reporting, ensuring accurate and precise risk communication at the C-Suite level. Additionally, policymakers should incentivise C-Suite accountability for cyber risk management, fostering a culture where cyber risks are addressed proactively and transparently.
Source:[Council on Foreign Relations]
Governance, Risk and Compliance
Over half of companies experienced cyber security incidents last year (betanews.com)
Beyond Checkboxes: Security Compliance As Business Enabler (forbes.com)
Why an HR-IT Partnership is Critical for Managing Cyber Security Risk - Security Boulevard
The Cyber Threats Every C-Level Exec Should Care About In 2024 (forbes.com)
Security Leaders, C-Suite Unite to Tackle Cyberthreats - Security Boulevard
Cyber Security, Hybrid Workforce Management Among Top 2024 Business Challenges (allwork.space)
How CISOs navigate policies and access across enterprises - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The ransomware business is booming, even as enforcers shut down some players - The Verge
Paying ransoms is becoming a cost of doing business for many - Help Net Security
Chainalysis: 2023 a 'watershed' year for ransomware | TechTarget
The hidden cost of ransomware is more painful than many realize | ITPro
Is critical infrastructure prepared for OT ransomware? • The Register
Akira and 8Base are the ransomware gangs to watch in 2024 • The Register
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
NCC Group records the most ransomware victims ever in 2023 | TechTarget
US govt ups bounty on Hive ransomware gang members to $15M • The Register
Ransomware Victims
Clorox says cyber attack caused $49 million in expenses (bleepingcomputer.com)
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Lurie Children's Hospital cyber attack forces systems offline • The Register
Blackbaud settles FTC data security probe into 2020 ransomware attack | K-12 Dive (k12dive.com)
California union confirms ransomware attack following LockBit claims (therecord.media)
Another Chicago hospital announces cyber attack (therecord.media)
Funerals reportedly canceled due to ransomware attack on Austrian town (therecord.media)
Phishing & Email Based Attacks
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security (darkreading.com)
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
South African Railways Lost Over $1M in Phishing Scam (darkreading.com)
Artificial Intelligence
Fake board meeting nets cyber criminals more than €28m - TechCentral.ie
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Email attacks on business tripled in 2023 — and ChatGPT was often the culprit | TechRadar
Could a threat actor socially engineer ChatGPT? (securityintelligence.com)
Current approaches can’t mitigate the AI cyber security threat. What can? (networkingplus.co.uk)
Malware
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
macOS Malware Campaign Showcases Novel Delivery Technique (darkreading.com)
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Netherlands accuses China of cyber spying after security service makes malware discovery | NL Times
Mobile
Malware-riddled Android apps spotted on Google Play Store — here's what to avoid | TechRadar
Google Links Over 60 Zero-Days to Commercial Spyware Vendors - SecurityWeek
'Coyote' Malware Begins Its Hunt, Preying on 61 Banking Apps (darkreading.com)US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack (bitdefender.com)
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunchWizz Removed from Apple and Google Stores for Sextortion Concerns - Infosecurity Magazine (infosecurity-magazine.com)
February 2024 Android security patch here for Pixels - Android Authority
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Warning from LastPass as fake app found on Apple App Store | Malwarebytes
Android XLoader malware can now auto-execute after installation (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
HPE investigates new breach after data for sale on hacking forum (bleepingcomputer.com)
Blackbaud Comments on FTC Settlement, Continues to Strengthen Cyber Security - MarketWatch
FTC orders Blackbaud to overhaul ‘reckless’ security practices in wake of 2020 breach | TechCrunch
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks - SecurityWeek
'ResumeLooters' Attackers Steal Millions of Career Records (darkreading.com)
Data breach at French healthcare services firm puts millions at risk (bleepingcomputer.com)
Verizon Says Data Breach Impacted 63,000 Employees - SecurityWeek
Data breaches at Viamedis and Almerys impact 33 million in France (bleepingcomputer.com)
Report: More Than Half of Americans Have Had Their Data Exposed (govtech.com)
HopSkipDrive says personal data of 155,000 drivers stolen in data breach | TechCrunch
Organised Crime & Criminal Actors
Over half of companies experienced cyber security incidents last year (betanews.com)
As-a-Service tools empower criminals with limited tech skills - Help Net Security
Teens Committing Scary Cyber Crimes, What's Behind the Trend? (darkreading.com)
Nigerian President Dismisses Nation's 'Cyber Crime Haven' Image (darkreading.com)
Lessons Learned From Tracing Cyber Crime’s Evolution On The Dark Web (forbes.com)
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Pig-butchering scams morph into DeFi threats (cointelegraph.com)
Crypto-related ransomware attacks made 'major comeback' in 2023 (verdict.co.uk)
Insider Risk and Insider Threats
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
How bias can undermine insider threat monitoring | TechRadar
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
Supply Chain and Third Parties
Blackbaud blasted for failing to prevent customer breaches | Computer Weekly
Removing the weakest link: Strengthen the security of your supply chain (techuk.org)
Cloud/SaaS
Stop chasing shadow IT: Tackle the root causes of cloud breaches | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Organisations Left Grappling for Solutions Amid Alarming Cloud Security Gaps | Network Computing
Identity and Access Management
Encryption
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Credential Harvesting Vs. Credential Stuffing Attacks: What’s the Difference? - Security Boulevard
Looted RIPE Credentials for Sale on the Dark Web (darkreading.com)
AnyDesk downplays impact of cyber attack | SC Media (scmagazine.com)
Midnight Blizzard and Cloudflare-Atlassian Cyber Security Incidents - Security Boulevard
Social Media
Regulations, Fines and Legislation
How the SEC's Rules on Cyber Security Incident Disclosure Are Exploited (darkreading.com)
No one's happy with latest US cyber incident reporting plan • The Register
2023 Cyber Security Regulation Recap (Part 3): Privacy Protection - Security Boulevard
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Combatting Stress In The Cyber Security Industry (forbes.com)
IT Security Hiring Must Adapt to Skills Shortages (informationweek.com)
Law Enforcement Action and Take Downs
Former CIA worker spilled to WikiLeaks, jailed for 40 years • The Register
Romance fraudster jailed after conning women out of £300k - BBC News
Cops arrest 17-year-old suspected of hundreds of swattings nationwide | Ars Technica
US must ratchet up its response in pursuing hackers, MITRE CTO argues - Nextgov/FCW
Report: Blocked IP addresses increased by 116.42% | Security Magazine
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Google Play Used to Spread 'Patchwork' APT's Espionage Apps (darkreading.com)
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Nation State Actors
China
Chinese Hackers Preparing ‘Destructive Attacks,’ CISA Warns (govinfosecurity.com)
Chinese Hackers Hid in US Infrastructure for 5 Years | Newsmax.com
China's Cyber Attackers Target US and Allied Militaries (newsweek.com)
FBI Issues Ominous Warning of Imminent Cyber Attack on Critical Infrastructure - Security Boulevard
Dutch intelligence finds Chinese hackers spying on secret Defence Ministry network (therecord.media)
Shutting Down the Grid: Possible Cyber Attacks From Chinese Hackers | NTD
China Caught Dropping RAT Designed for FortiGate Devices (darkreading.com)
Top US venture capitalists invest in China tech for big returns (nypost.com)
Classified Japanese diplomatic info leaked after Chinese cyber attacks - The Japan Times
Philippines Says Hacker in China Behind Foiled Attack on Government Website - Bloomberg
Chinese hackers fail to rebuild botnet after FBI takedown (bleepingcomputer.com)
Russia
Iran
Designating Iranian Cyber Officials - United States Department of State
Microsoft: Iran is refining its cyber operations | CyberScoop
US sanctions Iranian officials over cyber attacks on water plants - BBC News
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Fortinet FortiSIEM hit by two 10/10 severity vulns • The Register
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (bleepingcomputer.com)
Experts Detail New Flaws in Azure HDInsight Spark, Kafka, and Hadoop Services (thehackernews.com)
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (thehackernews.com)
Ivanti: Patch new Connect Secure auth bypass bug immediately (bleepingcomputer.com)
Newest Ivanti SSRF zero-day now under mass exploitation (bleepingcomputer.com)
Critical vulnerability in Mastodon sparks patching frenzy • The Register
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account (thehackernews.com)
February 2024 Android security patch here for Pixels - Android Authority
Government hackers targeted iPhones owners with zero-days, Google says | TechCrunch
JetBrains warns of new TeamCity auth bypass vulnerability (bleepingcomputer.com)
Critical vulnerability affecting most Linux distros allows for bootkits | Ars Technica
Google fixed an Android critical remote code execution flaw (securityaffairs.com)
Cisco fixes critical Expressway Series CSRF vulnerabilities (securityaffairs.com)
QNAP Patches High-Severity Bugs in QTS, Qsync Central - SecurityWeek
Tools and Controls
What is a Behavioral Risk Indicator? Demystifying Insider Risk Indicators - Security Boulevard
How to Win a Cyberwar: Use a Combined Intelligence Strategy (inforisktoday.com)
Surge in deepfake "Face Swap" attacks puts remote identity verification at risk | Tripwire
Close security gaps with attack path analysis and management | TechTarget
Using Proactive Intelligence Against Adversary Infrastructure - Security Boulevard
A Hacker’s Perspective For Building Proactive Organisational Defences (forbes.com)
Reports Published in the Last Week
Other News
Report: Mac security threats on the rise, here’s what to watch out for - 9to5Mac
Trustees urged to review cyber incident frameworks following NCSC changes - Pensions Age Magazine
Airbus App Vulnerability Introduced Aircraft Safety Risk: Security Firm - SecurityWeek
What Will the Future of Cyber Security Bring? - Security Boulevard
Cyber attacks on knowledge institutions are increasing: what can be done? (nature.com)
McPartland Review - Driving Economic Growth through Cyber Security (techuk.org)
A view from Brussels: ENISA celebrates 20th anniversary amid 'grim times' (iapp.org)
Revealed – top 10 cyber incidents of 2023 | Insurance Business America (insurancebusinessmag.com)
NCSC warns CNI operators over ‘living-off-the-land’ attacks | Computer Weekly
Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors (darkreading.com)
We Need Cyber Security in Space to Protect Satellites | Scientific American
Inquiry to explore cyber risk to Sunak-Starmer showdown | Computer Weekly
Three predictions for responding to the cyber threat landscape in 2024 | Computer Weekly
How Hospitals Can Help Improve Medical Device Data Security (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 January 2024
Black Arrow Cyber Threat Intelligence Briefing 12 January 2024:
-Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
-Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
-Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
-Cyber Insecurity and Misinformation Top WEF Global Risk List
-Why Effective Cyber Security and Risk Management are Crucial for Business Growth
-The Cost of Dealing with a Cyber Attack Doubled Last Year
-Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
-Mandiant, SEC Lose Control of X Accounts Without 2FA
-If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
-82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
-Cyber Security is the Number One Priority for the Financial Sector Again
-Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boardrooms on Notice: Cyber Security Oversight More Important Than Ever
In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.
When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.
Sources: [Lexology] [Security Brief]
Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023
Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.
Sources: [Data Breaches] [UK mortgage news] [The Hacker News]
Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever
As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.
Source: [TechRadar]
Cyber Insecurity and Misinformation Top WEF Global Risk List
In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.
Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.
Source: [Infosecurity Magazine]
Why Effective Cyber Security and Risk Management are Crucial for Business Growth
Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.
Source: [World Economic Forum]
The Cost of Dealing with a Cyber Attack Doubled Last Year
New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.
Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.
Source: [TechRadar]
Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved
Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.
The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.
Source: [Security Week] [Dark Reading]
Mandiant, SEC Lose Control of X Accounts Without 2FA
While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.
In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.
Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.
Source: [Dark Reading]
If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis
A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling. Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.
Source: [Help Net Security]
82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year
A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.
Sources: [Infosecurity Magazine] [SecurityWeek]
Cyber Security is the Number One Priority for the Financial Sector Again
In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.
Sources: [The Fintech Times] [Islamic Finance News]
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’
In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.
Source: [Security Boulevard]
Governance, Risk and Compliance
If you prepare, a data security incident will not cause an existential crisis - Help Net Security
IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)
The cost of dealing with a cyber attack doubled last year | TechRadar
Board Priorities 2024: Cyber preparedness & resilience - Lexology
Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)
Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
The expanding scope of CISO duties in 2024 - Help Net Security
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
The power of basics in 2024's cyber security strategies - Help Net Security
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
Threats
Ransomware, Extortion and Destructive Attacks
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)
There is a Ransomware Armageddon Coming for Us All (thehackernews.com)
Ransomware victims targeted in follow-on extortion attacks • The Register
Swatting: The new normal in ransomware extortion tactics • The Register
Another top US mortgage firm hit by major cyber attack | TechRadar
Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Babuk ransomware decryptor updated with Tortilla support • The Register
"Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)
Ransomware payment ban: Wrong idea at the wrong time • The Register
Ransomware Victims
In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard
Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin
Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)
Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)
LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)
Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch
HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week
Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im
Ransomware wrecks Paraguay’s largest telco (databreaches.net)
Phishing & Email Based Attacks
Uncovering the hidden dangers of email-based attacks - Help Net Security
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
Female cyber pros group targeted in phishing scam | IT Business
Artificial Intelligence
Adapting Security to Protect AI/ML Systems (darkreading.com)
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Why Cyber Security Is Foundational To AI Safety (forbes.com)
FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)
The growing challenge of cyber risk in the age of synthetic media - Help Net Security
Securing AI systems against evasion, poisoning, and abuse - Help Net Security
Staying One Step Ahead of Hackers When It Comes to AI | WIRED
New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW
AI discovers that not every fingerprint is unique (techxplore.com)
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
2FA/MFA
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
Malware
A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Linux devices are under attack by a never-before-seen worm | Ars Technica
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Mobile
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
Internet of Things – IoT
Coming Soon to a Network Near You: More Shadow IoT - Security Week
The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard
Surveyed drivers prefer low-tech cars over data-sharing ones • The Register
VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)
Data Breaches/Leaks
Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week
Framework discloses data breach after accountant gets phished (bleepingcomputer.com)
2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)
Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch
Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)
Organised Crime & Criminal Actors
Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard
Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Cryptocurrency community lost over $100 million last week (coinpaper.com)
‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)
Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED
Insider Risk and Insider Threats
Insurance
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Supply Chain and Third Parties
Cloud/SaaS
SaaS cyber crime levels are expected to rise this year - Digital Journal
Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
Identity and Access Management
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
What is credential stuffing and how do you keep your accounts safe from it (engadget.com)
Social Media
Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)
Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)
Sexual assault in the metaverse investigated by British police • Graham Cluley
Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)
Malvertising
X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)
Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)
Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)
Regulations, Fines and Legislation
US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online
SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra
What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)
Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard
Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)
Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke
Models, Frameworks and Standards
NIST identifies AI cyber security vulnerabilities (iapp.org)
NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)
Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)
Nation State Actors
China
AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop
Bribed US Navy sailor sold secrets to China for just $14k • The Register
China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week
Russia
Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)
Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)
Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)
Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register
Ukraine is on the front lines of global cyber security - Atlantic Council
Iran
Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)
Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)
Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)
North Korea
North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)
South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week
Young Britons exposed to online radicalisation following Hamas attack - BBC News
Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)
Vulnerability Management
Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week
Researchers develop technique to prevent software bugs - Help Net Security
Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard
Vulnerabilities
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)
Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)
Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)
Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week
KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week
CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA
Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)
Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)
Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week
SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week
CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)
CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week
Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security
Tools and Controls
Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week
Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)
APIs are increasingly becoming attractive targets - Help Net Security
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard
Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security
Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)
Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)
2024 Cyber Insurance Requirements Predictions (trendmicro.com)
Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)
Other News
SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)
SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)
Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)
A cyber attack hit the Beirut International Airport (securityaffairs.com)
Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post
Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center
Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)
Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)
It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop
Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)
6 of the biggest threats banks faced in 2023 | American Banker
US to hospitals: Meet security standards or no federal money • The Register
Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)
Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 December 2023
Black Arrow Cyber Threat Intelligence Briefing 01 December 2023:
-Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
-Approach Cyber Security Awareness Training by Engaging People at All Levels
-Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
-Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
-Hacked Microsoft Word Documents Being Used to Trick Windows Users
-Mitigating Deepfake Threats in The Corporate World
-Black Basta Ransomware Made Over $100 Million From Extortion Alone
-Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
-Booking.com Customers Scammed in Novel Social Engineering Campaign
-Stop Panic Buying Your Security Products and Start Prioritising
-A Fifth of UK SMBs Unable to Spot Scams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Strategic Cyber Stories of the Last Week
Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack
An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.
This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.
Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]
Approach Cyber Security Awareness Training by Engaging People at All Levels
In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.
However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.
Source: [CPO Magazine]
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.
The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.
Sources: [Business Wire] [Silicon UK]
Ransomware Attacks Surge 81% in October as New Threat Actors Emerge
The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.
Source: [Security Brief]
Hacked Microsoft Word Documents Being Used to Trick Windows Users
Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.
Source: [TechRadar]
Mitigating Deepfake Threats in The Corporate World
Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.
Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.
Source: [MSSP Alert]
Black Basta Ransomware Made Over $100 Million From Extortion Alone
The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.
Source: [Bleeping Computer]
Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation
In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.
Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.
Source: [TechRadar]
Booking.com Customers Scammed in Novel Social Engineering Campaign
According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.
Source: [Infosecurity Magazine]
Stop Panic Buying Your Security Products and Start Prioritising
In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.
Source: [Help Net Security]
A Fifth of UK SMBs Unable to Spot Scams
New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.
Source: [Infosecurity Magazine]
Governance, Risk and Compliance
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Enterprises prepare for the inevitable cyber attack - Help Net Security
Board Support Critical For Cyber Security Defence | Silicon UK
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
The Role of the CISO in Digital Transformation (darkreading.com)
Stop panic buying your security products and start prioritizing - Help Net Security
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)
Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)
Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
When does it make sense to pay the ransom? | SC Media (scmagazine.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)
Ransomware Victims
Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette
Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International
Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)
British Library contacts users after Rhysida leaks data • The Register
Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News
Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)
GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)
English council spent £1.1 million recovering from ransomware attack (therecord.media)
Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)
Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)
New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd
Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian
Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Top instant money provider service hacked, over a million users possibly affected | TechRadar
Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)
Phishing & Email Based Attacks
Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
Organisations can't ignore the surge in malicious web links - Help Net Security
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
What custom GPTs mean for the future of phishing - Help Net Security
A reality check on email security threats in healthcare (securitybrief.co.nz)
Artificial Intelligence
Released: AI security guidelines backed by 18 countries - Help Net Security
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
CISA and NCSC lead efforts to raise AI security standards • The Register
Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security
AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)
A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)
Securing generative AI across the technology stack | TechCrunch
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
What custom GPTs mean for the future of phishing - Help Net Security
8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)
Malware
Implications of “malware free” attacks on SMBs (databreaches.net)
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Hacked Microsoft Word documents being used to trick Windows users | TechRadar
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)
LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)
Mobile
NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)
200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Cyber pros avoid smart devices: there is a good reason | Cybernews
IoT Security Labeling Improving, But More Collaboration Needed - EE Times
Data Breaches/Leaks
App used by hundreds of schools leaking children's data (securityaffairs.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Gulf Air exposed to data breach, 'vital operations not affected' | Reuters
General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica
DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)
Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)
Organised Crime & Criminal Actors
Leader of Killnet 'unmasked' by Russian state media • The Register
A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)
Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch
US imprisons Ukrainian SSNDOB administrator for 8 years • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Insurance
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
Supply Chain and Third Parties
Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)
Telecom Industry Association Advances Supply Chain Security | MSSP Alert
Cloud/SaaS
SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)
Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar
Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)
Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)
Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon
Social Media
Training, Education and Awareness
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Regulations, Fines and Legislation
European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)
Released: AI security guidelines backed by 18 countries - Help Net Security
EU considers widening scope of cyber security regulation (finextra.com)
Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)
5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security
False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Information overload puts cyber security at risk (betanews.com)
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
More than half admit to ignoring cyber security alerts (itsecuritywire.com)
Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)
Unhappy network professionals juggling more with less - Help Net Security
Law Enforcement Action and Take Downs
Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)
CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle
Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week
New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)
Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Russia
Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)
Leader of Killnet 'unmasked' by Russian state media • The Register
Iran
Pennsylvania water facility hit by Iran-linked hackers | CyberScoop
North Texas water utility serving 2 million hit with cyber attack (therecord.media)
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
North Korea
North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar
North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)
US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)
Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security
Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week
Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)
Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro
Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)
Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security
Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)
Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)
Tools and Controls
Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine
8 Cyber Security Topics to Include in Your Training Program | Proofpoint US
40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru
3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com
Long recovery times after cyber attacks could annihilate your organisation | TechRadar
Stop panic buying your security products and start prioritizing - Help Net Security
Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News
Building cyber resilience for tomorrow’s threats - Help Net Security
Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly
Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)
AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)
Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)
What cyber security pros can learn from first responders (securityintelligence.com)
Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert
Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security
Researcher flags OpenCart security issue, founder rages • The Register
Bridging the risk exposure gap with strategies for internal auditors - Help Net Security
Reports Published in the Last Week
Other News
Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360
Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)
Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week
Implications of “malware free” attacks on SMBs (databreaches.net)
Reading Borough Council apologises for dodgy infosec advice • The Register
Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce
Paris water agency targeted in cyber attack - Emerging Risks Media Ltd
Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)
No plain sailing: modern pirates hack superyachts' cyber security | Euronews
Hackers Hijack Industrial Control System at US Water Utility - Security Week
Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)
CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)
New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.