Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Many Cyber Attacks Begin by Breaking Human Trust

One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.

One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.

Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.

Sources: [GovTech] [Bloomberg] [Security Week]

BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data

Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.

Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.

Source: [The Register]

SME Cyber Security Knowledge Gap Widens

Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.

Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.

Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.

Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]

UK Security Budgets Under Strain as Cyber Incidents Soar

A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.

The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).

Sources: [Silicon] [Verdict] [CSO Online]

Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount

A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to  effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.

Source: [EY]

FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours

The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.

Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]

Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business

A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.

The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.

Sources: [Techradar] [Beta News] [HelpNet Security]

Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported

Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.

Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.

Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]

Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums

According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.

Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Global Reinsurance]

Evolving Conversations: Cyber Security as a Business Risk

According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.

By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.

Source: [HelpNet Security]

Threats in Cloud Top the List of Executive Cyber Concerns

A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.

The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CIO Dive]

Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection

Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.

The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.

Source: [Silicon Angle]

Governance, Risk and Compliance

• Small Businesses Underestimate Cyber Risks Despite Increased Threats: IBC Survey (insurancejournal.com)

• Half of Cyber security Professionals Report Increase in Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)

• SME cyber security knowledge gap widens | Dealer Support

• UK SME cyber threat concerns on the rise in last 12 months as a quarter admit to being breached - IT Security Guru

• Poor cyber security habits are common among younger employees - Help Net Security

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• After MGM and Caesars hacks, cyber security experts warn ‘anybody is vulnerable’  - The Nevada Independent

• People Still Matter in Cyber security Management (darkreading.com)

• UK businesses face tightening cyber security budgets as incidents spike | CSO Online

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)

• Evolving conversations: Cyber security as a business risk - Help Net Security

• Cyber security preparedness pays big dividends for businesses - Help Net Security

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN

• Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global

• CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security

• Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyber attacks

• Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)

• A Tool to Help Boards Measure Cyber Resilience (hbr.org)

• High-business-impact outages are incredibly expensive - Help Net Security

• 78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)

• Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News

• How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News

Threats

Ransomware, Extortion and Destructive Attacks

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)

• Ransomware Dwell Time Hits Low of 24 Hours (prnewswire.com)

• Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)

• Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)

• Why the public sector is an easy target for ransomware | TechCrunch

• Banks beware: Why one ransomware victim decided to pay up | American Banker

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• Feds hopelessly behind the times on ransomware trends • The Register

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Ransomware reinfections on the rise from improper remediation (malwarebytes.com)

• Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)

• Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)

• Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)

• Ransomware disrupts hospitality, healthcare in September | TechTarget

• Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs

• Lorenz ransomware embroiled in its own two-year data leak • The Register

Ransomware Victims

• LockBit crime spree includes FDF and UK law firm (techmonitor.ai)

• Motel One discloses data breach following ransomware attack (bleepingcomputer.com)

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Record Numbers of Ransomware Victims Named on Leak Sites - Infosecurity Magazine (infosecurity-magazine.com)

• MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ

• BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care (securityaffairs.com)

• Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)

• South African insurance clients hit in massive global cyber attack (mybroadband.co.za)

• Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)

• Clorox Warns of a Sales Mess After Cyber attack - WSJ

Phishing & Email Based Attacks

• EvilProxy Phishing Attack Strikes Indeed, Targets Executives - Infosecurity Magazine (infosecurity-magazine.com)

• Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

• Will generative AI really supercharge phishing attacks? - Tech Monitor

Other Social Engineering; Smishing, Vishing, etc

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg

• Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• USPS Anchors Snowballing Smishing Campaigns (darkreading.com)

• Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security

• GenAI in software surges despite risks - Help Net Security

• Boardroom Blueprint: AI's Cyber security Risks (forbes.com)

• The top AI cyber crime threats and solutions | Inquirer Technology

• Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Survey Finds Most Cyber security Experts Believe Offensive AI Will Outpace Defensive AI (thefastmode.com)

• LLMs lower the barrier for entry into cyber crime - Help Net Security

• Will generative AI really supercharge phishing attacks? - Tech Monitor

• Are we doomed to make the same security mistakes with AI? (securityintelligence.com)

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• From Cyber crime to Cyber security: Fighting AI With AI | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Malware

• Hackers are spreading malware through Indeed job messages | Digital Trends

• Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• North Korea's Lazarus Group upgrades its main malware • The Register

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)

Mobile

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Are executives adequately guarding their gadgets? - Help Net Security

Botnets

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

Denial of Service/DoS/DDOS

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)

• Royal Family's official website targeted in cyber attack | UK News | Sky News

• Global events fuel DDoS attack campaigns - Help Net Security

BYOD

• Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register

• Are executives adequately guarding their gadgets? - Help Net Security

Internet of Things – IoT

• Malware-Infected Devices Sold Through Major Retailers - Infosecurity Magazine (infosecurity-magazine.com)

• IoT and the law | Professional Security

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

• Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security

• FDA cyber mandates for medical devices goes into effect | CyberScoop

Data Breaches/Leaks

• European Telecommunications Standards Institute Discloses Data Breach - Security Week

• MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge

• Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers - Infosecurity Magazine (infosecurity-magazine.com)

• NATO says it is addressing an apparent cyber attack after strategy documents posted online | CNN Politics

• SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

• PSNI: Concerns over computer security as new figures reveal 161 data incidents | BelfastTelegraph.co.uk

• Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)

• DNA testing service 23andMe investigating theft of user data | CyberScoop

Organised Crime & Criminal Actors

• Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)

• People Still Matter in Cyber security Management (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

• There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar

• BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cyber crime Underground (thehackernews.com)

• The crypto market bears the scars of FTX's collapse | Reuters

Insider Risk and Insider Threats

• Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)

• Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar

• Younger employees more likely to have unsafe cyber security habits (betanews.com)

• Addressing the People Problem in Cyber security - Security Week

Fraud, Scams & Financial Crime

• FBI warns phantom hacker scams are emptying financial accounts — how to stay safe | Tom's Guide (tomsguide.com)

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• Online fraud can cost you more than money - Help Net Security

• The crypto market bears the scars of FTX's collapse | Reuters

• How to deal with your brand's doppelgangers | Kaspersky official blog

• Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)

Impersonation Attacks

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

• Scammers Impersonate Companies to Steal Cryptocurrency from Job Seeker - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

Insurance

• Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance

• Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)

• 5 Cyber Insurance Trends To Watch Right Now | CRN

Supply Chain and Third Parties

• Tackling cyber risks head-on using security questionnaires - Help Net Security

Software Supply Chain

• Software firms under cyber attack | Microscope (computerweekly.com)

• Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)

Cloud/SaaS

• Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive

• Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance (thehackernews.com)

• LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)

• AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

• EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)

Hybrid/Remote Working

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

Encryption

• New Marvin attack revives 25-year-old decryption flaw in RSA (bleepingcomputer.com)

• Quantum Computers Could Crack Encryption Sooner Than Expected With New Algorithm (singularityhub.com)

API

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

Open Source

• New 'Looney Tunables' Linux bug gives root on major distros (bleepingcomputer.com)

• The root cause of open-source risk - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Your Long Password Is Still Easy to Crack (pcmag.com)

• Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)

Biometrics

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE

• The inadequacy of voice biometrics | TechRadar

Social Media

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Malvertising

• Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security

Training, Education and Awareness

• Your Company's Cyber security Depends on Every Employee--Train Them Well and Instill the Importance of Security | Inc.com

• Addressing the People Problem in Cyber security - Security Week

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Parental Controls and Child Safety

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

Regulations, Fines and Legislation

• Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• Many Companies Far From Ready for Fast-Approaching SEC Cybersecurity Deadline | Corporate Counsel (law.com)

• Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online

• Employers must be clear with staff over workplace monitoring, warns privacy watchdog | UK News | Sky News

• Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)

Models, Frameworks and Standards

• Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)

• What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)

Careers, Working in Cyber and Information Security

• UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online

• Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post

• The State of Cyber security: Cyber Skills Gap Leaves Business Vulnerable to Attacks, New Research Reveals | Business Wire

• Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews

• Soft skills continue to challenge the cyber security sector - Help Net Security

Law Enforcement Action and Take Downs

• Child abuse site taken down, organised child exploitation crime suspected – exclusive (securityaffairs.com)

• Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE

• Three men found guilty of laundering $2.5 million in Target gift card tech support scam (bitdefender.com)

• UK student found guilty of 3D printing 'kamikaze' drone • The Register

Privacy, Surveillance and Mass Monitoring

• EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W - Infosecurity Magazine (infosecurity-magazine.com)

• Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro

• AI facial recognition: Campaigners and MPs call for ban - BBC News

• Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)

Misinformation, Disinformation and Propaganda

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State, Cyber Warfare and Cyber Espionage

• Espionage fuels global cyber attacks - Microsoft On the Issues

• Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly

• ‘Cyberwar Is Going on All Day, Every Day’: CEO | NTD

• CISA and UK NCSC Hold Inaugural Meeting of Strategic Dialogue on Cyber security of Civil Society Under Threat of Transnational Repression | CISA

• US and UK Lead Fight Against Civil Society Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Harvard cyber security guru Bruce Schneier warns of ChatGPT, AI effect on election disinformation, propaganda | Fortune

• The sixth domain: The role of the private sector in warfare - Atlantic Council

• How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

Russia

• Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities

• Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)

• Russia-Ukraine war: Cyber space is the latest frontline | Semafor

• Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)

• Joint Statement from 21 Countries and the Organisation of American States Following the Department of Homeland Security Western Hemisphere Cyber Conference | Homeland Security (dhs.gov)

• Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)

China

• China Poised to Disrupt US Critical Infrastructure with Cyber Attacks, - Infosecurity Magazine (infosecurity-magazine.com)

• How digital threats from East Asia are increasing in breadth and effectiveness | CSO Online

• Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege (securityaffairs.com)

Iran

• Iran-Linked APT34 Spy Campaign Targets Saudis (darkreading.com)

North Korea

• North Korea's Lazarus Group upgrades its main malware • The Register

• Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)

• Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)

• North Korean hackers are targeting aerospace - Lazarus Group tricks employees into installing malware themselves | TechRadar

• North Korea goes phishing in South’s shipyards • The Register

Vulnerability Management

• How to Measure Patching and Remediation Performance (darkreading.com)

Vulnerabilities

• CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA

• October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty - Help Net Security

• Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)

• Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)

• A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica

• Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)

• Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week

• Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)

• Mass exploitation attempts against WS_FTP have begun • The Register

• Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)

• Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security

• Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)

• Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch

• Companies Address Impact of Exploited Libwebp Vulnerability  - Security Week

• Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security

• Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)

• Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)

• Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)

• Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica

Tools and Controls

• Does your security program suffer from piecemeal detection and response? (securityintelligence.com)

• Keeping SEC-ure: Using Threat Intelligence to Stay Ahead of the New SEC Regulations (recordedfuture.com)

• The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)

• APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)

• 5 common browser attacks and how to prevent them | TechTarget

• Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)

• Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)

• The big debate: is AI a blessing or curse for cyber security? - Raconteur

• Is your threat protection giving you a false sense of cyber security? | The Independent

• 5 Cyber Insurance Trends To Watch Right Now | CRN

• Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)

• How to Improve Cyber security Awareness and Training (trendmicro.com)

Reports Published in the Last Week

• Microsoft Digital Defence Report 2023 (MDDR) | Microsoft Security Insider

• STUDY: 37% Intimidated, 39% Frustrated with Online Security (globenewswire.com)

• Oh Behave! The Annual Cyber security Attitudes and Behaviours Report 2023 - National Cyber security Alliance (staysafeonline.org)

Other News

• Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)

• Are we smart enough for smart cities? | TechRadar

• The trust deficit in CNI: How to address a growing concern | Computer Weekly

• Third sector highly exposed to cyber risk - CIR Magazine

• 10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN

• Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK

• Global internet freedoms fell again last year as the threat of AI looms (therecord.media)

• Cyber security in the Age of Industry 4.0 (automation.com)

• How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)

• 10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)

• NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)

• The changing face of cyber security threats in 2023 | CIO

• Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live

• Making Sense of Today's Payment Cyber security Landscape (darkreading.com)

• GAO tears into State Department's cyber security management • The Register

• First pan-European cyber analysis centre opens (airportsinternational.com)

• Nearly 100,000 Industrial Control Systems Exposed to the Internet - Infosecurity Magazine (infosecurity-magazine.com)

• Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online

• Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cloud Hosting Firm Loses All Customer Data After Ransomware Attack

CloudNordic, a Danish cloud hosting provider, has told customers to consider all of their data as having been lost following a ransomware infection that encrypted the large Danish cloud provider. The threat actors had destroyed the organisation’s backups, which prevented the firm from recovering effectively. The attack also impacted AzeroCloud, which is owned by the same company.

Worryingly, many organisations believe that having backups and using the cloud is enough for them to be able to recover from any cyber incident; unfortunately, as shown in the CloudNordic and AzeroCloud attacks, it is not enough. Organisations need to have a recovery plan in place which is tested and improved, to best strengthen themselves in the event of a cyber incident.

Sources: [The Register] [Bleeping Computer] [Help Net Security]

Would You Infect Others to Rid Yourself of Ransomware?

Hackers continually develop ransomware with new and creative attack methods that keep internet security professionals on their toes and pose challenges for people trying to detect threats. Victims of ransomware usually see messages asking them to pay for file access restoration; however, the Popcorn Time ransomware group takes a different approach to getting victims involved.

The Popcorn Time ransomware approach works via the referral method. The ransomware group is willing to give victims access to their files if they send the referral link to two other people, extending the attacker’s reach. Most people would hesitate to distribute a ransomware link through email, WhatsApp, or another method that is easy for victims to identify them as the perpetrators. Law enforcement bodies categorise ransomware attacks as crimes that come with hefty fines and prison time. Even those choosing to send the links to people they know face disastrous consequences beyond law enforcement, including the loss of jobs and relationships.

Source: [CyberNews]

Artificial Intelligence and USBs Drive 8% Rise in Cyber Attacks

Checkpoint’s 2023 Mid-Year Security Report shows an 8% surge in global weekly cyber attacks during Q2, marking the most significant increase in two years. The report highlights the fusion of advanced artificial intelligence (AI) technology with traditional tools like USB devices used for disruptive cyber attacks.

Other significant findings include the evolution of ransomware tactics. The report found that ransomware groups are exploiting vulnerabilities in common corporate software and shifting focus from encrypting data to stealing it. USB devices have resurfaced as threats, employed by both state-affiliated groups and cyber-criminals to distribute malware globally. The misuse of AI has escalated, as attackers use generative AI tools for phishing emails, keystroke monitoring malware and basic ransomware code.

Source: [InfoSecurity Magazine]

Ransomware Attacks Broke Records in July, Mainly Driven By One Group

A number of ransomware actors are utilising the threat of releasing sensitive data to get organisations to pay ransoms; in some cases this is combined with encryption to give the actor two avenues of payment. A report has found there were over 500 attacks last month, an increase of 153% compared to one year ago, and a 16% increase compared to June. Within Europe, there was a 59% increase in ransomware attacks from June to July.

Part of the significant rise is due to the ransomware group called Cl0p, whose attack on the MOVEit software has accounted for hundreds of victims this year. The Cl0p ransomware group has kept its promise to publish files on the clearweb of all its victims if contact was not made. The clearweb is simply what we know as the internet; anyone can access it. As such, there will be many organisations who are now having their sensitive data published and readily viewable for anyone who has access to the internet.

Sources: [Gov Info Seccurity] [Security Week] [ZDNET] [Cyber News]

Cyber Risk in The Boardroom

The relationship between the CISO and the wider boardroom has become increasingly cooperative, with 77% of CEO’s seeing cyber as a strategic function and a potential source of competitive advantage. While it is ultimately up to the board to take steps to keep cybersecurity high on the agenda, the CISO also has a responsibility to press the message and bridge any gaps.

CISOs must deliver concerns, strategies and recommendations in a business-first manner, while avoiding jargon and overly technical language. Attracting and retaining good quality senior security professionals is very challenging in the current market and Black Arrow offer a fractional CISO service, giving access to a whole team of specialists with wider expertise, experience and backgrounds, for less than the cost of hiring one individual.

Sources: [Security Week] [TechRadar]

Malware-Infected Advertising Grows Ever More Sophisticated, And More Damaging

The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in efficacy. With malvertising, the infected ads are typically placed on legitimate ad networks, which makes them more difficult to spot and remove. The technique continues to use more and more sophisticated mechanisms for getting their infections spread throughout the web and keeping them running for a long time. The exploits can operate in one of several ways, including intercepting a user’s clickstream on random hyperlinks and substituting them with redirects to advertising websites.

Adblockers either on endpoints or at the network level can also help to prevent malvertising from causing harm.

Source: [SiliconAngle]

Cyber Security is Everyone’s Responsibility

A recent survey found that 41% of respondents said that poor quality training, or a lack of training altogether, and insider threats were impacting their organisation’s security. Cyber security involves everyone as any employee can be an entry point for a cyber incident, but they also have the power to prevent one. It is important to make sure all employees are provided adequate training. Not every role requires the same training however, so it is important for organisations to identify and provide training that is appropriate to employees. Black Arrow provide live in person and online instructor lead cyber security training, both through Cyber Risk and Governance Workshops for Senior Leadership and Awareness, Behaviour and Culture Training for employees and contractors.

Source: [IT Pro Today]

QR Code Hacks Are Another Thing to Worry About Now

One of the upcoming technologies thrust upon us is QR codes. At this point, you can find them at most restaurants and parking sites. You simply scan the code and you are taken to the relevant site, for example, the menu for the restaurant. Attackers have cottoned on to this and started to use QR codes in phishing attacks; the idea being that the victim will scan the code without scrutinising it and be taken to a malicious website instead.

Source: [Bloomberg]

Security Basics Aren’t So Basic Anymore

The basics of cyber security, it turns out, aren’t so basic anymore. What was considered basic has moved way beyond just having firewalls and antivirus, and the most basic controls nowadays include more advanced controls such as robust identity and access management, multi-factor authentication (MFA) and patching and vulnerability management. Many of these now basic controls are lacking or non-existent across the economy according to cyber security experts. A report found that only 28% of Microsoft users had MFA enabled as 2022 closed.

You can’t solve all the problems at once. However, progress on these fronts also relies heavily on the need for a cultural shift. Organisations need to get to the point where they view cyber security in the same light as locks on doors and seatbelts in cars.

Source: [CioDive]

Apple MacOS Security Myths

Apple has maintained a reputation as being more secure than other manufacturers, and whilst Apple has put many different security mechanisms into its operating system, no technology is bulletproof. Assuming an Apple device is invulnerable can lead users to believe that their Mac will not get viruses or be subject to a plethora of other cyber threats. As a result, this can lead to poor cyber hygiene from the individual, as they assume they are safe regardless of what they do. Apple users need to remain every bit as aware of risks, social engineering, keeping devices up to date, and having appropriate security controls.

Source: [Huntress]

Security Leaders Report Misalignment of Investments and Risk Reduction

The cyber risk landscape was analysed in a recent report that examined the amount of risk that organisations are willing to accept, their resource constraints and key priorities for approaching cyber risk in the future. The report found 66% of respondents indicating that they have limited visibility and insight into their cyber risk profiles, hindering their ability to prioritise investments and allocate resources effectively. 67% of organisations experienced a breach requiring attention within the last two years despite having traditional threat-based security measures in place. Further, 61% of security executives expressed concerns over the current misalignment between cyber security investments and their organisation's risk reduction priorities.

Source: [InfoSecurity Magazine]

Many CISOs Tout SaaS (Cloud) Cyber Security Confidence, but 79% Admit to Incidents

Cyber security, IT, and business leaders alike recognise SaaS (cloud) cyber security as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cyber security as 85% answered that they are confident or very confident in their company's or customer's data security in sanctioned SaaS apps.

Despite the confidence, 79% of respondents confirmed that their organisation had identified SaaS cyber security incidents over the past 12 months. Many of those incidents occurred in environments with cyber security policies in place and enforced, as 66% of respondents claimed in their responses.

Source: [The Hacker News]

If You Ever Used Duolingo, Watch Out for Phishing Email

Users of Duolingo, past and present, should be wary of phishing emails as data on about 2.6 million accounts were scraped through an exposed application programming interface (API), and then offered on a hacking forum back in January. Login and real names, email addresses, phone numbers, and courses studied were part of the collection, which went for $1,500. Now that data has resurfaced on a different forum, and at a substantially lower cost of just a few dollars, users of the service can expect this data to be used in fresh phishing campaigns.

Source: [PCWorld]

91% of Security and IT Professionals: Criminals are Already Using AI in Email Attacks

Recent research found that 91% of security and IT professionals are noticing cyber criminals already using AI as part of email attack campaigns, with 74% indicating they have experienced an increase in the use of AI by cyber criminals in the past six months. This is worrying as 52% reported that email security is among one of their top three concerns.

Organisations need to make sure that their technologies, procedures and policies are updated to factor in AI-enabled email attacks to help reduce the risk they pose to the organisation. Such improvements should also include employees.

Source: [PR Newswire]

Governance, Risk and Compliance

• Cyber security 'number one on the agenda in boardrooms,' Cramer says (cnbc.com)

• Firms have mere hours to deflect cyber attacks, warns cyber security CEO (cointelegraph.com)

• The End of “Groundhog Day” for the Security in the Boardroom Discussion? - SecurityWeek

• Cyber risk: the view across the boardroom table | TechRadar

• Too many businesses struggling to hire and retain talent, amplifying security risks – Digital Journal

• How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)

• Who’s Your Next Cyber Chief? Good Question. (wsj.com)

• Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)

• How the downmarket impacted enterprise cyber security budgets - Help Net Security

• What is Risk Analysis? | Definition from TechTarget

• When Leadership Style Is a Security Risk (darkreading.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

• Protect Your Cyber Security Budget and Your Organisation | Dell USA

• Rapid cyber attacks demand modernised security, says Palo Alto CEO (crypto.news)

• Cyber security Is Everyone’s Responsibility | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• The Cost of 'Good Enough' Security - GovInfoSecurity

Threats

Ransomware, Extortion and Destructive Attacks

• Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews

• Cuba ransomware gang looking for unpatched Veeam installations: Report | IT Business

• Ransomware attacks broke records in July, mainly driven by this one group | ZDNET

• Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)

• FE News | 70% of secondary schools have experienced a cyber incident. BIP shares three ways they can protect against attacks ahead of results day

• Cyber Attacks have left some hospital computers offline for 2 weeks, closing ERs and postponing surgeries

• Continued MOVEit Exploitation Drives Record Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Would You Infect Others to Rid Yourself of Ransomware? (makeuseof.com)

• How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)

• Akira ransomware gang spotted targeting Cisco VPN products to hack organisations-Security Affairs

• Scarab Ransomware Deployed Worldwide Via Spacecolon Toolset - Infosecurity Magazine (infosecurity-magazine.com)

• Why Ransomware Gangs Opt for Encryption-Less Attacks (govinfosecurity.com)

• MOVEit Health Data Breach Tally Keeps Growing (inforisktoday.com)

• British intelligence is tipping off ransomware targets to disrupt attacks (therecord.media)

• What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)

• 6 Ransomware Trends & Evolutions For 2023 (trendmicro.com)

• New Study Sheds Light on ADHUBLLKA Ransomware Network - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

• Ransomware dwell time hits new low - Help Net Security

• Three trends to watch in the growing threat landscape (betanews.com)

Ransomware Victims

• Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy | Cybernews

• Hosting firm says it lost all customer data after ransomware attack (bleepingcomputer.com)

• Cyber attacks have left some hospital computers offline for 2 weeks, closing ERs and postponing surgeries

• BlackCat ransomware group claims the hack of Seiko network -Security Affairs

• Ransomware gang threatens Raleigh Housing Authority months after devastating attack (therecord.media)

• The Estée Lauder Cos. Addresses Cyber security Attack – WWD

• Mysterious Cyber Attack Shuts Down Yet More Telescopes For Weeks | IFLScience

• St Helens Council hit by suspected Ransomware cyber attack | St Helens Star

Phishing & Email Based Attacks

• 91% of security pros say cyber criminals are using AI in email attacks | Security Magazine

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Cyber criminals turn to AI to bypass modern email security measures - Help Net Security

• New Generation of Phishing Hides Behind Trusted Services (securityintelligence.com)

• New phishing campaign recognised in Europe and South America | Security Magazine

• If you ever used Duolingo, watch out for phishing emails | PCWorld

• Open redirect flaws increasingly exploited by phishers - Help Net Security

• How to spot phishing on a hacked WordPress website | Kaspersky official blog

• The Dual Role of AI in Email Security - GovInfoSecurity

• New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)

• eBay Users Beware Russian 'Telekopye' Telegram Phishing Bot (darkreading.com)

• Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)

• Email Security: Top 5 Threats and How to Protect Your Business - ReadWrite

BEC – Business Email Compromise

• 91% of security pros say cyber criminals are using AI in email attacks | Security Magazine

• Breaking Down BEC: The Modern CISO’s Framework for Identifying, Classifying and Stopping Email Fraud (govinfosecurity.com)

Other Social Engineering; Smishing, Vishing, etc

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

Artificial Intelligence

• 91% of Security and IT Professionals Agree Cyber Criminals are Already Using AI in Email Attacks, per Report from SlashNext and Osterman Research (prnewswire.com)

• Artificial Intelligence and USBs Drive 8% Rise in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Deceptive AI Bots Spread Malware, Raise Security Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals turn to AI to bypass modern email security measures - Help Net Security

• Compliance, Risk Management and Security Are Being Impact by Generative AI... But How? | The Fintech Times

• Tricks for making AI chatbots break rules are freely available online | New Scientist

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

• Generative AI Is Scraping Your Data. So, Now What? (darkreading.com)

• Fake versions of Google Bard are spreading malware | TechRadar

• AI and the evolution of surveillance systems - Help Net Security

• The Dual Role of AI in Email Security - GovInfoSecurity

• Thinking of Deploying Generative AI? You May Already Have (govinfosecurity.com)

• Three trends to watch in the growing threat landscape (betanews.com)

• Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends

Malware

• Deceptive AI Bots Spread Malware, Raise Security Concerns - Infosecurity Magazine (infosecurity-magazine.com)

• Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)

• Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)

• HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com) Ask the Mac Guy: macOS Security Myths (huntress.com)

• New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App (thehackernews.com)

• New "Whiffy Recon" Malware Triangulates Infected Device Location via Wi-Fi Every Minute (thehackernews.com)

• Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)

Mobile

• New stealthy Android malware stumps antivirus, poses huge threat to phones, study reveals | Tech News (hindustantimes.com)

• Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection (thehackernews.com)

• “Snakes in airplane mode” – what if your phone says it’s offline but isn’t? – Naked Security (sophos.com)

• Google wants to fight pre-installed Android malware | TechSpot

• Children and smartphones: How to protect and guide them from bullying, phishing and grooming – The Irish Times

Denial of Service/DoS/DDOS

• DDoS Attacks in H1 2023 Up 200% from 2022 According to New Zayo Data | Business Wire

Internet of Things – IoT

• TP-Link smart bulbs can let hackers steal your WiFi password (bleepingcomputer.com)

• When Your Home Security System Turns the Camera on You | The Epoch Times

• Anticipating the next wave of IoT cyber security challenges - Help Net Security

• The Physical Impact of Cyber Attacks on Cities (darkreading.com)

• Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? - SecurityWeek

• Yes, Your Electric Vehicle Could Be Hacked - IEEE Spectrum

Data Breaches/Leaks

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Tesla Data Breach Investigation Reveals Inside Job (darkreading.com)

• Leak of 75k staff records was insiders' fault, Tesla claims • The Register

• Guernsey CCTV investigation widened after more footage leaked | Bailiwick Express Jersey

• Scraped data of 2.6 million Duolingo users released on hacking forum (bleepingcomputer.com)

• Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times

• How a Christie’s website revealed where people kept their art | The Seattle Times

• Defence contractor Belcan leaks admin password with a list of flaws-Security Affairs

• Critical Insight Report: 15% Drop in Breaches, 31% Surge in Victims - Infosecurity Magazine (infosecurity-magazine.com)

• What lessons must be learned from the Electoral Register cyber attack? | theHRD (thehrdirector.com)

• 5 Early Warning Indicators That Are Key to Protecting National Secrets (darkreading.com)

• Sensitive Data of 10m at Risk After French Employment Agency Breach - Infosecurity Magazine (infosecurity-magazine.com)

• University of Minnesota Confirms Data Breach, Says Ransomware Not Involved - SecurityWeek

Organised Crime & Criminal Actors

• Check Point reveals 8% spike in global cyber attacks by mid-2023 (securitybrief.co.nz)

• Attack Dwell Times Fall but Threat Actors Are Moving Faster - Infosecurity Magazine (infosecurity-magazine.com)

• UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK

• Cyber crime: A Multi-Billion-Dollar Industry (thecyberwire.com)

• Bruce Schneier gets inside the hacker's mind | CyberScoop

• Hacking group KittenSec claims to 'pwn anything we see' to expose corruption | CyberScoop

• Ransomware dwell time hits new low - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• What the Hive Ransomware Case Says About RaaS and Cryptocurrency (darkreading.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

Insider Risk and Insider Threats

• Leak of 75k staff records was insiders' fault, Tesla claims • The Register

• Police Insider Tipped Off Criminal Friend About EncroChat Bust - Infosecurity Magazine (infosecurity-magazine.com)

• Three trends to watch in the growing threat landscape (betanews.com)

• Phish in a Barrel: Real-World Cyber Attack Examples (govinfosecurity.com)

Fraud, Scams & Financial Crime

• Interpol arrest 14 who allegedly scammed $40m from victims • The Register

• Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg

• Billion Dollar Heist: The simple typo that stopped the Bangladesh bank robbers from stealing $1 billion (ladbible.com)

• Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)

• Blockchain Capital’s Bart Stephens Lost $6.3 Million In SIM-Swap Hack (forbes.com)

• Surge in identity crime victims reporting suicidal thoughts - Help Net Security

Impersonation Attacks

• How to spot phishing on a hacked WordPress website | Kaspersky official blog

Deepfakes

• What Is Virtual Kidnapping and How Can You Fight It? (makeuseof.com)

Insurance

• Insurer Denies Coverage Under Professional Liability Policy for Lawyer’s Email Compromise | Robinson+Cole Data Privacy + Security Insider - JDSupra

• Cyber security insurance is missing the risk - Help Net Security

• Cyber Security Insurance Market worth $17.6 billion by 2028 - Exclusive Report by MarketsandMarkets™ (prnewswire.com)

• Cyber Security Insurance Market Size & Share Analysis - (globenewswire.com)

• The Shifting Dynamics of Cyber Insurance - BankInfoSecurity

• Global Cyber Security Insurance Market to Reach USD 33.4 Billion by 2028, Driven by Rising Cyber Threats and Regulatory Compliance (prnewswire.com)

Dark Web

• Thousands of Charity Donors Have Details Leaked Onto Dark Web | The Epoch Times

Supply Chain and Third Parties

• New Chinese APT Group Launches Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED

• Supply chain as kill chain | ITPro

Cloud/SaaS

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

• Cloud hosting firms hit by devastating ransomware attack - Help Net Security

• Warning: Attackers Abusing Legitimate Internet Services (inforisktoday.com)

• How to conduct a cloud security assessment | TechTarget

• Maintaining consistent security in diverse cloud infrastructures - Help Net Security

• How API authentication vulnerabilities are at the center of cloud security concerns | CSO Online

• CISOs Tout SaaS Cyber Security Confidence, But 79% Admit to SaaS Incidents, New Report Finds (thehackernews.com)

• Lack of visibility into cloud access policies leaves enterprises flying blind - Help Net Security

• Cloud services are creating more cyber-risks for telcos   - Mobile Europe

Identity and Access Management

• Ongoing Duo outage causes Azure Auth authentication errors (bleepingcomputer.com)

• Cisco's Duo Security suffers major authentication outage • The Register

Encryption

• Apple security updates could be banned by British government (9to5mac.com)

API

• Understanding how attackers exploit APIs is more important than ever - Help Net Security

• How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online

Biometrics

• ICO publishes guidance on use of biometric data in the UK - Tech Monitor

• Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)

• Facial Recognition Technology (FRT) Statistics for 2023 (techreport.com)

• Biometric payment systems raise privacy concerns (iapp.org)

Social Media

• Global warning issued on social media data scraping (iapp.org)

Malvertising

• Sneaky Amazon Google ad leads to Microsoft support scam (bleepingcomputer.com)

• Malware-infected advertising grows ever more sophisticated, and lethal - SiliconANGLE

• Careful -- Hackers are targeting Google Bard ads for malware | Digital Trends

Training, Education and Awareness

• 2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

Parental Controls and Child Safety

• Report reveals insights on cyber security conversations with children | Security Magazine

• Children and smartphones: How to protect and guide them from bullying, phishing and grooming – The Irish Times

Cyber Bullying, Cyber Stalking and Sextortion

• Nearly a third of young people preyed on by "text pest" delivery drivers (bitdefender.com)

Regulations, Fines and Legislation

• Apple security updates could be banned by British government (9to5mac.com)

• How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security

• Cyber Security Laws and Regulations in Germany | UpGuard

• Morgan Stanley Fined for UK Energy Trading WhatsApp Breach (yahoo.com)

• New NCUA Rule Requires Swift Cyber Incident Reporting - Infosecurity Magazine (infosecurity-magazine.com)

• SEC Cyber Security Rules: Considerations for Incident Response Planning | Holland & Knight LLP - JDSupra

• Controversial Cyber crime Law Passes in Jordan (darkreading.com)

• Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)

• Strengthening Cyber Security In Finance: A Look At EU DORA Regulations (forbes.com)

• Proposed bill would require vulnerability disclosure policies for all federal contractors (therecord.media)

Backup and Recovery

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

Data Protection

• ICO publishes guidance on use of biometric data in the UK - Tech Monitor

• Experian Pays $650,000 to Settle Spam Claims - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Too many businesses struggling to hire and retain talent, amplifying security risks – Digital Journal

• Unrealistic expectations exacerbate the cyber security talent shortage - Help Net Security

• It's Time to Approach The Cyber Security Skills Gap Differently - IT Security Guru

• How To Become Chief Information Security Officer - The Economic Times (indiatimes.com)

• 4 ways simulation training alleviates team burnout - Help Net Security

• Government Urges More Students to Be Cyber Explorers - Infosecurity Magazine (infosecurity-magazine.com)

• Tens of thousands of students receive free training to build cyber skills - The Business Magazine

• 90% of Consumers Worry Cyber Security’s Future Is in Jeopardy if Students Aren’t Exposed to the Field at an Earlier Age - IT Security Guru

• 5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast

• The Importance of Accessible and Inclusive Cyber Security (securityintelligence.com)

Law Enforcement Action and Take Downs

• Interpol arrest 14 who allegedly scammed $40m from victims • The Register

• UK Court Convicts Lapsus$ Hacker for Breaching ISP BT and EE UPDATE - ISPreview UK

• Two dozen arrested, hundreds of malicious IPs taken down in African cyber crime operation | CyberScoop

• Germany Hunts for Cyber Criminals Amid Billion-Euro Scams - Bloomberg

• Police Insider Tipped Off Criminal Friend About EncroChat Bust - Infosecurity Magazine (infosecurity-magazine.com)

Privacy, Surveillance and Mass Monitoring

• Is Facial Recognition Technology Becoming a Privacy Risk? (makeuseof.com)

• When Your Home Security System Turns the Camera on You | The Epoch Times

• Biometric payment systems raise privacy concerns (iapp.org)

• AI and the evolution of surveillance systems - Help Net Security

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Intelligence agencies warn foreign spies are targeting US space companies - Times of India (indiatimes.com)

• Incident response lessons learned from the Russian attack on Viasat | CSO Online

• Ukrainian hackers claim to leak emails of Russian parliament deputy chief (therecord.media)

• New Telegram Bot "Telekopye" Powering Large-scale Phishing Scams from Russia (thehackernews.com)

China

• Mounting Cyber Espionage and Hacking Threat from China - Modern Diplomacy

• Cyberespionage campaign by China's Ministry of State Security. CSRB will look into cyberespionage against Microsoft Exchange. Attacks against industrial systems. Threats to satellite communications. (thecyberwire.com)

• HiatusRAT Malware Resurfaces: Taiwan Firms and US Military Under Attack (thehackernews.com)

• New Chinese APT Group Launches Supply Chain Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• New Supply Chain Attack Hit Close to 100 Victims—and Clues Point to China | WIRED

• Exposed: the Chinese spy using LinkedIn to hunt UK secrets (thetimes.co.uk)

• FBI: Suspected Chinese actors continue Barracuda ESG attacks | TechTarget

• Microsoft says Chinese hacking crew is targeting Taiwan | CyberScoop

• US space companies face foreign spy threat, intelligence agencies say (usatoday.com) 

North Korea

• N. Korean Kimsuky APT targets S. Korea-US military exercises-Security Affairs

• Researchers Uncover New Lazarus Group Malware Details | Decipher (duo.com)

• North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI | Tripwire

Misc/Other/Unknown

• Syrian Threat Actor EVLF Unmasked as Creator of CypherRAT and CraxsRAT Android Malware (thehackernews.com)

Vulnerability Management

• NCSC issues warning on cyber vulnerabilities (ukdefencejournal.org.uk)

• How EU lawmakers can make mandatory vulnerability disclosure responsible - Help Net Security

Vulnerabilities

• Juniper Networks fixes flaws leading to RCE in firewalls and switches - Help Net Security

• Serious WinRAR Flaw Can Be Exploited to Launch Malware (pcmag.com)

• Ivanti issues fix for third zero-day flaw exploited in the wild | TechTarget

• Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability - SecurityWeek

• FBI: Patches for Recent Barracuda ESG Zero-Day Ineffective - SecurityWeek

• GDS: Microsoft, Intel confirm "Downfall" of 7th, 8th, 9th, 10th, 11th Gen CPUs, firmware out - Neowin

• Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog (thehackernews.com)

• 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability - SecurityWeek

• Western Digital patches potentially dangerous security flaw, so update now | TechRadar

Tools and Controls

• The Importance Of SaaS Backup And Disaster Recovery: Reasons To Consider (informationsecuritybuzz.com)

• How Cyber Security Leaders Can Help Lower Expenses While Reducing Risk (informationweek.com)

• Security leaders report misalignment of investments and risk reduction | Security Magazine

• Cyber security insurance is missing the risk - Help Net Security

• Cyber security Insurance Market worth $17.6 billion by 2028

• Bolstering Cyber Security: Why Browser Security Is Crucial (inforisktoday.com)

• How Application Allowlisting Combats Ransomware Attacks (securityintelligence.com)

• The Vanishing Data Loss Prevention (DLP) Category - IT Security Guru

• Cyber Security: CASB vs SASE-Security Affairs

• Unveiling the Hidden Risks of Routing Protocols (darkreading.com)

• Hackers use VPN provider's code certificate to sign malware (bleepingcomputer.com)

• Network detection and response in the modern era - Help Net Security

• What’s Beyond SASE? The Next Steps (informationsecuritybuzz.com)

• Prevention First: Don’t Neglect Endpoint Security | CSO Online

• More Than Half of Browser Extensions Pose Security Risks (darkreading.com)

• Protect Your Cyber Security Budget and Your Organisation | Dell USA

• How the downmarket impacted enterprise cyber security budgets - Help Net Security

• Compliance, Risk Management and Security Are Being Impact by Generative AI... But How? | The Fintech Times

• SEC Cyber Security Rules: Considerations for Incident Response Planning

• How to conduct a cloud security assessment | TechTarget

• Maintaining consistent security in diverse cloud infrastructures - Help Net Security

• How API authentication vulnerabilities are at the centre of cloud security concerns | CSO Online

• The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)

• 2023 Cyber Security Awareness Month Appeal: Make Online Security Easier (govtech.com)

• The MOVEit hack and what it taught us about application security (bleepingcomputer.com)

• The Changing Landscape of Cyber Security Education (inforisktoday.com)

• The Dual Role of AI in Email Security - GovInfoSecurity

• Akamai Survey Finds Third-Party Defences Help Reduce Risk from Online Threats (prnewswire.com)

• The Shifting Dynamics of Cyber Insurance - BankInfoSecurity

• Global Cyber Security Insurance Market to Reach USD 33.4 Billion by 2028, Driven by Rising Cyber Threats and Regulatory Compliance (prnewswire.com)

• 5 Best Practices for Implementing Risk-First Cyber Security (darkreading.com)

• What's Going on With LastPass, and is it Safe to Use? (securityintelligence.com)

• Malicious web application transactions skyrocket 500% (securitybrief.co.nz)

Other News

• Our health care system may soon receive a much-needed cyber security boost | Ars Technica

• Swan Retail cyber attack: 300 retailers crippled by breach (techmonitor.ai)

• Cyber Attackers lie in wait as federal tech agencies brace for a mass exit of top officials - Washington Times

• Cyber Attack on Energy One affects corporate systems in Australia and the UK | CSO Online

• Vendors criticize Microsoft for repeated security failings | TechTarget

• Microsoft's become a cyber security titan. That could be a problem - Tech Monitor

• Global Naval Communication Market Research Report (globenewswire.com)

• The CSO guide to top security conferences | CSO Online

• IT's rising role in physical security technology - Help Net Security

• Construction businesses are at risk as nation-state attacks are on the rise - Construction & Civil Engineering magazine (ccemagazine.com)

• Hackers knocked out San Francisco's main real estate database | Fortune

• Microsoft's 6 Biggest Hacks: Is Better Security Needed? (makeuseof.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.