Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 16 February 2024
Black Arrow Cyber Threat Intelligence Briefing 16 February 2024:
-Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
-Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
-Leveraging Threat Intelligence for Regulatory compliance
-The Risks of Quishing and How Enterprises Can Stay Secure
-Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
-Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
-Cyber Risk Management: Bring Security to the Boardroom
-Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
-Nation State Actors Intensify Focus on NATO Member States
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Active Phishing Campaigns Targeting Office 365, Another Forcing Remote Management Software Downloads
Proofpoint have released an alert relating to an active hacking operation in which cyber criminals are employing phishing traps and shared Office 365 documents to steal credentials. Hackers have been threading together credential phishing and account takeover (ATO) tactics to gain access to enterprise resources, with multiple organisations already hit. One of the identified methods in use involves attackers inserting links that direct users to click to view a document. This subsequently links them to a phishing page controlled by the attacker.
In another currently active phishing campaign, threat actors are targeting potential victims via email and SMS, with personalised content to match victim roles within their organisation. But instead of phishing for information directly, they are convincing victims to download remote monitoring and management software. Victims were directed to newly registered websites mimicking various financial institutions and asked to download a “live chat application”, which turned out to be an old version of AnyDesk. Once downloaded, the software would then allow full access to victim’s machine and network resources.
Sources: [Verdict] [Help Net Security]
Cyber Security is Your Defensive Strategy, Cyber Resilience is Your Business
A cyber attack is a matter of when, not if, and as such businesses must prepare for such an event happening to them. Whilst cyber security aims to defend the organisation, cyber resilience is about ensuring that your digital operations, which are the heart of your organisation, can withstand and quickly recover from any cyber attack, technical malfunction, or even deliberate tampering. If we think back to Covid, a lot of organisations suddenly had to adapt, to ensure that they could function as close to normal as possible. How many have tested their organisation’s ability to continue work since, or prepared for a loss of access to critical systems for an extended period of time? It’s the cyber resilient organisations that know they’ve made the right investments to significantly reduce the risk of their operations grinding to a halt.
Source: [Security Brief]
Leveraging Threat Intelligence for Regulatory Compliance
The collective improvement of cyber security is a high international priority and a wealth of EU legislation, such as NIS2 and the Digital Operational Resilience Act (DORA) is in the pipeline, to oblige organisations to understand and manage their cyber risks appropriately. As part of these regulations, threat intelligence is often a feature that can be leveraged to improve cyber resilience.
Threat intelligence can be collected from a variety of sources such as governmental advisories, dark web monitoring, private sector feeds, intelligence-sharing communities and open source information. The key for organisations is to be able to digest this, and apply it accordingly to their specific organisation, to improve their cyber resilience efforts.
Black Arrow provides weekly threat intelligence free of charge through our online blog and weekly subscription summary email. To sign up, visit https://www.blackarrowcyber.com/subscribe
Source: [BetaNews]
The Risks of Quishing and How Enterprises Can Stay Secure
QR codes have surged in popularity in the past two years, mainly due to their convenient and touchless features that streamline daily transactions, making it easy for users to scan and access information quickly. However, this surge in popularity has also caught the attention of cyber criminals, who exploit QR codes to perpetrate phishing attacks, known as "quishing." Attackers use tactics, such as disguising malicious QR codes in seemingly legitimate contexts; these pose substantial risks, leading to compromised personal and corporate data, financial loss, and reputational damage. Organisations must prioritise understanding and fortifying defences against quishing, as these attacks pose significant risks to both individuals and organisations. By educating employees on discerning phishing attempts, enforcing device security measures, and leveraging specialised solutions, organisations can bolster their resilience against QR code-based cyber threats and safeguard their digital assets effectively.
Source: [Zimperium]
Phishing Attacks Increased 106% Year Over Year as 91% of Organisations Impacted by AI-enhanced Phishing Attacks
A recent report found that phishing attempts increased 106% year on year, with malware detections up 40%. In a separate report on phishing, it was found that 91% of organisation were impacted by AI-enhanced phishing attacks. Such numbers reinforce the reason for organisations to implement effective phishing training, and this should include training regarding AI-enhanced phishing emails.
Sources: [The Fintech Times] [Security Magazine]
Microsoft and OpenAI Warn State-backed Threat Actors are Using AI En Masse to Wage Cyber Attacks
Microsoft has released a report detailing how prominent state-linked actors are using generative AI to enhance their attack methods. Russian, North Korean, Iranian, and Chinese-backed threat actors are attempting to use generative AI to inform, enhance, and refine their attacks, according to the report. It’s clear that AI is a double-edged sword, and organisations must implement processes to reduce their risk and increase their resilience to it.
Source: [ITPro]
Cyber Risk Management: Bring Security to the Boardroom
Organisations are facing the dual challenge of managing business risk and aligning with ever-expanding cyber security goals; as such, the need for a robust cyber risk management strategy is more critical than ever. This calls for organisations to effectively communicate their security posture to the board with relevant metrics.
Engaging the board requires a strategic approach, emphasising clear communication and contextual visibility. Board members are already increasingly recognising the impact of poor security on an organisation’s reputation, budget, and overall well-being; it is essential to translate security concerns into tangible metrics that resonate with the board. Real-time metrics, alignment with business goals, and educating the board on cyber security nuances can help build the foundation for such a strategy.
Source: [Trend Micro]
Trustees Open to Cyber Risks by Not Responding to NCSC Reporting Changes
Recent changes in the National Cyber Security Centre's (NCSC) threat reporting framework have prompted a call to action for pension scheme advisors.
Cyber security has fast become one of the biggest threats to pension schemes. Data breeches, scamming, ransomware, fraud: these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defence measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and ensure that reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.
Source: [The HR Director]
Nation State Actors Intensify Focus on NATO Member States
The head of threat research and analysis at Google Cloud has highlighted that nation state actors consider cyber warfare as another tool in their box, noting the current ongoing cyber warfare between Russia and Ukraine. Separate reports have found that the cyber war has extended to NATO member states, with initial access brokers (individuals who sell credentials to organisations) increasingly targeting entities within NATO member states.
Sources: [Help Net Security] [World Economic Forum ] [Inforisktoday] [Help Net Security]
Governance, Risk and Compliance
Leveraging threat intelligence for regulatory compliance (betanews.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Cyber Risk Management: Bring Security to the Boardroom (trendmicro.com)
A changing world requires CISOs to rethink cyber preparedness | CSO Online
Cyber Security teams recognized as key enablers of business goals - Help Net Security
26 Cyber Security Stats Every User Should Be Aware Of in 2024 (securityaffairs.com)
Fortifying Businesses Against Modern Information Threats (forbes.com)
Executives must face down state-sponsored hacking groups targeting firmware | Computer Weekly
Cyber Security is your defensive strategy, cyber resilience is your business (securitybrief.co.nz)
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
New macOS Backdoor Linked to Prominent Ransomware Groups - SecurityWeek
Ransomware tactics evolve, become scrappier - Help Net Security
Rhysida Ransomware Cracked, Free Decryption Tool Released (thehackernews.com)
Dual Ransomware Attacks: A Quicker Route to Extortion - Security Boulevard
Ransomware Victims
Ransomware Groups Claim Hits on Hyundai Motor Europe and a California Union (darkreading.com)
Cyber Attack hits Swedish cloud provider Advania, healthcare services impacted | Cybernews
PR industry affected as media monitoring firm Onclusive hit by cyber attack | PR Week
German battery maker Varta says five plants hit by cyber attack - CNA (channelnewsasia.com)
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
Phishing & Email Based Attacks
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Corporate users getting tricked into downloading AnyDesk - Help Net Security
Phishing attacks increased 106% year over year | Security Magazine
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge - Help Net Security
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
How are attackers using QR codes in phishing emails and lure documents? (talosintelligence.com)
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
2023 Year in Review: Phishing Attacks and Trends (vadesecure.com)
London police block 43 crypto phishing web domains (cointelegraph.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Other Social Engineering
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
QR code attacks target organizations in ways they least expect - Help Net Security
The Risks of Quishing and How Enterprises Can Stay Secure - Zimperium
Artificial Intelligence
Deepfake CFO Video Calls Result in $25MM in Damages (trendmicro.com)
91.1% of Organisations Impacted by AI-Enhanced Phishing Attacks, Acronis Reports | The Fintech Times
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
55% of Generative AI Inputs Include Sensitive Data: Menlo Security - Security Boulevard
We're at a Pivotal Moment for AI and Cyber Security (darkreading.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Cyber criminals get productivity boost with AI - Help Net Security
Stolen Face ID scans used to break into bank accounts • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
The Coming End of Biometrics Hastens AI-Driven Security - Security Boulevard
Rental scams could soar as AI spreads, warns industry... (lettingagenttoday.co.uk)
Cyber Security Threats: How To Fight AI With AI (forbes.com)
The rise of AI threats and cyber security: predictions for 2024 | World Economic Forum (weforum.org)
2FA/MFA
MFA isn't always keeping businesses safe from cyber attack | TechRadar
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Malware
RustDoor malware targets macOS users by posing as a Visual Studio Update - gHacks Tech News
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
VexTrio network of hijacked websites used to spread malware • The Register
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks (darkreading.com)
Suspected Warzone RAT hackers arrested | SC Media (scmagazine.com)
From Cracked to Hacked: Malware Spread via YouTube Videos (cybereason.com)
Bumblebee malware attacks are back after 4-month break (bleepingcomputer.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
Glupteba Botnet Adds UEFI Bootkit to Cyber Attack Toolbox (darkreading.com)
Understanding the tactics of stealthy hunter-killer malware - Help Net Security
Miscreants turn to ad tech to measure malware metrics • The Register
New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer.com)
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Mobile
Stolen Face ID scans used to break into bank accounts • The Register
Google Chrome Warning Suddenly Issued For All Android Users (forbes.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
Meta brushes off risk of account theft via number recycling • The Register
This new Android feature could help save you from phishing and malware – here's how | TechRadar
Denial of Service/DoS/DDOS
Cyber Security sectors adjust as DDoS attacks reach new heights - Help Net Security
How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack | Google Cloud Blog
Telecoms was the most targeted sector for DDoS attacks in 2023
DDoS Hacktivism is Back With a Geopolitical Vengeance - SecurityWeek
Internet of Things – IoT
Data Breaches/Leaks
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
Caravan club admits members' personal data possibly accessed • The Register
DOD notifying people who may be impacted by a year-old data breach | DefenseScoop
The Southern Water cyber attack highlights the wave of threats faced by utilities companies | ITPro
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Prudential says hackers gained access to its computer systems | The Star
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
DNA testing: What happens if your genetic data is hacked? - BBC Future
BMW security error left valuable private company data exposed online | TechRadar
Organised Crime & Criminal Actors
5 Things Movies Always Get Wrong About Computer Hackers (slashgear.com)
9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data (securityaffairs.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Verizon Breach – Malicious Insider or Innocuous Click? - IT Security Guru
Insider threat greatest mid-market cyber security concern - CIR Magazine
Supply Chain and Third Parties
Bank of America warns customers of data breach after vendor hack (bleepingcomputer.com)
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
Jet engine dealer to major airlines discloses cyber snafu • The Register
AI outsourcing: A strategic guide to managing third-party risks - Help Net Security
6 best practices for third-party risk management | CSO Online
Software security debt piles up for organisations even as critical flaws drop | CSO Online
Cloud/SaaS
Threat actors in phishing campaign targeted at Office 365 (verdict.co.uk)
Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA | Ars Technica
Benefits and challenges of managed cloud security services | TechTarget
Encryption
Social Media
Meta brushes off risk of account theft via number recycling • The Register
200,000 Facebook Marketplace user records leaked on hacking forum (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
FCC orders telecom carriers to report PII data breaches within 30 days (bleepingcomputer.com)
Models, Frameworks and Standards
Benefits And Cautions Of Aligning With Cyber Security Frameworks (forbes.com)
Key strategies for ISO 27001 compliance adoption - Help Net Security
Data Protection
Careers, Working in Cyber and Information Security
UK cyber skills gap risk to businesses and national security | TechRadar
Higher education offers limited benefit to many infosec pros | SC Media (scmagazine.com)
We can’t risk losing staff to alert fatigue - Help Net Security
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Why we fall for fake news and how can we change that? - Help Net Security
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Deepfake Democracy: AI Technology Complicates Election Security (darkreading.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
Cyber threats cast shadow over 2024 elections - Help Net Security
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Rise in cyberwarfare tactics fueled by geopolitical tensions - Help Net Security
Threat actors intensify focus on NATO member states - Help Net Security
Nation State Actors
China
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
US Official Warns of China’s Growing Offensive Cyber Power – The Diplomat
China Targets US Hacking Ops in Media Offensive - Infosecurity Magazine (infosecurity-magazine.com)
Threat actors intensify focus on NATO member states - Help Net Security
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years - SecurityWeek
Top US Venture Firms Funded Blacklisted Chinese Companies, House Committee Says | Mint
Russia
Microsoft and OpenAI thwart AI use by state-affiliated hackers (geekwire.com)
Russia And China Use OpenAI Tools To Hack, Microsoft Warns (forbes.com)
Russia Continues to Focus on Cyber Operations and Espionage (inforisktoday.com)
Russian banks beat App Store Review using fake apps (appleinsider.com)
France uncovers a vast Russian disinformation campaign in Europe (economist.com)
Kremlin dismisses Europe's warnings about 'Russian propaganda' | Reuters
The methods of Russian interference in Scottish politics (ukdefencejournal.org.uk)
Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor (thehackernews.com)
Iran
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Iranian cyber attacks targeting US and Israeli entities | TechTarget
North Korea
How 'Big 4' Nations' Cyber Capabilities Threaten the West (darkreading.com)
Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea (thehackernews.com)
North Korea turns to designing gambling websites for cash • The Register
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Security experts: Investigatory powers plans will delay security updates | Computer Weekly
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
Vulnerabilities
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (bleepingcomputer.com)
Zoom stomps critical privilege escalation bug, 6 other flaws • The Register
Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices (thehackernews.com)
Hackers used new Windows Defender zero-day to drop DarkMe malware (bleepingcomputer.com)
ESET Patches High-Severity Privilege Escalation Vulnerability - SecurityWeek
CISA: Roundcube email server bug now exploited in attacks (bleepingcomputer.com)
Urgent patches available for QNAP vulnerabilities, one 0-day • The Register
Tools and Controls
Leveraging threat intelligence for regulatory compliance (betanews.com)
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
It's Time to Rethink Third-Party Risk Assessment (darkreading.com)
MFA isn't always keeping businesses safe from cyber attack | TechRadar
Understand the pros and cons of enterprise password managers | TechTarget
4 Ways Hackers use Social Engineering to Bypass MFA (thehackernews.com)
This botched migration shows why you need to deal with legacy tech | ZDNET
Benefits and challenges of managed cloud security services | TechTarget
5 Steps to Improve Your Security Posture in Microsoft Teams (bleepingcomputer.com)
No Security Scrutiny for Half of Major Code Changes: AppSec Survey - SecurityWeek
10 Security Metrics Categories CISOs Should Present to the Board (darkreading.com)
Three critical application security flaws scanners can’t detect (bleepingcomputer.com)
What is Threat Detection and Incident Response? - Security Boulevard
Reports Published in the Last Week
Other News
This botched migration shows why you need to deal with legacy tech | ZDNET
What is Threat Detection and Incident Response? - Security Boulevard
How Non-Profits and NGOs Deal with Cyber Attacks - Infosecurity Magazine (infosecurity-magazine.com)
Here's how we get young people to rally for cyber security | World Economic Forum (weforum.org)
Types of Cyber security Threats and Vulnerabilities - Security Boulevard
Hacking the flow: The consequences of compromised water systems - Help Net Security
Dutch insurers still requiring nudes from cancer patients • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling·
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 September 2023
Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:
-New Ransomware Victims Surge by 47% as Small Businesses Targeted
-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
-SMEs Overestimate Their Cyber Security Preparedness
-China’s Hacking Power Bigger Than Rest of World Combined
-Cyber Insurance Claims for Ransomware Reach Record High
-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
-Half of Executives Expect Supply Chain Challenges
-How Social Engineering Takes Advantage of Your Kindness
-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Ransomware Victims Surge by 47% as Small Businesses Targeted
Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.
Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.
Source [Infosecurity Magazine]
MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.
The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens.
Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]
SMEs Overestimate Their Cyber Security Preparedness
According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.
The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Helpnet Security] [Security Magazine]
China’s Hacking Power Bigger Than Rest of World Combined
In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.
This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.
Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]
Cyber Insurance Claims for Ransomware Reach Record High
A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.
The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.
Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]
Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.
This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.
Sources: [MSSP Alert] [Tech Radar]
Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.
One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.
Source: [Synack]
Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.
The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?
Sources [PC Mag]
Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.
The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.
Sources: [Computer Weekly] [CSO Online]
Half of Executives Expect Supply Chain Challenges
With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.
One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.
Sources [PRnewswire] [SiliconANGLE]
How Social Engineering Takes Advantage of Your Kindness
Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.
Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.
Source: [Engadget]
Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.
Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.
Source: [Information Security Buzz]
Governance, Risk and Compliance
Cyber security still remains the greatest concern for many executives | TechRadar
Cyber attacks are constant and test even the best | Newsroom
Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)
SMEs overestimate their cyber security preparedness - Help Net Security
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Organisations failing to proactively address insider cyber risk | Computer Weekly
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert
Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)
How to Get Your Board on Board With Cyber security (darkreading.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Poor digital experience a blocker for cyber resilience | Computer Weekly
What is Governance, Risk and Compliance (GRC)? | TechTarget Definition
How to prevent and prepare for a cyber catastrophe (securityintelligence.com)
2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)
Why more security doesn’t mean more effective compliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com
Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)
‘Top’ ransomware gangs favour smaller businesses | Computer Weekly
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Ransomware group's evolving tactics pose growing threat - Nextgov/FCW
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)
Scattered Spider, Alphv, and the MGM hack, explained - The Hustle
Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)
What is Extortionware? How is it Different from Ransomware? (techtarget.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Cyber insurance claims for ransomware reach record high (betanews.com)
Ransomware gang targeting defence firms, FBI warns - Defence One
Scattered Spider snares 100+ victims, moves into ransomware • The Register
BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)
Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week
Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)
Ransomware vs. resources: A higher education dilemma - eCampus News
Ransomware Victims
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k
Clorox products in short supply after cyber attack disrupts operations | CNN Business
Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)
UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)
Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)
Major trucking software provider confirms ransomware incident (therecord.media)
Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)
Phishing & Email Based Attacks
HR phishing: self-evaluation questionnaire | Kaspersky official blog
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
How social engineering takes advantage of your kindness (engadget.com)
Artificial Intelligence
Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag
NSA Report: Deepfakes Threaten National Security | MSSP Alert
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)
Companies still don’t know how to handle generative AI risks - Help Net Security
85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)
McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)
Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)
2FA/MFA
Malware
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)
Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Mobile
Dangerous permissions detected in top Android health apps (securityaffairs.com)
Android security updates: Everything you need to know | Android Central
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Botnets
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)
No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)
Data Breaches/Leaks
Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Police data breach: 20,000 data points 'at risk' (computing.co.uk)
CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)
Pizza Hut Australia hack: data breach exposes customer information and order details | Australia
Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)
T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK
TransUnion says dump of customer data came from third party • The Register
US govt IT worker accused of leaking top secrets • The Register
Organised Crime & Criminal Actors
Europol lifts the lid on cyber crime tactics (malwarebytes.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
India's biggest tech centres named as cyber crime hotspots • The Register
Scattered Spider snares 100+ victims, moves into ransomware • The Register
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Insider Risk and Insider Threats
Organisations failing to proactively address insider cyber risk | Computer Weekly
HR’s role in cyber security and insider threat mitigation - Hindustan Times
Fraud, Scams & Financial Crime
Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)
Court sentences pair for India-based robocall scam • The Register
Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK
Singapore to detail fraud liability split for bank & victim • The Register
Deepfakes
Insurance
Cyber insurance claims for ransomware reach record high (betanews.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Dark Web
Supply Chain and Third Parties
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
Software Supply Chain
Cloud/SaaS
Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)
IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World
Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)
Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
EU's quest to fix the internet could become a privacy nightmare | TechRadar
UK Minister Warns Meta Over End-to-End Encryption - Security Week
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)
Open Source
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)
Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)
Social Media
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)
UK Minister Warns Meta Over End-to-End Encryption - Security Week
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK Minister Warns Meta Over End-to-End Encryption - Security Week
EU's quest to fix the internet could become a privacy nightmare | TechRadar
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Models, Frameworks and Standards
How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
IT pros told to accept burnout as normal part of their job - Help Net Security
Wanted: another 3mn cyber professionals | Financial Times (ft.com)
Law Enforcement Action and Take Downs
How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)
Court sentences pair for India-based robocall scam • The Register
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
EU's quest to fix the internet could become a privacy nightmare | TechRadar
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
International Criminal Court hacked amid Russia probe • The Register
Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)
Russian allegedly smuggled US weapons electronics to Moscow • The Register
China
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
FBI chief says China has bigger hacking program than the competition combined | Reuters
EU warns China on Ukraine disinformation and cyber attacks – POLITICO
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)
Iran
Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)
Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)
North Korea
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)
Misc Nation State/Cyber Warfare
Vulnerability Management
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned | CISA
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)
Vulnerabilities
Fortinet Releases Security Updates for Multiple Products | CISA
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac
If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar
GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)
Microsoft releases firmware update for all Surface devices | TechSpot
Tools and Controls
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)
Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)
Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Shadow IT: Security policies may be a problem - Help Net Security
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
How Choosing Authentication Is a Business-Critical Decision (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Reports Published in the Last Week
Other News
Why automakers are worried your car is the next target for cyber attacks - CityAM
Consumers are being bombarded with billions of threats every year | TechRadar
Bad torts: Law firms feel the heat from rising cyber threats (synack.com)
SME Cyber Security – Time for a New Approach? - IT Security Guru
Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)
Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online
Home Office sets up cyber security for Emergency Services Network | UKAuthority
Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)
Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)
Cyber on the battlefield is about more than IT - Nextgov/FCW
Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week
Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week
Singapore's retail banks take steps to enhance cyber security (finextra.com)
Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)
Strong compliance management is crucial for fintech-bank partnerships - Help Net Security
Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)
Dairy industry teams with cyber security group to beef up defences | Food Dive
Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)
GCHQ chief takes job in private security company | The Independent
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 April 2023
Black Arrow Cyber Threat Briefing 28 April 2023:
- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key
- Shadow IT, SaaS Pose Security Liability for Enterprises
- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
- Over 70 billion Unprotected Files Available on Unsecured Web Servers
- Cyber Thieves Are Getting More Creative
- Modernising Vulnerability Management: The Move Toward Exposure Management
- Almost Three-quarters of Cyber Attacks Involve Ransomware
- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
- Email Threat Report 2023: Key Takeaways
- 5 Most Dangerous New Attack Techniques
- Many Public Salesforce Sites are Leaking Private Data
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key
Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.
Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.
Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.
Shadow IT, SaaS Pose Security Liability for Enterprises
There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.
A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.
To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.
https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises
The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.
According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.
Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.
The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.
Over 70 Billion Unprotected Files Available on Unsecured Web Servers
A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.
The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.
Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/
Cyber Thieves Are Getting More Creative
Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.
Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.
https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative
Modernising Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.
Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.
As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.
https://thehackernews.com/2023/04/modernizing-vulnerability-management.html
Two-thirds of Cyber Attacks Involve Ransomware
A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.
Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).
Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.
When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.
https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/
NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.
Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.
https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/
Email Threat Report 2023: Key Takeaways
According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.
With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.
https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/
5 Most Dangerous New Attack Techniques
Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.
The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.
https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.
It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
Threats
Ransomware, Extortion and Destructive Attacks
New coercive tactics used to extort ransomware payments - Help Net Security
Almost three-quarters of cyber attacks involve ransomware | Computer Weekly
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)
Tank storage company Vopak hacked, Ransomware groups report | NL Times
Health insurer Point32Health suffered a ransomware attack-Security Affairs
Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser
RSAC speaker offers ransomware victims unconventional advice | TechTarget
How ransomware victims can make the best of a bad situation | TechTarget
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
CommScope employees left in the dark after ransomware attack | TechCrunch
Phishing & Email Based Attacks
How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)
BEC – Business Email Compromise
2FA/MFA
CrowdStrike details new MFA bypass, credential theft attack | TechTarget
Phishing-resistant MFA shapes the future of authentication forms - Help Net Security
Malware
Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)
Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)
EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)
Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)
This evil malware disables your security software, then goes in for the kill | TechRadar
Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Mobile
WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)
'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Many Public Salesforce Sites are Leaking Private Data – Krebs on Security
American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)
American Bar Association (ABA) suffered a data breach-Security Affairs
Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)
Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)
Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)
Vantage Travel Experiences Data Security Incident (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
The IRS is sending four investigators across the world to fight cyber crime | TechCrunch
US deploys more cyber forces abroad to help fight hackers | Reuters
The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
That 3CX supply chain attack keeps getting worse • The Register
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
North Korean hackers breach software firm in significant cyber attack | CNN Politics
SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)
A third-party’s perspective on third-party InfoSec risk management - Help Net Security
Software Supply Chain
Cloud/SaaS
Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)
Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)
How CISOs navigate security and compliance in a multi-cloud world - Help Net Security
Security experts found a major bug in Google Cloud | TechRadar
Most SaaS adopters exposed to browser-borne attacks - Help Net Security
Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)
Google accounts attacked and hijacked by this devious security flaw | TechRadar
Containers
Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Attack Surface Management
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Study of past cyber attacks can improve organisations' defence strategies - Help Net Security
Shadow IT
Identity and Access Management
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Open Source
The double-edged sword of open-source software - Help Net Security
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security
A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)
Social Media
Malvertising
Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Training, Education and Awareness
Digital Transformation
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business
The strong link between cyber threat intelligence and digital risk protection | CSO Online
Organisations are stepping up their game against cyber threats - Help Net Security
CISOs: unsupported, unheard, and invisible - Help Net Security
The Relationship Between Security Maturity and Business Enablement | CSO Online
CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
Good, Better And Best Security (informationsecuritybuzz.com)
SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)
Law Enforcement Action and Take Downs
To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop
US to focus on stifling cyber attacks, not convictions • The Register
US deploys more cyber forces abroad to help fight hackers | Reuters
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)
Cyber security Survival: Hide From Adversarial AI (darkreading.com)
AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)
NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED
From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)
ChatGPT fans need 'defensive mindset' to avoid scammers • The Register
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)
Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch
Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)
Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent
Eurocontrol says website 'under attack' by pro-Russia crew • The Register
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Nation State Actors
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
North Korean hackers breach software firm in significant cyber attack | CNN Politics
China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)
NCSC raises alert on cyber threat to infrastructure | UKAuthority
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)
APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)
Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online
Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)
Vulnerabilities
New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)
Flaw in Microsoft Process Explorer under active attack • The Register
APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)
Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)
Security experts found a major bug in Google Cloud | TechRadar
TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)
SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek
VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)
Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)
Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)
PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Tools and Controls
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Six Key Considerations When Choosing a Web Application Firewall - Security Boulevard
The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)
Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online
GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch
Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)
Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)
CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security
Generative AI and security: Balancing performance and risk - Help Net Security
CISA aims to reduce email threats with serial CDR prototype | TechTarget
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Reports Published in the Last Week
Other News
The threat from commercial cyber proliferation - NCSC.GOV.UK
Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)
Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)
Attackers are logging in instead of breaking in - Help Net Security
38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek
The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 October 2022
Black Arrow Cyber Threat Briefing 07 October 2022:
-Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
-Former Uber Security Chief Convicted of Covering Up Data Breach
-First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
-Email Defences Under Siege: Phishing Attacks Dramatically Improve
-Remote Services Are Becoming an Attractive Target for Ransomware
-Growing Reliance on Cloud Brings New Security Challenges
-Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
-Ransomware Group Bypasses "Enormous" Range of EDR Tools
-MS Exchange Zero-Days: The Calm Before the Storm?
-Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
-Secureworks Finds Network Intruders See Little Resistance
-Regulations, Laws and Accountability are Changing the Cyber Security Landscape
-This Year’s Biggest Cyber Threats
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Russian Sanctions Instigator Lloyd's Possibly Hit by Cyber Attack
Lloyd’s of London, the London-based insurance market heavily involved in implementing sanctions against Russia, may have been hit by a cyber-attack. On Wednesday, October 5, 2022, the British insurance market revealed it had detected “unusual activity” on its systems and has turned off all external connectivity “as a precautionary measure.”
“We have informed market participants and relevant parties, and we will provide more information once our investigations have concluded,” said a Lloyd’s spokesperson.
The company did not comment on whether or not it has been contacted by hackers, if a ransom demand has been issued, or on the possible source of the attack.
However, the insurance market has been closely involved with the design and implementation of sanctions imposed on Russia in response to its invasion of Ukraine – a potential motive for the attack. Lloyd’s itself has confirmed it was working closely with British and international governments to implement such sanctions.
Around 100 insurance syndicates operate at Lloyd's.
Earlier in 2022, Lloyd’s instructed its 76 insurance syndicates to remove “nation-state-backed cyber attacks” from insurance policies by March 2023, as well as losses “arising from a war.”
https://www.infosecurity-magazine.com/news/lloyds-possibly-hit-by-cyberattack/
Former Uber Security Chief Convicted of Covering Up Data Breach
Uber’s former head of security has been convicted of covering up a 2016 data breach at the rideshare giant, hiding details from US regulators and paying off a pair of hackers in return for their discretion.
The trial, closely watched in cyber security circles, is believed to be the first criminal prosecution of a company executive over the handling of a data breach.
Joe Sullivan, who was fired in 2017 over the incident, was found guilty by a San Francisco jury of obstructing an investigation by the Federal Trade Commission. At the time of the 2016 breach, the regulator had been investigating the car-booking service over a different cyber security lapse that had occurred two years earlier.
Jurors also convicted Sullivan of a second count related to having knowledge of but failing to report the 2016 breach to the appropriate government authorities. The incident eventually became public in 2017 when Dara Khosrowshahi, who had just taken over as chief executive, disclosed details of the attack.
Prosecutors said Sullivan had taken steps to make sure data compromised in the attack would not be revealed. According to court documents, two hackers approached Sullivan’s team to notify Uber of a security flaw that exposed the personal information of almost 60mn drivers and riders on the platform.
https://www.ft.com/content/051af6a1-41d1-4a6c-9e5a-d23d46b2a9c9
First 72 Hours of Incident Response Critical to Taming Cyber Attack Chaos
Cyber security professionals tasked with responding to attacks experience stress, burnout, and mental health issues that are exacerbated by a lack of breach preparedness and sufficient incident response practice in their organisations.
A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey's results.
Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security's X-Force response team.
"Organisations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is," he says. "There is a lot of time when the responders are managing organisations during an incident, because those organisations were not prepared for the crisis that occurs. These attacks happen every day."
The IBM Security-funded study underscores why the cyber security community has focused increasingly on the mental health of its members. About half (51%) of cyber security defenders have suffered burnout or extreme stress in the past year, according to a VMware survey released in August 2021. Cyber security executives have also spotlighted the issue as one that affects the community and companies' ability to retain skilled workers.
Email Defences Under Siege: Phishing Attacks Dramatically Improve
This week's report that cyber attackers are laser-focused on crafting attacks specialised to bypass Microsoft's default security showcases an alarming evolution in phishing tactics, security experts said this week.
Threat actors are getting better at slipping phishing attacks through the weak spots in platform email defences, using a variety of techniques, such as zero-point font obfuscation, hiding behind cloud-messaging services, and delaying payload activation, for instance. They're also doing more targeting and research on victims.
As a result, nearly 1 in 5 phishing emails (18.8%) bypassed Microsoft's platform defences and landed in workers' inboxes in 2022, a rate that increased 74% compared to 2020, according to research published by cyber security firm Check Point Software. Attackers increasingly used techniques to pass security checks, such as Sender Policy Framework (SPF), and obfuscate functional components of an e-mail, such as using zero-size fonts or hiding malicious URLs from analysis.
The increasing capabilities of attackers is due to the better understanding of current defences, says Avanan, an email security firm acquired by Check Point in August 2021.
"It is a family of 10 to 20 techniques, but they all lead to the objective of deceiving a company's security layers," he says. "The end result is always an email that looks genuine to the recipient but looks different to the algorithm that analyses the content."
Microsoft declined to comment on the research. However, the company has warned of advanced techniques, such as adversary-in-the-middle phishing (AiTM), which uses a custom URL to place a proxy server between a victim and their desired site, allowing the attacker to capture sensitive data, such as usernames and passwords. In July, the company warned that more than 10,000 organisations had been targeted during one AiTM campaign.
Remote Services Are Becoming an Attractive Target for Ransomware
Stolen credentials are no longer the number one initial access vector for ransomware operators looking to infect a target network and its endpoints - instead, they’ve become more interested in exploiting vulnerabilities found in internet-facing systems.
A report from Secureworks claims ransomware-as-a-service developers are quick to add newly discovered vulnerabilities into their arsenals, allowing even less competent hackers to exploit them swiftly, and with relative ease.
In fact, the company's annual State of the Threat Report reveals that flaw exploitation in remote services accounted for 52% of all ransomware incidents the company analysed over the last 12 months.
Besides remote services, Secureworks also spotted a 150% increase in the use of infostealers, which became a “key precursor” to ransomware. Both these factors, the report stresses, kept ransomware as the number one threat for businesses of all sizes, “who must fight to stay abreast of the demands of new vulnerability prioritisation and patching”.
All things considered, ransomware is still the biggest threat for businesses. It takes up almost a quarter of all attacks that were reported in the last 12 months, Secureworks says, and despite law enforcement being actively involved, operators remained highly active.
https://www.techradar.com/news/remote-services-are-becoming-an-attractive-target-for-ransomware
Growing Reliance on Cloud Brings New Security Challenges
There was a time when cloud was just a small subset of IT infrastructure, and cloud security referred to a very specific set of tasks. The current reality is very different, organisations are heavily dependent on cloud technologies and cloud security has become a much more complex endeavour.
Organisations increasingly rely on the cloud to deliver new applications, reduce costs, and support business operations. One in every four organisations already have majority workloads in the cloud, and 44% of workloads currently run in some form of public cloud, says Omdia, a research and advisory group.
Practically every midsize and large organisation now operates in some kind of a hybrid cloud environment, with a mix of cloud and on-premises systems. For most organisations, software-as-a-service constitute the bulk (80%) of their cloud environments, followed by infrastructure-as-a-service and platform-as-a-service deployments.
In the past, cloud security conversations tended to focus on making sure cloud environments are being configured properly, but cloud security nowadays goes far beyond just configuration management. The sprawling cloud environment means security management has to be centralised, Omdia said. Security functions also need to be integrated into existing application deployment workflows.
On top of all of this, multicloud is becoming more common among organisations as they shift their workloads to avoid being dependent on a single platform. The three major cloud providers – Amazon Web Services, Microsoft Azure, and Google Cloud Platform – account for 65% of the cloud market.
https://www.darkreading.com/dr-tech/growing-reliance-on-cloud-brings-new-security-challenges
Many IT Pros Don’t Think a Ransomware Attack Can Impact Microsoft 365 Data
The 2022 Ransomware Report, which surveyed over 2,000 IT leaders, revealed that 24% have been victims of a ransomware attack, with 20% of attacks happening in the last year.
Cyber attacks are happening more frequently. Last year’s ransomware survey revealed that 21% of companies experienced an attack. This year it rose by three percent to 24%.
“Attacks on businesses are increasing, and there is a shocking lack of awareness and preparation by IT pros. Our survey shows that many in the IT community have a false sense of security. As bad actors develop new techniques, companies like ours have to do what it takes to come out ahead and protect businesses around the world,” said Hornetsecurity.
The report highlighted a lack of knowledge on the security available to businesses. 25% of IT professionals either don’t know or don’t think that Microsoft 365 data can be impacted by a ransomware attack.
Just as worryingly, 40% of IT professionals that use Microsoft 365 in their organisation admitted they do not have a recovery plan in case their Microsoft 365 data was compromised by a ransomware attack.
“Microsoft 365 is vulnerable to phishing attacks and ransomware attacks, but with the help of third-party tools, IT admins can backup their Microsoft 365 data securely and protect themselves from such attacks,” said Hofmann.
https://www.helpnetsecurity.com/2022/10/03/ransomware-attack-impact-microsoft-365-data/
Ransomware Group Bypasses "Enormous" Range of EDR Tools
A notorious ransomware group has been spotted leveraging sophisticated techniques to bypass endpoint detection and response (EDR) tools.
BlackByte, which the US government has said poses a serious threat to critical infrastructure, used a “Bring Your Own Driver” technique to circumvent over 1000 drivers used by commercially available EDR products, according to Sophos. The UK cyber security vendor explained in a new report that the group had exploited a known vulnerability, CVE-2019-16098, in Windows graphics utility driver RTCorec6.sys. This enabled it to communicate directly with a victim system’s kernel and issue commands to disable callback routines used by EDR tools.
The group also used EDR bypass techniques borrowed from open source tool EDRSandblast to deactivate the Microsoft-Windows-Threat-Intelligence ETW (Event Tracing for Windows) provider. This is a Windows feature “that provides logs about the use of commonly maliciously abused API calls such as NtReadVirtualMemory to inject into another process’s memory,” explained Sophos. Neutralising it in this way renders any security tool relying on the feature also useless, the firm argued.
“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate,” said Sophos. “If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous.”
BlackByte is not the only ransomware group using these advanced techniques to get around existing detection tools, illustrating the continued arms race between attackers and defenders. AvosLocker used a similar method in May, Sophos said. “Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups,” the firm confirmed. “This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort.”
https://www.infosecurity-magazine.com/news/ransomware-bypasses-enormous-range/
MS Exchange Zero-Days: The Calm Before the Storm?
Two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.
But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.
The two vulnerabilities were publicly documented last Wednesday, by researchers with Vietnamese company GTSC, and Microsoft soon after sprung into (discernible) action by offering customer guidance, followed by an analysis of the attacks exploiting the two vulnerabilities. Several changes have been made to the documents since then, after the company found and other researchers pointed out several shortcomings.
Microsoft says its threat analysts observed “activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks,” and that the attackers breached fewer than 10 organisations globally. “MSTIC assesses with medium confidence that the single activity group is likely to be a state-sponsored organisation,” they added.
The other good news is there are still no public exploits for the two vulnerabilities. But, Microsoft says, “Prior Exchange vulnerabilities that require authentication have been adopted into the toolkits of attackers who deploy ransomware, and these vulnerabilities are likely to be included in similar attacks due to the highly privileged access Exchange systems confer onto an attacker.”
Enterprise defenders should expect trouble via this attack path in the near future, it seems, so keeping abreast of the changing situation and springing into action as quickly as possible once the patches are made available is advised. Scammers have since started impersonating security researchers and offering non-existing PoC exploits for CVE-2022-41082 for sale via GitHub
https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/
Average Company with Data in the Cloud Faces $28 Million in Data-Breach Risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous amount of cloud data exposed to insider threats and cyber attacks, according to Varonis.
For the report, researchers analysed nearly 10 billion cloud objects (more than 15 petabytes of data) across a random sample of data risk assessments performed at more than 700 companies worldwide. In the average company, 157,000 sensitive records are exposed to everyone on the internet by SaaS sharing features, representing $28 million in data-breach risk, Varonis researchers have found.
One out of every 10 records in the cloud is exposed to all employees — creating an impossibly large internal blast radius, which maximises damage during a ransomware attack. The average company has 4,468 user accounts without MFA enabled, making it easier for attackers to compromise internally exposed data.
Out of 33 super admin accounts in the average organisation, more than half did not have MFA enabled. This makes it easier for attackers to compromise these powerful accounts, steal more data, and create backdoors. Companies have more than 40 million unique permissions across SaaS applications, creating a nightmare for IT and security teams responsible for managing and reducing cloud data risk.
“Cloud security shouldn’t be taken for granted. When security teams lack critical visibility to manage and protect SaaS and IaaS apps and services, it’s nearly impossible to ensure your data isn’t walking out the door,” said Varonis. “This report is a true-to-life picture of over 700 real-world risk assessments of production SaaS environments. The results underscore the urgent need for CISOs to uncover and remediate their cloud risk as quickly as possible.”
https://www.helpnetsecurity.com/2022/10/05/company-data-breach-risk/
Secureworks Finds Network Intruders See Little Resistance
Attackers who break into networks only need to take a few basic measures in order to avoid detection.
Security vendor Secureworks said in its annual State of the Threat report that it observed several data breaches between June 2021 and June 2022 and found that, by and large, once network intruders gained a foothold on the targets' environment, they had to do relatively little to stay concealed.
"One thing that is notable about them is that none of these techniques are particularly sophisticated," the vendor said. "That is because threat actors do not need them to be; the adversary will only innovate enough to achieve their objectives. So there is a direct relationship between the maturity of the controls in a target environment and the techniques they employ to bypass those controls."
Among the more basic measures taken by the attackers was coding their tools in newer languages such as Go or Rust. This tweak created enough of a difference in the software to evade signature-checking tools, according to Secureworks' report. In other cases, the network intruders hid their activity by packing their malware within a trusted Windows installer or by sneaking it into the Authenticode signature of a trusted DLL. In another case, a malware infection was seen moving data out of the victim's network via TOR nodes. While effective, Secureworks said the techniques are hardly innovative. Rather, they indicate that threat actors find themselves only needing to do the bare minimum to conceal themselves from detection.
Regulations, Laws and Accountability are Changing the Cyber Security Landscape
As cyber criminals continue to develop new ways to wreak havoc, regulators have been working to catch up. They aim to protect data and consumers while avoiding nation-state attacks that are a risk to national and economic security. But some of these regulations may provide an opportunity for MSSPs.
Some of these regulations are a response to what’s generally been a hands-off approach to telling organisations what to do. Unfortunately, cyber security isn’t always prioritised when budgets and resources are allocated. The result is a steadily rising tide of breaches and exploits that have held organisations hostage and made private information available on the dark web.
The new regulations are coming from all directions: at the state and federal levels in the US and around the world. While many of these regulations aren’t yet final, there’s no reason not to start aligning with where trends will ease the impact of changing rules. At the same time, many organisations want to hold the government responsible for some kinds of attacks. It will be interesting to see how regulating works, as most politicians and bureaucrats aren’t known for their technological savvy.
In the US, for example, new regulations are in development in the Federal Trade Commission, Food and Drug Administration, Department of Homeland Security, Department of Transportation, Department of Energy, and the Cybersecurity and Infrastructure Security Agency. Thirty-six states have enacted cyber security legislation, and the count increases as other countries join.
One of the motivating factors for all these new regulations is that most cyber attacks aren’t reported. Lawmakers realise cyber security threats continue to be one of the top national security and economic risks. In the last year and a half (2020-2022), there have been attacks on America’s gas supply, meat supply, and various other companies, courts, and government agencies. One FBI cyber security official estimated the government only learns about 20% to 25% of intrusions at US business and academic institutions.
In March, Congress passed legislation requiring critical infrastructure operators to report significant cyber attacks to CISA within 72 hours of learning about the attack. It also required them to report a ransomware payment within 24 hours. These regulations will also consider reporting “near misses” so that this data can also be studied and tracked. The problem is, how does one define a “near miss”?
This Year’s Biggest Cyber Threats
OpenText announced the Nastiest Malware of 2022, a ranking of the year’s biggest cyber threats. For the fifth year running, experts combed through the data, analysed different behaviours, and determined which malicious payloads are the nastiest.
Emotet regained its place at the top, reminding the world that while affiliates may be taken down, the masterminds are resilient. LockBit evolved its tactics into something never seen before: triple extortion. Analysis also revealed an almost 1100% increase in phishing during the first four months of 2022 compared to the same period in 2021, indicating a possible end to the “hacker holiday,” a hacker rest period following the busy holiday season.
“The key takeaway from this year’s findings is that malware remains centre stage in the threats posed towards individuals, businesses, and governments,” said OpenText.
“Cyber criminals continue to evolve their tactics, leaving the infosec community in a constant state of catch-up. With the mainstream adoption of ransomware payloads and cryptocurrency facilitating payments, the battle will continue. No person, no business—regardless of size—is immune to these threats.”
While this year’s list may designate payloads into different categories of malware, it’s important to note many of these bad actor groups contract work from others. This allows each group to specialise in their respective payload and perfect it.
https://www.helpnetsecurity.com/2022/10/06/2022-nastiest-malware/
Threats
Ransomware and Extortion
Ransomware Attacks On The Rise, Secureworks Reveals in its State of the Threat Report - MSSP Alert
Ransomware: This is how half of attacks begin, and this is how you can stop them | ZDNET
Fake adult sites push data wipers disguised as ransomware (bleepingcomputer.com)
BlackByte ransomware abuses legit driver to disable security products (bleepingcomputer.com)
Ransomware attacks ravage schools, municipal governments (techtarget.com)
More and more ransomware is just data theft, no encryption • The Register
Netwalker ransomware affiliate sentenced to 20 years in prison (bleepingcomputer.com)
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
ADATA denies RansomHouse cyber attack, says leaked data from 2021 breach (bleepingcomputer.com)
Avast releases a free decryptor for some Hades ransomware variants - Security Affairs
Cyber criminals Leak LA School Data After It Refuses to Ransom (vice.com)
How Ransomware Is Causing Chaos in American Schools (vice.com)
Ransomware hunters: the self-taught tech geniuses fighting cyber crime | Cyber crime | The Guardian
BEC – Business Email Compromise
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Phishing & Email Based Attacks
Other Social Engineering; Smishing, Vishing, etc
Callback phishing attacks evolve their social engineering tactics (bleepingcomputer.com)
3 ways enterprises can mitigate social engineering risks - Help Net Security
Malware
OpenText Releases List Of The Year’s “Nastiest” Malware - MSSP Alert
This devious malware is able to disable your antivirus | TechRadar
Bumblebee Malware Loader's Payloads Significantly Vary by Victim System (darkreading.com)
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
NullMixer Dropper Delivers a Multimalware Code Bomb (darkreading.com)
Maggie malware already infected over 250 Microsoft SQL servers - Security Affairs
Mobile
Internet of Things – IoT
7 IoT Devices That Make Security Pros Cringe (darkreading.com)
Ikea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast (darkreading.com)
Acronis founder is afraid of his own vacuum cleaner • The Register
Data Breaches/Leaks
“Egypt Leaks” – Hacktivists are Leaking Financial Data - Security Affairs
No Shangri-La for you: Top hotel chain confirms data leak • The Register
NSA: Someone hacked military contractor and stole data • The Register
City of Tucson discloses data breach affecting over 123,000 people (bleepingcomputer.com)
Optus Says ID Numbers of 2.1 Million Compromised in Data Breach | SecurityWeek.Com
Aussie Telco Telstra Breached, Reportedly Exposing 30,000 Employees' Data (darkreading.com)
2K warns users their info has been stolen following breach of its help desk | Ars Technica
Russian retail chain 'DNS' confirms hack after data leaked online (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Breaking: Scams Linked To Crypto Soared By 335% (informationsecuritybuzz.com)
Hacker steals $566 million worth of crypto from Binance Bridge (bleepingcomputer.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Binance Says $100 Million Stolen in Latest Crypto Hack (gizmodo.com)
Hackers are breaching scam sites to hijack crypto transactions (bleepingcomputer.com)
Insider Risk and Insider Threats
Meta sues app dev for stealing over 1 million WhatsApp accounts (bleepingcomputer.com)
Microsoft publishes report on holistic insider risk management - Microsoft Security Blog
Unearth offboarding risks before your employees say goodbye - Help Net Security
Splunk alleges source code theft by former employee • The Register
Ex-NSA Employee Arrested for Trying to Sell U.S. Secrets to a Foreign Government (thehackernews.com)
Fraud, Scams & Financial Crime
Consumers Feel Hopeless in Protecting Themselves Against Cyber crime, ISACA Reports - MSSP Alert
BEC fraudster and romance scammer sent to prison for 25 years – Naked Security (sophos.com)
Hackers Target Homebuyers’ Life Savings in Real Estate Scam - Bloomberg
Russians dodging mobilization behind flourishing scam market (bleepingcomputer.com)
Scammers and rogue callers – can anything ever stop them? – Naked Security (sophos.com)
Online romance scam boss netted $9.5m, jailed for 25 years • The Register
Deepfakes
Supply Chain and Third Parties
Live support service hacked to spread malware in supply chain attack (bleepingcomputer.com)
Supply Chain Attack Targets Customer Engagement Firm Comm100 | SecurityWeek.Com
Denial of Service DoS/DDoS
Cloud/SaaS
Encryption
API
More Than 30% of All Malicious Attacks Target Shadow APIs (darkreading.com)
APIs are quickly becoming the most popular attack vector - Help Net Security
The Problem of API Security and How To Fix It (informationsecuritybuzz.com)
API authentication failures demonstrate the need for zero trust - Help Net Security
Shadow APIs hit with 5 billion malicious requests - Help Net Security
Open Source
When transparency is also obscurity: The conundrum that is open-source security - Help Net Security
How Secure is Using Open Source Components? - IT Security Guru
Passwords, Credential Stuffing & Brute Force Attacks
Microsoft warns Basic Auth users over password spray attacks • The Register
Is mandatory password expiration helping or hurting your password security? - Help Net Security
Detecting and preventing LSASS credential dumping attacks - Microsoft Security Blog
Meta Says It Has Busted More Than 400 Login-Stealing Apps This Year | WIRED
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Models, Frameworks and Standards
Secure Disposal
Backup and Recovery
Law Enforcement Action and Take Downs
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Relentless Russian Cyber attacks on Ukraine Raise Important Policy Questions (darkreading.com)
Finnish intelligence warns of Russia's cyber espionage activities - Security Affairs
Kazakhstan Pins Wave Of Cyber attacks On Foreign Actors | OilPrice.com
Albania weighed invoking NATO’s Article 5 over Iranian cyber attack - POLITICO
We breached Russian satellite network, say pro-Ukraine partisans | Cybernews
Ukrainian forces report Starlink outages during push against Russia | Financial Times (ft.com)
Report: Mexico Continued to Use Spyware Against Activists | SecurityWeek.Com
Nation State Actors
Nation State Actors – China
US authorities name China's 20 favourite vulns to exploit • The Register
Cheerscrypt ransomware is linked to Chinese DEV-0401 APT group - Security Affairs
Nation State Actors – North Korea
Vulnerabilities
Fortinet warns admins to patch critical auth bypass bug immediately (bleepingcomputer.com)
Atlassian, Microsoft bugs make CISA’s must-patch list • The Register
US authorities name China's 20 favourite vulns to exploit • The Register
October 2022 Patch Tuesday forecast: Looking for treats, not more tricks - Help Net Security
Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub (bleepingcomputer.com)
CISA Warns of Attacks Exploiting Recent Atlassian Bitbucket Vulnerability | SecurityWeek.Com
No fix in sight for mile-wide loophole plaguing a key Windows defence for years | Ars Technica
Hackers Exploiting Unpatched RCE Flaw in Zimbra Collaboration Suite (thehackernews.com)
Lazarus employed an exploit in a Dell firmware driver in recent attacks - Security Affairs
Unpatched Zimbra flaw under attack is letting hackers backdoor servers | Ars Technica
macOS Archive Utility Bug Lets Malicious Apps Bypass Security Checks (darkreading.com)
Fortinet Warns of New Auth Bypass Flaw Affecting FortiGate and FortiProxy (thehackernews.com)
VMware fixed a high-severity bug in vCenter Server - Security Affairs
Reports Published in the Last Week
Other News
Guilty verdict in the Uber breach case makes personal liability real for CISOs | CSO Online
Cyber attackers view smaller organisations as easier targets - Help Net Security
Moody's turns up the heat on 'riskiest' sectors for attacks • The Register
5 reasons why security operations are getting harder | CSO Online
Former NSA Employee Faces Death Penalty for Selling Secrets (darkreading.com)
Fast Company Is Back From the Dead After Being Hacked (gizmodo.com)
Ready Or Not, Web 3 Is Coming And With It Comes Cybersquatting 2.0 (informationsecuritybuzz.com)
Cyber Hygiene: 5 Best Practices for Company Buy-In (trendmicro.com)
School Is in Session: 5 Lessons for Future Cyber Security Pros (darkreading.com)
Want More Secure Software? Start Recognizing Security-Skilled Developers (thehackernews.com)
Incident responders increasingly seek out mental health assistance - Help Net Security
You Are Not Alone If You're Unclear About Extended Detection and Response (XDR) - MSSP Alert
Why digital trust is the bedrock of business relationships - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 09 September 2022
Black Arrow Cyber Threat Briefing 09 September 2022
-Why It’s Mission-critical That All-sized Businesses Stay Cyber Secure
-Half of Firms Report Supply Chain Ransomware Compromise
-Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
-Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
-Over 10% of Enterprise IT Assets Found Missing Endpoint Protection
-Some Employees Aren't Just Leaving Companies — They're Defrauding Them
-Ransomware Gangs Switching to New Intermittent Encryption Tactic
-How Posting Personal and Business Photos Can Be a Security Risk
-Your Vendors Are Likely Your Biggest Cyber Security Risk
-A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
-Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
-London's Biggest Bus Operator Hit by Cyber "Incident"
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Why It’s Mission-Critical That All-Sized Businesses Stay Cyber Secure
A study analysing millions of emails across thousands of companies found that on average, employees of small businesses with less than 100 employees experience 350% more social engineering attacks than employees of larger enterprises. 57% of these are phishing attacks – the most prevalent social engineering attack of 2021.
Add to the mix that the global average cost of a data breach for businesses has skyrocketed. According to IBM Security’s annual Cost of a Data Breach Report, the average global cost is now a phenomenal $4.35 million.
Generally, larger corporations tend to have bigger security budgets, making them less of a target than smaller businesses with lesser budgets, and as such, more attractive to cyber criminals. This means that for small and medium-sized enterprises (SMEs) – with fewer resources and money – protection from cyber-attacks is now a matter of survival.
Ease of attack is not the only reason why criminals attack SMEs either. SMEs are often an entry point to target bigger organisations within the same supply chain. These larger corporations can either be crucial partners, suppliers, or customers, making SMEs prime targets.
But with efficient cyber security measures, every business regardless of size can keep themselves and their network safe.
Half of Firms Report Supply Chain Ransomware Compromise
Over half (52%) of global organisations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro.
The security vendor polled nearly 3,000 IT decision makers across 26 countries to produce its latest report, ‘Everything is connected: Uncovering the ransomware threat from global supply chains’.
It revealed that 90% of global IT leaders believe their partners and customers are making their own organisation a more attractive ransomware target.
That might be down in part to the fact that SMBs comprise a significant chunk of the supply chain for 52% of respondents. The security of SMBs is generally thought to be less effective than protection in larger, better resourced companies.
However, despite their concerns, less than half (47%) of respondents said they share knowledge about ransomware attacks with their suppliers, while a quarter (25%) claimed they don’t share potentially useful threat information with partners.
https://www.infosecurity-magazine.com/news/half-firms-supply-chain-ransomware/
Vulnerability Exploits, Not Phishing, Are the Top Cyber Attack Vector for Initial Compromise
Breaches involving phishing and credential compromise have received a lot of attention in recent years because of how frequently threat actors have employed the tactics in executing both targeted and opportunistic attacks. But that doesn't mean that enterprise organisations can afford to lessen their focus on vulnerability patching one bit.
A report from Kaspersky this week identified more initial intrusions last year resulting from exploitation of vulnerabilities in Internet-facing applications than breaches involving malicious emails and compromised accounts combined. And data that the company has collected through the second quarter of 2022 suggests the same trend might be playing out this year as well.
Kaspersky's analysis of its 2021 incident-response data showed that breaches involving vulnerability exploits surged from 31.5% of all incidents in 2020 to 53.6% in 2021. Over the same period, attacks associated with the use of compromised accounts to gain initial access declined from 31.6% in 2020 to 17.9% last year. Initial intrusions resulting from phishing emails decreased from 23.7% to 14.3% during the same period.
Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users
Uber’s former security officer, Joe Sullivan, is standing trial this week in what is believed to be the first case of an executive facing criminal charges in relation to a data breach.
The US district court in San Francisco will start hearing arguments on whether Sullivan, the former head of security at the ride-share giant, failed to properly disclose a 2016 data breach affecting 57 million Uber riders and drivers around the world.
At a time when reports of ransomware attacks have surged and cyber security insurance premiums have risen, the case could set an important precedent regarding the culpability of US security staffers and executives for the way the companies they work for handle cyber security incidents.
The breach first came to light in November 2017, when Uber’s chief executive, Dara Khosrowshahi, revealed that hackers had gained access to the driver’s licence numbers of 600,000 US Uber drivers as well as the names, email addresses and phone numbers of as many as 57 million Uber riders and drivers.
Public disclosures like Khosrowshahi’s are required by law in many US states, with most regulations mandating that the notification be made “in the most expedient time possible and without unreasonable delay”.
But Khosrowshahi’s announcement came with an admission: a whole year had passed since the information had been breached.
https://www.theguardian.com/technology/2022/sep/06/uber-joe-sullivan-trial-security-data-breach
Over 10% of Enterprise IT Assets Found With Missing Endpoint Protection
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.
The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report.
"Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT teams already have their hands full mitigating the vulnerabilities that they know about, and our data confirms that this is just the tip of the iceberg," Sevco told Infosecurity Magazine.
The document analyses data aggregated from visibility into more than 500,000 IT assets, and underlines existential and underreported cyber security issues in relation to securing enterprises’ assets.
“The uncertainty of enterprise inventory – the elements that make up an organisation’s cyber security attack surface – upends the foundation of every major security framework and presents a challenge to security teams: it’s impossible to protect what you can’t see,” they said.
For instance, the data found that roughly 3% of all IT assets are “stale” in endpoint protection, while 1% are stale from the perspective of patch management coverage.
https://www.infosecurity-magazine.com/news/enterprise-assets-miss-endpoint/
Some Employees Aren't Just Leaving Companies — They're Defrauding Them
Since the Great Resignation in 2021, millions of employees have left their roles with current employers in search of better ones. According to Microsoft, 40% of employees reported they are considering leaving their current roles by the end of 2022. With many still working in remote or hybrid positions due to the pandemic, larger businesses have started implementing measures to gain a better understanding of employee morale and sentiment to prevent turnover.
While most employees leave companies on good terms, some may become extremely unhappy or disgruntled prior to their departure and are more likely to defraud the company either before leaving or on their way out the door. The unfortunate reality is that no business is immune to fraud, but luckily, there are several steps you can take to prevent it from happening.
According to the Cressey Fraud Triangle, fraudulent behaviour often occurs due to three contributing factors. These include pressure or motive to commit a fraud (usually a personal financial problem), perceived opportunity within the organisation to commit a fraud (poor oversight or internal controls), and rationalisation (the ability to justify the crime to make it seem acceptable).
Very often, a fraudster needs all three sides of the triangle to successfully commit a crime. Therefore, it is extremely important for organisations to do their best to create controls and understand the risk associated with each of these areas. For example, an employee may be disgruntled and also have personal financial issues. However, if internal controls are robust and the employee doesn't have access to financial instruments, valuable assets or software systems, their ability to defraud the company is extremely limited or will get identified immediately.
Ransomware Gangs Switching to New Intermittent Encryption Tactic
A growing number of ransomware groups are adopting a new tactic that helps them encrypt their victims' systems faster while reducing the chances of being detected and stopped.
This tactic is called intermittent encryption, and it consists of encrypting only parts of the targeted files' content, which would still render the data unrecoverable without using a valid decryption key.
For example, by skipping every other 16 bytes of a file, the encryption process takes almost half of the time required for full encryption but still locks the contents for good.
Additionally, because the encryption is milder, automated detection tools that rely on detecting signs of trouble in the form of intense file IO operations are more likely to fail.
SentinelLabs has posted a report examining a trend started by LockFile in mid-2021 and now adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick.
These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation.
"Notably, Qyick features intermittent encryption, which is what the cool kids are using as you read this. Combined with the fact that is written in Go, the speed is unmatched," describes a Qyick advertisement on hacking forums.
How Posting Personal and Business Photos Can Be a Security Risk
Image geotags, metadata, and location information can allow competitors, cyber criminals, and even nation-state threat actors to gain knowledge they can use against organisations.
Marketers in every industry enjoy evidencing their reach to their superiors and providing tangible examples of their width and breadth of influence via social networks, media, and other means of engagement. Photos of both customers and employees engaging at hosted social events, trade shows, conferences, and direct one-on-one encounters are often viewed as gold. Couple this with the individual employee’s or customer’s photos working their way onto social network platforms for others to see and admire, and the value of that gold increases, success being quantified by impressions, views and individual engagements.
The value of that gold doubles when not only does the company harvest data and call it a success, but their competitors also analyse such photos capturing a plethora of useful data points, including geotagged data, metadata of the photo, and identity of the individuals caught in the frame. They, too, call it a success. Yes, the digital engagement involving location data and or location hints within photos is a double-edged sword.
It isn’t just competitors who harvest the data. Criminal elements and nation-state intelligence and security elements do as well. Francis Bacon’s adage, “Knowledge itself is power,” applies. With location, time and place, and identity, competitors, criminals, and nation-states are given their initial tidbits of openly acquired information from which to begin to build their mosaic.
Your Vendors Are Likely Your Biggest Cyber Security Risk
As speed of business increases, more and more organisations are looking to either buy companies or outsource more services to gain market advantage. With organisations expanding their vendor base, there is a critical need for holistic third-party risk management (TPRM) and comprehensive cyber security measures to assess how much risk vendors pose.
While organisations assess and manage risk on a multitude of layers, none present bigger threats to business resiliency than third-party risk and a lack of robust cyber security controls. Breaches and service interruptions tied to these risk areas have brought down critical systems of major organisations. In 2021, 53% of CISOs surveyed by Black Kite reported being hit by at least one ransomware attack.
It bears repeating: Cyber security and third-party risk are the two biggest problems facing your long-term viability. Businesses need to be able to tackle these risk vectors individually to gain a complete view of their risk profile. A cross-functional process is essential to managing the overlap between these risk areas to better protect your organisation and increase workflow efficiency.
Ensuring that the cyber security practices of your vendors align with your organisation’s standards is critical to safeguarding your systems and data. In fact, it is just as important as how stable the business is or how well it delivers products and services.
https://www.helpnetsecurity.com/2022/09/05/vendors-cybersecurity-risk/
A Recent Chinese Hack Is a Wake-up Call for the Security of the World’s Software Supply Chain
It’s perhaps only a coincidence that there’s a famous Chinese saying ‘No one knows, not even the ghosts’ that neatly summarises a recent hack on MiMi, a Chinese messaging app. According to recent reports, a Chinese state-backed hacking group inserted malicious code into this messaging app, essentially pulling off the equivalent of the infamous SolarWinds hack. Users of MiMi were served a version of the app with malicious code added, thanks to attackers taking control of the servers that delivered the app. In short, this was a software supply chain attack in which the software delivery pipeline was compromised.
Observers could be forgiven for thinking that this is just another hack. Chinese hacking groups, and those of Western countries too, have developed a reputation over the past two decades for spying, surveillance, and sabotage. But this attack is different than typical hacking fare because the attackers rode in on the back of a trusted piece of software. This is a software supply chain attack, where the attackers tamper with either source code, the software build system, or the software publishing pipeline, all of which have become essential to the functioning of the world’s digital economy.
Software supply chain attacks have been rapidly growing in frequency. Twenty years ago, there might have been one or two a year. These days, depending on the methodology, there are either hundreds or thousands a year, and that’s only counting the reported attacks. And increasingly anybody who depends upon software (read: everybody) is or shortly will be a victim: the U.S. government, Microsoft, thousands of other companies and, apparently in this MiMi attack, individuals.
Massive Hotels Group IHG Struck by Cyber Attack Which Disrupts Booking Systems
InterContinental Hotels Group (IHG), which owns brands such as InterContinental, Crowne Plaza, Holiday Inn, and many others, has had its IT systems breached by malicious hackers.
In a filing with the London Stock Exchange, the multinational hospitality company reported that "parts of the company's technology systems have been subject to unauthorised activity."
As a result, the company said, "IHG's booking channels and other applications have been significantly disrupted since [Monday], and this is ongoing."
The first indication that the company was experiencing problems appeared early on Monday morning UK time, when anyone who tried to book a hotel room via the company's website or app, or access their IHG One Rewards account was greeted by a maintenance message.
Although it has made no declaration regarding the nature of the security breach, in its filing with the London Stock Exchange, IHG mentioned they were "working to fully restore all systems". This would fit into the scenario of IHG having hit been hit with ransomware, which may not only have encrypted data - locking the company out of its systems and demanding a ransom be paid - but could have also caused even more problems.
London's Biggest Bus Operator Hit by Cyber "Incident"
Travellers in London were braced for more delays last week after the city’s largest bus operator revealed it has been hit by a “cyber security incident,” according to reports.
Newcastle-based transportation group Go-Ahead shared a statement with the London Stock Exchange indicating “unauthorised activity” had been discovered on its network yesterday.
“Upon becoming aware of the incident, Go-Ahead immediately engaged external forensic specialists and has taken precautionary measures with its IT infrastructure whilst it continues to investigate the nature and extent of the incident and implement its incident response plans,” it stated. “Go-Ahead will continue to assess the potential impact of the incident but confirms that there is no impact on UK or International rail services which are operating normally.”
However, the same may not be true of its bus services. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations.
Go-Ahead operates multiple services in the South, South West, London, North West, East Anglia, East Yorkshire and its native North East. It is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff.
https://www.infosecurity-magazine.com/news/londons-biggest-bus-operator-hit/
Threats
Ransomware and Extortion
Interpol dismantles sextortion ring, warns of increased attacks (bleepingcomputer.com)
Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa (trendmicro.com)
Some Members of Conti Group Targeting Ukraine in Financially Motivated Attacks (thehackernews.com)
How to Improve Mean Time to Detect for Ransomware | SecurityWeek.Com
Google: Former Conti ransomware members attacking Ukraine (techtarget.com)
Hackers Are Using NASA Telescope Images To Push Ransomware (informationsecuritybuzz.com)
Ransomware gang's Cobalt Strike servers DDoSed with anti-Russia messages (bleepingcomputer.com)
Everything You Need To Know About BlackCat (AlphaV) (darkreading.com)
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Clarion Housing: Anger over landlord silence since cyber attack - BBC News
New Ransomware Hits Windows, Linux Servers Of Chile Govt Agency (informationsecuritybuzz.com)
QNAP warns new Deadbolt ransomware attacks exploiting 0day - Security Affairs
Second largest U.S. school district LAUSD hit by ransomware (bleepingcomputer.com)
Windows Defender identified Chromium, Electron apps as Hive Ransomware - Security Affairs
Phishing & Email Based Attacks
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA (darkreading.com)
Criminals harvest users' PI by impersonating popular brands - Help Net Security
Lampion malware returns in phishing attacks abusing WeTransfer (bleepingcomputer.com)
A new phishing scam targets American Express cardholders - Security Affairs
EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web - Help Net Security
GIFShell attack creates reverse shell using Microsoft Teams GIFs (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
Cyber criminals targeting Minecraft fans with malware • The Register
Next-Gen Linux Malware Takes Over Devices With Unique Tool Set (darkreading.com)
TeslaGun Primed to Blast a New Wave of Backdoor Cyber attacks (darkreading.com)
New Linux malware evades detection using multi-stage deployment (bleepingcomputer.com)
Bumblebee malware adds post-exploitation tool for stealthy infections (bleepingcomputer.com)
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
Mobile
Internet of Things – IoT
Data Breaches/Leaks
NATO docs sold on darkweb after they were stolen from Portugal - Security Affairs
Criminals claim they've stolen NATO missile plans • The Register
TikTok denies data breach following leak of user data - Security Affairs
IRS mistakenly published confidential info for roughly 120K taxpayers - Security Affairs
Samsung US Says Customer Data Compromised in July Data Breach | SecurityWeek.Com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Scammers live-streamed on YouTube a fake Apple crypto event - Security Affairs
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Feds freeze $30m in cryptocurrency stolen from Axie Infinity • The Register
Fraud, Scams & Financial Crime
62% of consumers see fraud as an inevitable risk of online shopping - Help Net Security
Islanders in Jersey lose nearly £400,000 to romance fraud | ITV News Channel
The Advantages of Threat Intelligence for Combating Fraud | SecurityWeek.Com
AML/CFT/Sanctions
UK forces crypto exchanges to report suspected sanction breaches | Cryptocurrencies | The Guardian
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
Insurance
Supply Chain and Third Parties
Supply chain risk is a top security priority as confidence in partners wanes - Help Net Security
KeyBank: Hackers of third-party provider stole customer data | The Seattle Times
Government guide for supply chain security: The good, the bad and the ugly - Help Net Security
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Defenders Be Prepared: Cyber attacks Surge Against Linux Amid Cloud Migration (darkreading.com)
Hybrid Cloud Security Challenges & Solutions (trendmicro.com)
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Are Default Passwords Hiding in Your Active Directory? Here's how to check (bleepingcomputer.com)
200,000 North Face accounts hacked in credential stuffing attack (bleepingcomputer.com)
Social Media
TikTok denies security breach after hackers leak user data, source code (bleepingcomputer.com)
Facebook Engineers Admit They Don’t Know What They Do With Your Data (vice.com)
Privacy
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Google Details Recent Ukraine Cyber attacks | SecurityWeek.Com
Ukraine dismantles more bot farms spreading Russian disinformation (bleepingcomputer.com)
Ukraine is under attack by hacking tools repurposed from Conti cyber crime group | Ars Technica
Newly discovered cyber spy group targets Asia • The Register
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Israeli Defence Minister's Cleaner Sentenced for Spying Attempt | SecurityWeek.Com
Researchers Find New Android Spyware Campaign Targeting Uyghur Community (thehackernews.com)
Anonymous hacked Yandex taxi causing a traffic jam in Moscow - Security Affairs
Nation State Actors
Nation State Actors – Russia
Nation State Actors – China
Nation State Actors – North Korea
North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (thehackernews.com)
North Korea's Lazarus Targets Energy Firms With Three RATs | SecurityWeek.Com
Nation State Actors – Iran
Microsoft: Iranian hackers encrypt Windows systems using BitLocker (bleepingcomputer.com)
UK condemns Iran for reckless cyber attack against Albania - GOV.UK (www.gov.uk)
US Treasury sanctioned Iran ’s Ministry of Intelligence over Albania cyber attack - Security Affairs
NATO Condemns Alleged Iranian Cyber attack on Albania | SecurityWeek.Com
New Iranian hacking group APT42 deploys custom Android spyware (bleepingcomputer.com)
Microsoft investigates Iranian attacks against the Albanian government - Microsoft Security Blog
Microsoft Warns of Ransomware Attacks by Iranian Phosphorus Hacker Group (thehackernews.com)
Nation State Actors – Misc
Vulnerabilities
CISA adds 12 new flaws to Known Exploited Vulnerabilities Catalog - Security Affairs
September 2022 Patch Tuesday forecast: No sign of cooling off - Help Net Security
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP - Help Net Security
Hackers Exploit Zero-Day in WordPress BackupBuddy Plugin in ~5 Million Attempts (thehackernews.com)
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities (thehackernews.com)
Cisco won’t fix authentication bypass zero-day in EoL routers (bleepingcomputer.com)
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released (thehackernews.com)
Chrome and Edge fix zero-day security hole – update now! – Naked Security (sophos.com)
Google Patches Sixth Chrome Zero-Day of 2022 | SecurityWeek.Com
QNAP patches zero-day used in new Deadbolt ransomware attacks (bleepingcomputer.com)
HP fixes severe bug in pre-installed Support Assistant tool (bleepingcomputer.com)
Other News
The Heartbleed bug: How a flaw in OpenSSL caused a security crisis | CSO Online
Cyber Security - the More Things Change, the More They Are The Same | SecurityWeek.Com
CISOs say stress and burnout are their top personal risks (cnbc.com)
How to deal with unprecedented levels of regulatory change - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 September 2022
Black Arrow Cyber Threat Briefing 02 September 2022
-79% Of Companies Only Invest in Cyber Security After Hacking Incidents
-Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
-Outdated Infrastructure Not Up to Today’s Ransomware Challenges
-Ghost Data Increases Enterprise Business Risk
-Detected Cyber Threats Surge 52% in 1H 2022
-An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
-Cyber Crime Underground More Dangerous Than Organisations Realize
-New Ransomware Group BianLian Activity Exploding
-Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
-Ransomware Gangs’ Favourite Targets
-Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
-Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
79% Of Companies Only Invest in Cyber Security After Hacking Incidents
The British cyber security company Tanium published a survey on investments in digital protection in UK companies with alarming results: 79% of them only approve investments in cyber security after suffering a data breach; 92% experienced a data attack or breach, of which 74% occurred in 2021. Leadership reticence is also high, with 63% of leaders convinced cyber security is only a concern after an attack.
The complexity of the situation has grown with the digital transformation of work. If it streamlines many processes, it can also open up serious security gaps. A sensitive point is the “home office”: companies need effective solutions to eliminate gaps that may appear between employees’ computers (often shared devices) and the company’s internal network.
Putting in solutions is just the beginning of a necessary strategy and investment effort in virtual protection. Complex scams based on phishing, reverse engineering, and backdoor-type malicious programs (“planted” discreetly on a device and sometimes inactive for months) often combine real-world and virtual-world fraud.
The escalation of corporate data hijacking appears in this scenario. The most notorious case at a global level of such an incident, with a million-dollar ransom demand, was launched in 2021 on Colonial Pipeline. This US company paid $40 million to regain control over strategic data after fuel supplies through its pipelines to several states were threatened for days.
Nearly Half of Breaches During First Half of 2022 Involved Stolen Credentials
According to a new report by Acronis, a Switzerland-based cyber security company, nearly half of breaches during the first six months of 2022 involved stolen credentials.
The goal of stealing credentials is to launch ransomware attacks. According to the report, these “continue to be the number one threat to large and medium-sized businesses, including government organisations.”
Attackers usually use phishing techniques to extract these credentials. In the first half of the year, over 600 malicious email campaigns made their way across the internet, of which 58% were phishing attempts and 28% featured malware.
Acronis also added that “as reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks.”
Additionally, cyber criminals now also target unpatched or software vulnerabilities to extract data, with a recent increase on Linux operating systems and managed service providers (MSPs) and their network of SMB customers.
The third vector spotted by Acronis was “non-traditional entry avenues” such as cryptocurrencies and decentralised finance (DeFi) systems.
Outdated Infrastructure Not Up to Today’s Ransomware Challenges
A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multicloud era and onslaught of sophisticated cyber attacks plaguing enterprises globally.
Challenges pertaining to outdated infrastructure could easily be compounded by the fact that many IT and security teams don’t seem to have a plan in place to mobilise if and when a cyber attack occurs. Nearly 60% of respondents expressed some level of concern that their IT and security teams would be able to mobilise efficiently to respond to the attack.
These are just some of the findings from an April 2022 survey, conducted by Censuswide, of more than 2,000 IT and SecOps professionals (split nearly 50/50 between the two groups) in the United States, the United Kingdom, Australia and New Zealand. All respondents play a role in the decision-making process for IT or security within their organisations.
IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data.
Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multicloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyber attacks.
https://www.helpnetsecurity.com/2022/08/30/outdated-infrastructure-manage-data/
Ghost Data Increases Enterprise Business Risk
IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organisation's cloud attack surface.
Cloud sprawl is a big issue for organisations, with business teams spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.
We all know about shadow IT, the systems and network devices in the organisation’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data that are not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues that are present in cloud accounts stem from unsecured sensitive data.
Then there is the problem of ghost data. When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.
After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.
Ghost data usually has no business value - the data was deleted for a reason - and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes.
https://www.darkreading.com/edge-threat-monitor/ghost-data-increases-enterprise-business-risk
Detected Cyber Threats Surge 52% in 1H 2022
A leading cyber security vendor blocked 63 billion threats in the first half of 2022 alone, over 50% more than the same period a year ago.
The findings come from the Trend Micro 2022 Midyear Cybersecurity Report and illustrate the scale of the challenge facing network defenders.
Trend Micro highlighted the persistent threat posed by ransomware-as-a-service (RaaS) groups as one that will continue to cause major challenges for organisations in the years to come.
It said detections of prolific groups such as LockBit and Conti increased by 500% year-on-year in 1H 2022. Such groups will continue to adapt their tactics, techniques and procedures (TTPs) in the race for profits.
The report warned of a surge in threats targeting Linux systems, for example. It said detections of attacks on Linux servers and embedded systems grew 75% year-on-year in the first half of 2022. Both SMBs and larger organisations are now a target, it claimed.
Many RaaS groups exploit vulnerabilities as a primary attack vector. Their job is getting easier as the number of published common vulnerabilities and exposures (CVEs) continues to grow strongly.
Trend Micro’s Zero Day Initiative published advisories on 944 vulnerabilities in the first half of 2021, a 23% year-on-year increase. The number of critical bug advisories it published soared by 400% over the same period.
https://www.infosecurity-magazine.com/news/detected-cyberthreats-surge-52-in/
An Interview with Initial Access Broker Wazawaka: ‘There Is No Such Money Anywhere as There is in Ransomware’
Last April, a ransomware group threatened to expose police informants and other sensitive information if the Washington, D.C. Metropolitan Police Department did not pay a demand.
The brazen attack was the work of a gang known as Babuk, which in early 2021 gained a reputation for posting stolen databases on its website from victims that refused to pay a ransom. Just days after it tried to extort the Metropolitan Police Department, Babuk announced it was closing its ransomware affiliate program, and would focus on data theft and extortion instead.
Earlier this year, cyber security journalist Brian Krebs uncovered details about one man behind the operation named Mikhail Matveev, who was also connected to a number of other groups and identities, including the handle ‘Wazawaka.’ According to Krebs, Matveev had become more unhinged than usual, “publishing bizarre selfie videos” and creating a Twitter account to share exploit code.
Matveev talked to Recorded Future about his interaction with other hackers, details about ransomware attacks he’s been involved in, and how he settled on the name Babuk.
Click the link below for the full interview but the long and short is ransomware has created a criminal ecosystem the likes of which the world has never seen.
Cyber Crime Underground More Dangerous Than Organisations Realise
Kela, a cyber threat intelligence specialist, found in a new study of some 400 security pros in the US that organisations are more at risk from the “cyber crime underground” than they realise.
The Israel-based company surveyed security team members responsible for gathering cyber crime threat intelligence daily to better understand if they’re proactively scanning the dark web and other cyber crime sources, what tools they’re using and the gaps they see in their cyber crime threat intelligence approach. Nearly 60% of the respondents do not believe their current cyber crime prevention is effective, the results showed.
Here are the study’s key findings:
69% are concerned about threats from the cyber crime underground.
54% wouldn’t be surprised to find their organisation’s data on the cyber crime underground.
Only 38% believe that they’re very likely to detect it if it was released.
48% have no documented cyber crime threat intelligence policy in place.
Only 41% believe their current security program is very effective.
49% are not satisfied with the visibility they have of the cyber crime underground.
Of the 51% who were satisfied with their visibility into the cyber crime underground, 39% were still unable to prevent an attack.
Additional training and proficiency in cyber crime intelligence investigations is the most needed capability.
New Ransomware Group BianLian Activity Exploding
A new ransomware group operating under the name BianLian emerged in late 2021 and has become increasingly active since.
The threat actor already has twenty alleged victims across several industries (insurance, medicine, law and engineering), according to a research paper from US cyber security firm Redacted, published on September 1, 2022. The majority of the victim organisations have been based in Australia, North America and the UK.
The research team has given no attribution yet but believes the threat actor “represents a group of individuals who are very skilled in network penetration but are relatively new to the extortion/ransomware business.”
BianLian uses a custom toolkit, including homemade encryptors and encryption backdoors. Both, as well as the command-and-control (C&C) software the hackers use, are written in Go, an increasingly popular programming language among ransomware threat actors.
Troublingly, the Redacted team of researchers has found evidence that BianLian is likely now trying to up their game.
https://www.infosecurity-magazine.com/news/new-ransomware-group-bianlian/
Can Your Passwords Withstand Threat Actors’ Dirty Tricks?
Password security hinges on the answer to that seemingly simple question. Unfortunately, you can’t know the answer until you’ve engaged a ruthless penetration tester to find out if your environment can stand up to the frighteningly good password cracking skills of today’s most nefarious hackers.
The whole purpose of hiring skilled penetration testers (“pentesters”) is to find out if your environment is truly impenetrable — and if it’s not, exactly how you should shore up your defences. Good pentesters and red teamers spend their time trying to simulate and emulate the real bad actors. After all, what’s the point of pressure-testing your IT infrastructure if you don’t use the same pressure that you’ll face in the real world?
You should “train like you fight.” Without sparring, how can you expect to jump into a boxing ring and go a few rounds with a skilled boxer? That’s the entire point of goal-based penetration testing and red/purple team engagements that simulate real-world threat actors.
Password cracking will continue to evolve – and so should your penetration testing tactics and plans. By the time you get to your fourth or fifth round with a quality pentesting consultancy, your risk mitigation will have dramatically improved — which means you’ll be able to move on to the next stage of security maturity.
https://www.helpnetsecurity.com/2022/08/30/stand-up-to-password-cracking/
Ransomware Gangs’ Favourite Targets
Barracuda released its fourth-annual threat research report which looks at ransomware attack patterns that occurred between August 2021 and July 2022.
For the 106 highly publicised attacks our researchers analysed, the dominant targets are still five key industries: education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%). The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries more than doubled compared to last year’s report.
While attacks on municipalities increased only slightly, the analysis over the past 12 months showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Many choose not to disclose when they get hit.
This year, researchers dug in deeper on these highly publicised attacks to see which other industries are starting to be targeted. Service providers were hit the most, and ransomware attacks on automobile, hospitality, media, retail, software, and technology organisations all increased as well.
Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.
As ransomware and other cyber threats continue to evolve, the need for adequate security solutions has never been greater. Many cyber criminals target small businesses in an attempt to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size.
Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyber attacks.
https://www.helpnetsecurity.com/2022/08/31/ransomware-attack-patterns/
Tentacles of ‘0ktapus’ Threat Group Victimise 130 Firms
Over 130 companies were tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organisations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.
The primary goal of the threat actors was to obtain Okta identity credentials and multi-factor authentication (MFA) codes from users of the targeted organisations. These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organisation.
114 US-based firms were impacted, with additional victims of sprinkled across 68 additional countries. The full scope of the attack is still unknown but the 0ktapus campaign has been incredibly effective, and the full scale of it may not be known for some time.
The 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’ phone numbers.
While unsure exactly how threat actors obtained a list of phone numbers used in MFA-related attacks, one theory researchers posit is that 0ktapus attackers began their campaign targeting telecommunications companies.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Organisations Are Spending Billions on Malware Defence That’s Easy to Bypass
Last year, organisations spent $2 billion on products that provide Endpoint Detection and Response, a relatively new type of security protection for detecting and blocking malware targeting network-connected devices. EDRs, as they're commonly called, represent a newer approach to malware detection. Static analysis, one of two more traditional methods, searches for suspicious signs in the DNA of a file itself. Dynamic analysis, the other more established method, runs untrusted code inside a secured "sandbox" to analyse what it does to confirm it's safe before allowing it to have full system access.
EDRs—which are forecasted to generate revenue of $18 billion by 2031 and are sold by dozens of security companies—take an entirely different approach. Rather than analyse the structure or execution of the code ahead of time, EDRs monitor the code's behaviour as it runs inside a machine or network. In theory, it can shut down a ransomware attack in progress by detecting that a process executed on hundreds of machines in the past 15 minutes is encrypting files en masse. Unlike static and dynamic analyses, EDR is akin to a security guard that uses machine learning to keep tabs in real time on the activities inside a machine or network.
Despite the buzz surrounding EDRs, new research suggests that the protection they provide isn't all that hard for skilled malware developers to circumvent. In fact, the researchers behind the study estimate EDR evasion adds only one additional week of development time to the typical infection of a large organisational network. That's because two fairly basic bypass techniques, particularly when combined, appear to work on most EDRs available in the industry.
Threats
Ransomware
Ransomware Research: 10 Key Findings, Five Ways to Defend Against Hijackers - MSSP Alert
LockBit ransomware gang gets aggressive with triple-extortion tactic (bleepingcomputer.com)
New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim (thehackernews.com)
Chile and Montenegro Floored by Ransomware - Infosecurity Magazine (infosecurity-magazine.com)
Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks (thehackernews.com)
Ragnar Locker Brags About TAP Air Portugal Breach (darkreading.com)
Police ‘negotiating with hackers’ who hit Paris hospital computer system | World | The Times
Advanced cyber-attack: NHS doctors' paperwork piles up - BBC News
Another Ransomware For Linux Likely In Development - Security Affairs
Montenegro hit by ransomware attack, hackers demand $10 million (bleepingcomputer.com)
Should ransomware payments be banned? A few considerations - Help Net Security
Researchers Spot Snowballing BianLian Ransomware Gang Activity (darkreading.com)
Ragnar Locker continues trend of ransomware targeting energy sector | CSO Online
BlackCat ransomware claims attack on Italian energy agency (bleepingcomputer.com)
Italian Oil Major Becomes Victim Of Ransomware Attack | OilPrice.com
Damart clothing store hit by Hive ransomware, $2 million demanded (bleepingcomputer.com)
Gloucester Council planning site still disrupted from cyber attack - BBC News
BEC – Business Email Compromise
Malware
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users | McAfee Blog
A study on malicious plugins in WordPress Marketplaces - Security Affairs
BumbleBee a New Modular Backdoor Evolved From BookWorm (trendmicro.com)
Malicious Chrome Extensions Plague 1.4M Users (darkreading.com)
Mobile
Mobile banking apps put 300,000 digital fingerprints at risk • The Register
Researcher unveils smart lock hack for fingerprint theft (techtarget.com)
Internet of Things – IoT
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (darkreading.com)
Singapore clocks higher ransomware attacks, warns of IoT risks | ZDNET
ieGeek Vulnerabilities still prevalent in 2022 - Amazon Ft. IG20 (realinfosec.net)
Data Breaches/Leaks
Okta Says Customer Data Compromised in Twilio Hack | SecurityWeek.Com
Neopets says hackers had access to its systems for 18 months (bleepingcomputer.com)
Akasa Air Suffers Data Leak on First Day of Operation- IT Security Guru
Samsung says hackers obtained some customer data in newly disclosed breach | Engadget
Millions of student loan accounts exposed in data breach | TechRadar
Russian streaming platform confirms data breach affecting 7.5M users (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FBI: Crooks stole $1b+ in cryptocurrency already this year • The Register
Ukraine takes down cyber crime group hitting crypto fraud victims (bleepingcomputer.com)
FBI: Crooks are using these DeFi flaws to steal your money | ZDNET
Windows malware delays coinminer install by a month to evade detection (bleepingcomputer.com)
Crypto-Crooks Spread Trojanized Google Translate App in Watering-Hole Attack (darkreading.com)
Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Insurance
Cyber insurance has been around for 25 years. It’s still a bit of a mess. (slate.com)
Travelers, Policyholder Agree to Void Current Cyber Policy (insurancejournal.com)
Cyber Frauds Skyrocket: Can Cyber Insurance Protect You in Real World? Experts Explain (news18.com)
Google Cloud, Microsoft and AWS dive into cyber insurance - Protocol
Cyber Insurance Price Hike Hits Local Governments Hard (insurancejournal.com)
Insurers must rethink handling of cyber attacks on states | Financial Times (ft.com)
Cyber insurance on rise as attacks surge | Mint (livemint.com)
Dark Web
German man charged for trying to hire fake contract killer on darkweb | Euronews
NATO Investigates Dark Web Leak of Data Stolen From Missile Vendor (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
1 in 3 organisations don't know if their public cloud data was exfiltrated - Help Net Security
Real-World Cloud Attacks: The True Tasks of Cloud Ransomware Mitigation (darkreading.com)
Encryption
CISA: Prepare now for quantum computers, not when hackers use them (bleepingcomputer.com)
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
LastPass source code breach – do we still recommend password managers? – Naked Security (sophos.com)
Social Media
Social media is ruining our lives and the public are finally waking up (telegraph.co.uk)
Thousands lured with blue badges in Instagram phishing attack (bleepingcomputer.com)
Training, Education and Awareness
Privacy
Trident Royal Navy staff reveal sensitive data on fitness app | News | The Times
Cops wanted to keep mass surveillance app secret; privacy advocates refused | Ars Technica
US telcos admit to storing, handing over location data • The Register
Facebook moves to settle Cambridge Analytica lawsuit | TechCrunch
Homomorphic encryption: a holy grail for privacy, explained (fastcompany.com)
Nobody’s special to the WFH software spies | Comment | The Times
Travel
Parental Controls and Child Safety
Scammers Targeting Thousands Of Children As Young As Six, Figures Show (informationsecuritybuzz.com)
Over a Third of Parents Do Not Know What Online Accounts Their Children Use - IT Security Guru
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Why Russia's cyber war in Ukraine hasn't played out as predicted (newatlas.com)
Ukraine's army of hackers failed to thwart Russia and quickly gave up | New Scientist
Moscow gridlock as hackers send dozens of taxis to Hotel Ukraine (telegraph.co.uk)
Finland To Offer Businesses Cybersec Vouchers In Wake Of Nato-related (informationsecuritybuzz.com)
China-linked APT40 used ScanBox Framework in a long-running espionage campaign - Security Affairs
Montenegro says Russian cyber attacks threaten key state functions (bleepingcomputer.com)
Google says it cut off Russian disinformation sites from its vast ad display network - CyberScoop
Ex-spies banned from arms exports for UAE hack-for-hire work • The Register
Nation State Actors
Nation State Actors – Russia
FBI deploys cyber team to Montenegro following massive cyber attack | The Hill
Montenegro Sent Back to Analog by Unprecedented Cyber Attacks | Balkan Insight
Nation State Actors – China
Chinese Hackers Target Energy Firms in South China Sea | SecurityWeek.Com
China-linked APT40 targets wind turbines, Aust. government • The Register
Nation State Actors – Misc
Vulnerabilities
Apple Quietly Releases Another Patch for Zero-Day RCE Bug (darkreading.com)
Google Chrome emergency update fixes new zero-day used in attacks (bleepingcomputer.com)
URGENT! Apple slips out zero-day update for older iPhones and iPads – Naked Security (sophos.com)
WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites | SecurityWeek.Com
Critical hole in Atlassian Bitbucket needs patching now • The Register
Reports Published in the Last Week
Other News
Former Cyber criminal: These Are the Biggest Threats on the Internet (businessinsider.com)
Stuxnet explained: The first known cyber weapon | CSO Online
Infra Used in Cisco Hack Also Targeted Workforce Management Solution (thehackernews.com)
Okta Impersonation Technique Could be Utilized by Attackers | SecurityWeek.Com
Remote Work Cyber Security: 12 Risks and How to Prevent Them (techtarget.com)
Does your cyber crime prevention program work? - Help Net Security
Does Blockchain really offer Better Digital Security? - IT Security Guru
IT and Employees Don’t Always See Eye to Eye on Cyber Security - IT Security Guru
New Cyber Security Regulations Are Coming. Here’s How to Prepare. (hbr.org)
Cyber security budget breakdown and best practices (techtarget.com)
How Just-in-Time privilege elevation prevents data breaches and lateral movement - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 May 2022
Black Arrow Cyber Threat Briefing 13 May 2022
-UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks
-Wannacry – 5 Years On, 68% Of Enterprises Are Still At Risk
-You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius
-Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat
-Most Organisations Hit by Ransomware Would Pay Up If Hit Again
-31,000 FTSE 100 Logins Found on Dark Web
-Ransomware: How Executives Should Prepare Given the Current Threat Landscape
-What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness
-NCSC Shut Down 2.7 Million Scams in 2021
-Top 6 Security Threats Targeting Remote Workers
-Password Reuse Is Rampant Among Employees in All Sectors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks
The Five Eyes coalition of international cyber security authorities, this week issued an advisory to warn managed service providers (MSPs), including external IT providers, of an escalating threat of attack from both everyday cyber criminals and state-sponsored threat actors.
MSPs provide or operate information and communications technology services.
With input from cyber security leaders from Australia, Canada, New Zealand, the UK and the US, the NSA provided recommendations to help bolster their cyber defences, including:
Finding and disabling dormant accounts.
Implementing and enforcing multifactor authentication on accounts.
Ensuring contracts clearly map out who owns and is responsible for securing data.
Malicious actors are targeting MSPs to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes authorities have formally warned in a joint security alert.
"The UK, Australian, Canadian, New Zealand, and US cyber security authorities expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the alert warned.
These types of supply-chain or "island-hopping" attacks can prove very lucrative for cyber criminals because once they break into an MSP, they gain access to all of the customers' networks and data being managed, and in turn commit computer crimes and fraud against those customers' customers.
Wannacry – 5 Years On, 68% Of Enterprises Are Still at Risk
5 years on from one of the world’s most damaging ransomware attacks, research from network detection and response leader ExtraHop has found that 68% of enterprises are still running insecure protocol that were exploited by the North Korean ransomware.
The events of 12 May 2017 live on in cyber security lore. WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale – from downtime to ransom paid to reputational damage. Yet despite the danger, huge numbers of organisations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.
You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius
Given it is impossible to prevent all cyber attacks, many organisations should look to reduce the size of the company’s attack surface and the limit the “blast radius” of a potential attack.
There is a danger that the biggest risk concerning cyber attacks is that we’re becoming desensitised to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like efforts to safeguard the enterprise are futile. But that’s all the more reason to strengthen your resolve—and switch up your cyber defence strategy.
The core of this strategy should be the concept of “reducing the blast radius” of an attack, and since you can’t completely eliminate cyber attacks, you need to take steps to contain the impact.
This strategy should contain basic blocking and also consider things such as Zero Trust for remote access, traffic inspection, software-based micro-segmentation and other practical measures to reduce your attack surface.
https://threatpost.com/cyberattacks-blast-radius/179612/
Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat
Boardrooms have a reputation for not paying much attention to cyber security, but it could be that executives are finally keen to take more interest in securing the systems and networks their businesses rely on.
Senior figures from American, British and Australian cyber security agencies have said that business execs are now more aware of cyber threats and are actively engaging with their chief information security officer (CISO) and information security teams.
Chief execs are starting to ask their CISOs the right questions, rather than leaving them to it because they don't have to understand complex technology. It does feel like a much more engaging strategic conversation, but there can still be a disconnect between knowing what needs to happen, then actually budgeting for and implementing a cyber security strategy.
https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/
Most Organisations Hit by Ransomware Would Pay Up If Hit Again
Almost nine in 10 organisations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.
The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.
The report is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.
Kaspersky claims that in 88 percent of organisations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.
https://www.theregister.com/2022/05/13/organizations_pay_ransomware/
31,000 FTSE 100 Logins Found on Dark Web
Researchers with Outpost24 are reporting over 31,000 corporate credentials for many of the UK’s leading FTSE 100 firms on the dark web. These are the 100 biggest companies listed on the London Stock Exchange by market capitalisation. The researchers used their threat monitoring and auditing tool Blueliv to search dark web sites for the breached credentials.
Key findings from stolen and leaked credentials study:
The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
31,135 total stolen and leaked credentials detected for FTSE 100 companies, with 38% disclosed on the underground in the past 12 months
Nearly half (42%) of FTSE 100 companies have more than 500 compromised credentials exposed on the dark web
Up to 20% of credentials are stolen via malware infection and stealers
11% disclosed in the last 3 months (21% in the last 6 months and over 68% have been exposed for over 12 months)
Over 60% of stolen credentials came from 3 industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%)
IT/Telecoms industry is the most at risk with the highest total amount (7,303) and average stolen credentials per company (730), they are most affected by malware infection and have the most amount of stolen credentials disclosed in the last 3 months
On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they found themselves increasingly in the cyber criminals’ crosshairs since the pandemic.
https://informationsecuritybuzz.com/expert-comments/31000-ftse-100-logins-found-on-dark-web/
Ransomware: How Executives Should Prepare Given the Current Threat Landscape
As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive.
Top executives are increasingly dreading the phone call from their fellow employee notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organisation has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. A recent survey showed that 37 percent of organisations surveyed had been affected by ransomware attacks in the last year.
Worse, the days when executive leadership teams could fully delegate responsibility to a CISO are over. Regardless of reality, surveys have shown that about 40 percent of the public perception of fault for a ransomware attack lands squarely on the CEO’s shoulders, and that 36 percent of attacks result in the loss of C-level talent. While executive involvement in the security program does not guarantee a successful defence, it does give the executive leadership team (ELT) a degree of ownership of the final product, as well as the ability to speak confidently and knowledgeably to the public.
What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness
The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.
If it’s the time of year for you to fill out the annual cyber insurance policy application, you will see how the focus for insurance firms is changing. Each year you can get an insight into what insurance vendors are using to rate the risks and threats to your business and what they are stressing firms should have in place as best practice or what they are expecting you should have in place as a baseline set of controls. Not having them in place could affect insurance rates, whether you are able to get cyber coverage at all, or crucially whether they would pay out in the event of you having to make a claim.
This year you might find more questions specifically around ransomware prevention techniques and protections, from Multi Factor Authentication (MFA) to Endpoint Detection and Response (EDR), and email filtering protections to the robustness of your backups.
Make sure to review your cyber insurance policy and its related questionnaire. And ask whether you are doing everything you can to protect your firm and tailoring your actions to align with what your insurance provider has deemed as a best practice.
NCSC Shut Down 2.7 Million Scams in 2021
The UK National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed this week, four times as many scams compared to 2020.
The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative at the CYBERUK summit earlier in the week.
According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails.
It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular.
Some cyber criminals even posed as NCSC CEO Lindy Cameron – victims received an email claiming the NCSC had prevented £5m of their money from being stolen, and were urged to supply personal information to retrieve the funds.
https://www.itsecurityguru.org/2022/05/10/ncsc-shut-down-2-7-million-scams-in-2021/
Security Threats Targeting Remote Workers
Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.
Being on a home network lacks the layered network security of the company environment. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office.
Not all security threats are the fault of technology. Much of it also comes from human error.
Remote work greatly exacerbates human-activated risk, and people are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack.
Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.
https://www.darkreading.com/endpoint/top-6-security-threats-targeting-remote-workers
Password Reuse Is Rampant Among Employees in All Sectors
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications.
Drawing on a database of over 200 billion recaptured assets, researchers identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26% increase from last year’s analysis.
Analysis of this data showed a 64% password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices –– all sources of cyber risk for both employers and consumers who rely on businesses to safeguard their personal data. With remote work blurring the lines between work and personal device use, a larger attack surface compounds the risk of cyber attacks proliferating beyond compromised employee and consumer identities to penetrate corporate networks.
https://www.helpnetsecurity.com/2022/05/11/fortune-1000-identity-exposure/
Threats
Ransomware
Costa Rica Shows the Damage Ransomware Can Do to a Country - The Washington Post
Ransomware Works Fast, You Need to Be Faster To Counter It - Help Net Security
A Closer Look At Today’s Ransomware Attack Landscape - MSSP Alert
Ransomware Is a National Security Threat, So Please Tell Us About Attacks, Says Government | ZDNet
5 Years That Altered the Ransomware Landscape (darkreading.com)
Colonial Pipeline Faces Nearly $1m Fine After Ransomware • The Register
These Ransomware Attackers Sent Their Ransom Note to The Victim's Printer | ZDNet
New Malware Samples Indicate Return of REvil Ransomware | SecurityWeek.Com
How to Avoid Falling Victim to PayOrGrief's Next Rebrand (darkreading.com)
Examining the Black Basta Ransomware’s Infection Routine (trendmicro.com)
Phishing & Email Based Attacks
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters | Threatpost
New Email Security Tool Launched to Help Organisations Check Their Defences - NCSC.GOV.UK
Malware
Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks | Threatpost
Low-rent Remote Access Trojan (RAT) Worries Researchers | Threatpost
Eternity Malware Kit Offers Stealer, Miner, Worm, Ransomware Tools (bleepingcomputer.com)
It costs $7 to Rent DCRat Malware to Backdoor Your Network • The Register
Shopping For Malware: $260 Gets You a Password Stealer... • The Register
Microsoft: Sysrv Botnet Targets Windows, Linux Servers with New Exploits (bleepingcomputer.com)
Google Drive Emerges as Top App For Malware Downloads - Help Net Security
Stealthy Linux Implant BPFdoor Compromised Organizations Globally For Years | CSO Online
Malware Attacks Getting More Regional, Claims Netskope • The Register
5-Buck DCRat Malware Foretells a Worrying Cyber Future (darkreading.com)
Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service | Threatpost
German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)
Data Breaches/Leaks
PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram - Information Security Buzz
Victims of Horizon Actuarial Data Breach Exceed 1M (techtarget.com)
Organised Crime & Criminal Actors
Crypto Robber Who Lured Victims Via Snapchat and Stole £34,000 Jailed (bleepingcomputer.com)
Crook Jailed for Selling Stolen Credentials On Dark Web • The Register
US Agrees to International Electronic Cyber Crime Evidence Swap (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs
NFTs Emerge as the Next Enterprise Attack Vector (darkreading.com)
Fake Binance NFT Mystery Box Bots Steal Victim's Crypto Wallets (bleepingcomputer.com)
Possible $1 Billion Crypto Ponzi Scheme Probed by Tax Investigators - Bloomberg
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
How Can Your Business Defend Itself Against Fraud-as-a-Service? (darkreading.com)
Scammers Impersonate Britain’s Top Cyber Crime Chief in Fake £5m Heist (telegraph.co.uk)
Caramel Credit Card Stealing Service Is Growing in Popularity (bleepingcomputer.com)
Hackers Are Exploiting WordPress Themes, Plugins to Hawk Scams (gizmodo.com)
Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (thehackernews.com)
Insurance
Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage (tripwire.com)
How Cyber Liability Insurance Can Help Protect Your Business Reputation - MSSP Alert
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cloud
Open Source
Travel
Parental Controls and Child Safety
Cyber Bullying and Cyber Stalking
Regulations, Fines and Legislation
Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Wars Start in Cyberspace Well Before Shots Are Fired • The Register
#CYBERUK22: Cyber Trends from the Russia-Ukraine War - Infosecurity Magazine
US Pledges to Help Ukraine Keep the Internet and Lights On (darkreading.com)
Spain’s Spy Chief Sacked Over Pegasus Scandal - Infosecurity Magazine
OpRussia Update: Anonymous Breached Other Organizations - Security Affairs
Pro-Russian Hacktivists Target Italy Government Websites - Security Affairs
Nation State Actors
Nation State Actors – Russia
Russian Hackers Targeting Opponents Of Ukraine Invasion, Warns GCHQ Chief | Hacking | The Guardian
Western Intelligence Blames Russia for Europe-Wide Cyber Attack - Infosecurity Magazine
State Department Says Russian Cyber War Against Ukraine Began in January | The Independent
Ukraine War: Don’t Underestimate Russia Cyber-Threat, Warns US - BBC News
Nation State Actors – China
Experts Uncovered a New Wave Of Attacks Conducted By Mustang Panda - Security Affairs
China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert
Nation State Actors – Iran
Vulnerability Management
Vulnerabilities
Critical F5 BIG-IP Vulnerability Exploited to Wipe Devices (bleepingcomputer.com)
Adobe Warns of 'Critical' Security Flaws in Enterprise Products | SecurityWeek.Com
Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (darkreading.com)
Intel Emits Raft of Firmware Patches For Security Flaws • The Register
Actively Exploited Zero-Day Bug Patched by Microsoft | Threatpost
HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models (bleepingcomputer.com)
Zyxel Fixes Firewall Flaws That Could Lead to Hacked Networks (bleepingcomputer.com)
Microsoft Releases Fixes for Azure Flaw Allowing RCE Attacks (bleepingcomputer.com)
Researchers Find Flaws in Word, PDF Script Handling • The Register
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (thehackernews.com)
Microsoft: May Windows Updates Cause AD Authentication Failures (bleepingcomputer.com)
Sector Specific
Health/Medical/Pharma Sector
Ransomware Group Strikes Second US Health Care System in The Last Two Months - CyberScoop
Is That Health App Safe to Use? A New Framework Aims To Provide An Answer - Help Net Security
Manufacturing
German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)
China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert
Education and Academia
Reports Published in the Last Week
Other News
An Offensive Mindset Is Crucial for Effective Cyber Defence - Help Net Security
Zero-Click Attacks Explained, And Why They Are So Dangerous | CSO Online
Britain Must Upgrade Cyber Defences ‘Or Be Hit By 9/11-Style Attack’ (telegraph.co.uk)
Everything We Learned From the LAPSUS$ Attacks (thehackernews.com)
Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes (darkreading.com)
Prepare for What You Wish For: More CISOs on Boards | SecurityWeek.Com
Ready, IAM, Fire: How Weak Identity and Access Management (IAM) Makes You a Target (darkreading.com)
How Privileged Access Management (PAM) Must Evolve - MSSP Alert
Secure Your CMS-Based Websites Against Pervasive Attacks - Help Net Security
Threats To Hardware Security Are Growing - Help Net Security
Government’s “Whole of Society” Cyber Strategy Takes Shape - Infosecurity Magazine
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.