Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 17 November 2023
Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:
-Cyber Resilience Requires Maturity, Persistence & Board Engagement
-Security is a Process, Not a Tool
-46% of SMBs and Enterprises Have Experienced a Ransomware Attack
-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
-Financial Services still Stubbornly Vulnerable to Cyber Disruption
-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks
-NCSC Warns UK Over Significant Threat to Critical Infrastructure
-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Resilience Requires Maturity, Persistence & Board Engagement
Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.
Source: [Dark Reading]
Security is a Process, not a Tool
The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.
Source: [Dark Reading]
46% of SMBs and Enterprises Have Experienced a Ransomware Attack
A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.
Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.
Source: [Security Magazine] [IT Business]
Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries
In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.
Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.
Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.
Source: [welivesecurity]
67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission
New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.
Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.
Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.
Sources: [Tech Radar] [the HR Director]
The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023
In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.
This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.
Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups. Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Forbes] [Infosecurity Magazine] [ITPro]
Financial Services Still Stubbornly Vulnerable to Cyber Disruption
A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.
According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.
Source: [FTAdviser]
World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks
The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.
Sources: [SC Media] [Bit Defender]
NCSC Warns UK Over Significant Threat to Critical Infrastructure
The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.
The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.
They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.
For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.
This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.
Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]
Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.
Sources: [Infosecurity Magazine] [Bleeping Computer]
Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks
A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).
Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.
Source: [TechRadar]
Phishing Emails Are More Believable Than Ever. Here's What to Do About It.
Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.
It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CSO Online]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
29% of organisations cite data loss as top security breach result | Security Magazine
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)
Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar
6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
Should cyber security overconfidence be on your threat radar? | TechRadar
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Every Business Owner Should Be Thinking About Improving Online Security | Inc.com
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)
How to withstand the onslaught of cyber security threats - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser
Law practices and government agencies experience the largest ransomware spikes - Digital Journal
Orgs still losing logs, powerless to speedy ransomware • The Register
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine
Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
The Persistent Menace: Understanding And Combating Ransomware (forbes.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Ransomware tracker: The latest figures [November 2023] (therecord.media)
Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)
Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Uncovering the ransomware threat from global supply chains | ITPro
Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Success eludes the International Counter Ransomware Initiative - Help Net Security
New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)
How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)
Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)
New approaches to fighting ransomware are emerging | Mimecast
FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK
FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)
FBI pumping 'significant' resources into Scattered Spider • The Register
New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)
It ain’t what you store, it’s the way you restore it. • The Register
Ransomware Victims
Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)
How a cyber attack crippled the world's largest bank for hours | Euronews
ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)
FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)
Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)
Tri-City Medical Center cyber attack impacting patient care (10news.com)
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
LockBit leaks Boeing files after failed ransom negotiations • The Register
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
British Library’s Halloween cyber scare was ransomware | Computer Weekly
Royal Mail ransomware recovery to cost at least $12 million • The Register
9 million patients had data stolen after US medical transcription firm hacked | TechCrunch
Clorox CISO flushes self after multimillion-dollar attack • The Register
Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)
Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News
Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)
Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week
Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)
Stellantis production affected by cyber attack at auto supplier - The Columbian
Phishing & Email Based Attacks
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)
Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)
Artificial Intelligence
UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)
UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK
AI disinformation campaigns pose major threat to 2024 elections - Help Net Security
Microsoft blocks internal access to ChatGPT over security • The Register
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED
Mitigating Deepfake Threats in the Corporate World | MSSP Alert
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)
How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker
Malware
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Infostealers and the high value of stolen data - Help Net Security
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
Ducktail Malware Targets the Fashion Industry (darkreading.com)
Mobile
Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena
Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com
Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch
How to spot a fake data blocker that could hack your computer in seconds | ZDNET
Denial of Service/DoS/DDOS
Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online
How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)
Internet of Things – IoT
How to protect your organisation from IoT malware | TechTarget
Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)
Data Breaches/Leaks
Infostealers and the high value of stolen data - Help Net Security
29% of organisations cite data loss as top security breach result | Security Magazine
McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)
Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)
Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)
Fourth time unlucky: Okta hit by new cyber attack - Digital Journal
Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)
The real cost of healthcare cyber security breaches - Help Net Security
Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)
Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)
Samsung warns some customers their data may have been stolen by hackers | TechRadar
Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)
Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)
Morgan Stanley fined over computers with personal data (cnbc.com)
Samsung says hackers accessed customer data during year-long breach | TechCrunch
A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED
Organised Crime & Criminal Actors
Russian admits building now-dismantled IPStorm proxy botnet • The Register
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Ethereum hacked to steal millions from users across the world | TechRadar
Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)
Insider Risk and Insider Threats
Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Insurance
Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News
Supply Chain and Third Parties
Uncovering the ransomware threat from global supply chains | ITPro
How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)
Cloud/SaaS
This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar
Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)
Traditional cloud security isn't up to the task - Help Net Security
Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security
Identity and Access Management
Encryption
The new frontier in online security: Quantum-safe cryptography (techxplore.com)
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
TETRA encryption algorithms entering the public domain • The Register
Passwords, Credential Stuffing & Brute Force Attacks
70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)
Google Workspace security flaws could see hackers easily snaffle your password | TechRadar
Stop using weak passwords for streaming services - it's riskier than you think | ZDNET
The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot
Social Media
Meta and YouTube face criminal surveillance complaints • The Register
How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)
Malvertising
BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly
This fake Windows news site is spreading malware via hacked Google ads | TechRadar
Training, Education and Awareness
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)
Regulations, Fines and Legislation
EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)
Meta and YouTube face criminal surveillance complaints • The Register
SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)
Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)
Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)
Clorox CISO flushes self after multimillion-dollar attack • The Register
Morgan Stanley fined over computers with personal data (cnbc.com)
White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop
Models, Frameworks and Standards
What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra
Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security
Backup and Recovery
Data Protection
Web browsing data collected in more detail than previously known, report finds (ft.com)
Online ad auction data harms national security – claim • The Register
Careers, Working in Cyber and Information Security
The challenges and opportunities of working in cyber security | TechRadar
How US SEC legal actions put CISOs at risk and what to do about it | CSO Online
Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)
Law Enforcement Action and Take Downs
Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)
Russian admits building now-dismantled IPStorm proxy botnet • The Register
European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)
Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)
Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity
Cyber Warfare and Cyber Espionage
NCSC Annual Review on 'state-aligned actors' | Professional Security
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com
Nation State Actors
China
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
ICBC/ransomware: China’s cyber security industry moves out of the shadows
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)
Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
Labour warns against watering down of UK’s takeover screening powers
Russia
China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga
Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)
Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)
Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert
EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)
Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)
Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)
What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg
Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)
Iran
North Korea
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)
Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerabilities
'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)
Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)
CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)
Adobe Releases Security Updates for Multiple Products | CISA
ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week
Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week
Fortinet Releases Security Updates for FortiClient and FortiGate | CISA
Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)
New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)
SAP Patches Critical Vulnerability in Business One Product - Security Week
Critical flaw fixed in SAP Business One product (securityaffairs.com)
Citrix Releases Security Updates for Citrix Hypervisor | CISA
Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)
An email vulnerability let hackers steal data from governments around the world (engadget.com)
Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)
Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr
Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)
Tools and Controls
Building resilience to shield your digital transformation from cyber threats - Help Net Security
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly
Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)
The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)
Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online
Web Application Attacks | Types of Web Application Attacks | Mimecast
Traditional cloud security isn't up to the task - Help Net Security
National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)
The cultural shift that’s needed to see greater ROI in cyber | Federal News Network
NCSC backs use of security.txt for cyber resilience | UKAuthority
New approaches to fighting ransomware are emerging | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
The new imperative in API security strategy - Help Net Security
How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)
Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)
Threat Intel: To Share or Not to Share is Not the Question - Security Week
As perimeter defences fall, the identify-first approach steps into the breach | CSO Online
The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru
OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics
Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs
Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)
Kubernetes adoption creates new cyber security challenges - Help Net Security
Aon president warns insurers against ‘walking away’ from major risks (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Hundreds of websites cloned to run ads for Chinese gambling • The Register
AI helps leaders optimize costs and mitigate risks - Help Net Security
It ain’t what you store, it’s the way you restore it. • The Register
Reports Published in the Last Week
Other News
'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT
National security at risk from web browsing data collection, report finds (ft.com)
CISOs vs. developers: A battle over security priorities - Help Net Security
Collaborative strategies are key to enhanced ICS security - Help Net Security
Web Application Attacks | Types of Web Application Attacks | Mimecast
Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security
Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 October 2023
Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:
-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year
-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation
-Ransomware Infection Times Fall from 5 Days to 5 Hours
-80% of Security Leaders See AI as the Biggest Threat to Business
-Is Your Board Cyber-Ready?
-Cyber Security Should Be a Business Priority for CEOs
-The Looming Threat of a Single Phishing Click to Your Business
-40% of Organisations Leave Ransomware to IT
-Auditors Growing Concern About Cyber Security
-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game
-Preparing for the Unexpected: A Proactive Approach to Operational Resilience
-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone
-Organisations Grapple with Detection and Response Despite Rising Security Budgets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year
A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.
In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.
Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.
Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]
The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation
In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.
Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.
Source: [News Week] [Beta News]
Ransomware Infection Times Fall from 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.
This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.
The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.
Sources: [Cision] [PC Mag] [Security Magazine]
80% of Security Leaders See AI as the Biggest Threat to Business
A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.
In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.
With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.
Sources: [Diginomica] [Infosecurity Magazine]
Is Your Board Cyber-Ready?
With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.
Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.
Sources: [Harvard.edu] [JDSupra]
Cyber Security Should Be a Business Priority for CEOs
A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.
Source: [HelpNet Security]
The Looming Threat of a Single Phishing Click to Your Business
A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.
Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CMS-lawnow]
40% of Organisations Leave Ransomware to IT
A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.
By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [MSSP Alert]
Auditors’ Growing Concern About Cyber Security
The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.
Source: [Accounting Today]
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.
Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.
Source: [Dark Reading]
Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone
The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.
It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.
Sources: [Bleeping Computer] [Infosecurity Magazine]
Organisations Grapple with Detection and Response Despite Rising Security Budgets
A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.
The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.
Source: [CSO Online]
Governance, Risk and Compliance
Auditors more worried about cyber security than AI risks | Accounting Today
Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar
Warning as more businesses fall victim to cyber attacks | Insurance Times
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)
90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)
The world was already horrifying — technology is making it more so - The Hustle
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Cyber security should be a business priority for CEOs - Help Net Security
Organisations grapple with detection and response despite rising security budgets | CSO Online
The undeniable benefits of making cyber resiliency the new standard | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
Cyber insurance costs pressure business budgets - Help Net Security
C-suite weighs in on generative AI and security (securityintelligence.com)
Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023
New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)
Should businesses follow Google’s footsteps in cyber security? | TechRadar
Cyber security is booming but it comes at a human cost (betanews.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)
6 steps to getting the board on board with your cyber security program (welivesecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine
Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber criminals can go from click to compromise in less than a day - Help Net Security
Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)
Ransomwared health insurer wasn't using anti-virus software • The Register
Everest searching for corporate insiders amid rare pivot • The Register
HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)
How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)
SEC Investigating Progress Software Over MOVEit Hack - Security Week
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)
Ransomware Victims
Cyber attack victim Estes making ‘steady progress’ - FreightWaves
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Ransomwared health insurer wasn't using anti-virus software • The Register
BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)
Phishing & Email Based Attacks
The looming threat of a single phishing click to your business (cms-lawnow.com)
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Phishing, the campaigns that are affecting Italy (securityaffairs.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)
Cyber security pros predict rise of malicious AI - Help Net Security
Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)
US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)
Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)
How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)
2FA/MFA
Malware
Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)
Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)
How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)
Endpoint malware attacks decline as campaigns spread wider - Help Net Security
Mobile
Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)
Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)
5 quick tips to strengthen your Android phone security today | ZDNET
Botnets
Denial of Service/DoS/DDOS
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)
Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert
Internet of Things – IoT
Automotive cyber security: A decade of progress and challenges - Help Net Security
Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week
Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)
Data Breaches/Leaks
3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)
DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)
Lyca Mobile says customer data was stolen during cyber attack | TechCrunch
Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Air Europa customers urged to cancel cards following hack on payment system (therecord.media)
Dymocks breach happened while changing providers | Information Age | ACS
Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)
Organised Crime & Criminal Actors
The cyber villains are getting bolder. Businesses need to up their game - Raconteur
Protecting your business against the cyber criminal enterprise (techuk.org)
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
Insider Risk and Insider Threats
Everest searching for corporate insiders amid rare pivot • The Register
Former US soldier accused of trying to pass secrets to China • The Register
Understanding the human factor of digital safety | TechRadar
Fraud, Scams & Financial Crime
Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media
Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
Never click on bank-draining words if message pops up, expert warns (ladbible.com)
Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian
Deepfakes
AML/CFT/Sanctions
Insurance
Cyber insurance costs pressure business budgets - Help Net Security
Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News
Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)
Keeping up with the demands of the cyber insurance market - Help Net Security
Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)
Supply Chain and Third Parties
Software Supply Chain
Why open-source software supply chain attacks have tripled in a year | CSO Online
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Cloud/SaaS
The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)
Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology
Securely Moving Financial Services to the Cloud (darkreading.com)
Identity and Access Management
Encryption
New cryptographic protocol aims to bolster open-source software security | ZDNET
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
API
Open Source and Linux
New cryptographic protocol aims to bolster open-source software security | ZDNET
Why open-source software supply chain attacks have tripled in a year | CSO Online
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
CISA publishes top 10 most common security misconfigurations • The Register
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Social Media
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)
What should you do if your Facebook is hacked? (pocket-lint.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Work-related stress “keeps cyber professionals up at night” | ITPro
Cyber security is booming but it comes at a human cost (betanews.com)
eBook: Cyber security career hacks for newcomers - Help Net Security
Turning military veterans into cyber security experts - Help Net Security
CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week
Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)
Law Enforcement Action and Take Downs
European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State/Cyber Warfare
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)
The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Russia
Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)
Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)
Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba
Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
China
A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)
Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Former US soldier accused of trying to pass secrets to China • The Register
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
Iran
Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)
North Korea
Vulnerability Management
Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)
Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert
Vulnerabilities
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week
Google Chrome 118 is a massive security update - gHacks Tech News
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)
WhatsApp exploits commanding multi-million prices (computing.co.uk)
High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)
Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week
Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)
D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
Apple releases iOS 16.7.1 to plug critical security holes | Macworld
The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
35 Squid proxy bugs still unpatched after 2 years • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Tools and Controls
Organisations grapple with detection and response despite rising security budgets | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)
16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)
A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)
You can't avoid APIs, so you need to secure them (betanews.com)
What is External Attack Surface Management (EASM)? | UpGuard
Why You Should Phish In Your Own (informationsecuritybuzz.com)
Why zero trust delivers even more resilience than you think - Help Net Security
Unmasking the limitations of yearly penetration tests - Help Net Security
Keeping up with the demands of the cyber insurance market - Help Net Security
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Keep on keeping your organisation informed to stay cyber secure (techuk.org)
Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)
Reports Published in the Last Week
Other News
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Large law firms experiencing two 'cyber incidents' a month - Legal Futures
Small businesses growing target for cyber criminals (planetradio.co.uk)
The world was already horrifying — technology is making it more so - The Hustle
Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)
Subsea cable business seeks to plug its security holes (lightreading.com)
Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)
Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)
Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star
Proactive not reactive: adjusting the approach to cyber crime in education
Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)
As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security
Electric Power System Cyber Security Vulnerabilities (trendmicro.com)
Securing the Food Pipeline from Cyber Attacks (newswise.com)
US construction giant reports cyber security incident • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 6 October 2023
Black Arrow Cyber Threat Intelligence Briefing 06 October 2023:
-Many Cyber Attacks Begin by Breaking Human Trust
-BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
-SME Cyber Security Knowledge Gap Widens
-UK Security Budgets Under Strain as Cyber Incidents Soar
-Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
-FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
-Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
-Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
-Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
-Evolving Conversations: Cyber Security as a Business Risk
-Threats in Cloud Top the List of Executive Cyber Concerns
-Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Many Cyber Attacks Begin by Breaking Human Trust
One of the most visible cyber attacks in recent months has reminded us that we all play a role in security, and people remain a favourite route for attackers. In the recent attack on MGM Resorts, an employee unwittingly helped the attacker to access the organisation’s systems and information. The attack highlights the power of social engineering as an attack vector, and that any size of business can fall victim.
One of the ways organisations can help to protect themselves is to provide social engineering training to employees. This builds resilience by helping employees to understand, recognise and avoid becoming a victim, recognising that cyber security involves more than just technology.
Despite some improvements in awareness programs, organisations face hurdles including budget constraints, limited training time and understaffing. Training should be continuous and target major risk areas such as phishing, vishing and password management, while fostering a proactive security culture.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes ensure employee engagement and build a cyber security culture to protect the organisation.
Sources: [GovTech] [Bloomberg] [Security Week]
BYOD Should Stand for Bring Your Own Disaster, According to Microsoft Ransomware Data
Microsoft research says that 80-90 percent of ransomware attacks over the past year originated from unmanaged devices. Many organisations welcome a bring your own device (BYOD) policy, yet are not managing these devices effectively.
Without appropriate management of BYOD devices, organisations are allowing a number of unknown devices onto the corporate scene; these devices can be unpatched, unregulated and can lack adequate security measures, without the organisation even being aware.
Source: [The Register]
SME Cyber Security Knowledge Gap Widens
Recent findings underscore a growing concern: a significant cyber security knowledge gap among small and medium size enterprises (SMEs). The report found that 22% of employees are concerned their actions could contribute to a cyber attack or data breach. Alarmingly, more than three-quarters of senior executives are unable to identify cyber threats or distinguish phishing emails from legitimate ones.
Despite the clear risks, three out of four SMEs do not provide any form of cyber security training to their staff. This reveals a concerning disconnect: while the majority of business owners do not perceive their staff as potential cyber security risks, many employees themselves acknowledge that they could inadvertently cause such issues.
Adding to the concern, 60% of SMEs have no plans to increase their security budget in the coming year. Two-thirds of these businesses do not view cyber security as a priority. In fact, only one in five SMEs are even considering investing in cyber insurance. This widening knowledge gap in SME cyber security is indeed troubling and calls for immediate attention.
Sources: [Insurance Journal] [Dealer Support] [IT Security Guru]
UK Security Budgets Under Strain as Cyber Incidents Soar
A recent report found that UK businesses have suffered a 25% increase in cyber incidents in the last year, against a backdrop of budgetary constraints on implementing cyber security strategies. The report found that, despite spending more than £40,000 a year on cyber security protection, more than a quarter of organisations think their cyber security budget is inadequate to fully protect them from growing threats. This is as UK businesses have experienced, on average, 30 cyber incidents over the last 12 months, a 25% increase compared to last year.
The report identified that a lack of key skills remains one of the main concerns in tackling rising cyber threats. So much so that 30% of cyber staff admit to currently facing burnout. This pressure also means that less than half of companies are confident in their ability to handle the biggest threats facing organisations, including phishing (56%) and malware (55%).
Sources: [Silicon] [Verdict] [CSO Online]
Cyber Leaders’ Confidence in Their Organisation’s Defences Plummets, But Costs Mount
A recent EY survey of cyber security leaders reported that just 1 in 5 found their organisation’s approach to cyber defences to effective and just 36% are satisfied with the levels of best practices by teams outside the IT department. The report also found that despite higher levels of spending, the organisation’s cyber security detection and response appeared slow; 76% of respondents took six months or longer to detect and respond to an incident.
Source: [EY]
FBI Warns of Dual Ransomware as Data Destruction Dwell Times Hit Low of 24 Hours
The FBI has flagged dual ransomware attacks, where attackers will attack a company twice within a few hours, as an emerging trend. This comes as an increasing number of ransomware actors are deploying their ransomware within 24 hours of initial access, and in 10% of cases, within just a few hours. Comparing this to last year, where the median time was four and a half days, organisations have significantly less time to enact their response, if they have one.
Sources: [Tech Monitor] [The Cord] [Information Security] [Beta News] [Cision] [The Record] [Malware Bytes]
Tech-Savvy Young Workers Might Be the Biggest Cyber Liability to Your Business
A new report from Ivanti into hidden threats finds that one in three employees believe their actions do not impact their organisation's security. The research shows that Millennial and Gen Z office workers are more likely to have unsafe cyber security habits when compared to Gen X and older (those above 40 years of age). The report also finds that men and leaders are more comfortable contacting a security employee with a question or concern, with leaders at an organisation the most likely to reach out with a question at 72%.
The report also highlighted that phishing scams were found to be greatly underreported by those aged 40 and under, with 23% saying that they did not report the last phishing attempt they received, the most the most likely reason for this being “I didn’t think it was important”. In contrast, of the older demographic only 12% failed to report. Cyber security has only recently become the leading concern among C-suites and executives; however, security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture.
Sources: [Techradar] [Beta News] [HelpNet Security]
Half of Cyber Security Professionals Report Increase in Cyber Attacks, with 60% of Attacks Going Unreported
Over half (52%) of cyber security professionals are experiencing an increase in cyber attacks compared to a year ago, according to new research. Further findings revealed that only 40% of organisations conducted a cyber risk assessment annually. By conducting risk assessments, organisations are able to identify their vulnerabilities and address them, before an attacker gets the chance to exploit them.
Further, in a recent survey conducted by ISACA, which collated insights from over 2,000 security leaders globally, a significant 62% of respondents say that organisations are under-reporting cyber crime incidents. The report also revealed 59% indicate their cyber security teams are undermanned, and the challenge of retaining skilled cyber security professionals remains, with 56% experiencing retention issues.
Sources: [MSSP Alert] [Security Brief] [InfoSecurity Magazine ]
Global Cyber Survey Finds 50% Rise in Cyber Insurance Premiums
According to a recent survey, budgets for cyber security have grown 70% in the last five years and whilst these have risen, so have cyber insurance premiums (50%), due to the increase in ransomware attacks.
Insurance firms have not been able to sustain losses they were incurring without passing on these costs to their customers. At the same time, obtaining cyber insurance is getting exponentially harder, with more and more stringent controls and measures being mandated by insurance companies before underwriting to minimise their exposure.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Global Reinsurance]
Evolving Conversations: Cyber Security as a Business Risk
According to a report, only 53% of board members report having regular interactions with their cyber security experts, leaving nearly half without a strong and distinct Chief Information Security Officer (CISO) perspective in the decision making process.
By including CISOs or virtual CISOS (vCISOS) in board processes, the board can better understand the cyber implications of decisions, after all, you wouldn’t make a board-level financial decision without involving the CFO.
Source: [HelpNet Security]
Threats in Cloud Top the List of Executive Cyber Concerns
A recent report published by PwC has found that cloud-related threats are the top concern for organisations that have adopted the technology. These security concerns intensify for organisations with multiple clouds or hybrid infrastructures, with the report finding more than half of respondents citing cloud security as their most pressing concern.
The report highlighted that despite the focus on cloud security, nearly every organisation had risk management lapses. Nearly a third of respondents had yet to address disaster recovery and backup with their cloud service provider, and more than two in five pointed to in-house cloud skills gaps as a lingering risk factor.
Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [CIO Dive]
Over Half of Phishing Emails Now Use Obfuscation Tactics to Avoid Detection
Recent research shows that hackers are increasingly using sophisticated tactics to get their phishing emails past companies’ cyber security defences. One key finding of the report is the percentage of phishing emails that use obfuscation techniques to avoid detection jumped by 24.4% in 2023. More than half of malicious emails, or 55.2%, now use such tactics. The report found that the most widely used obfuscation technique is HTML smuggling. This is the practice of hiding malicious raw code in a seemingly legitimate HTML page; the code only turns into malware after clearing the cyber security filtering.
The use of chatbots or large language models have lowered the barrier for entry to cyber crime, making it possible to create well-written phishing campaigns and generate malware that less capable coders could not produce alone. The reports found that tools designed to detect AI-generated phishing emails work unreliability or don’t work at all in 71.4% of cases.
Source: [Silicon Angle]
Governance, Risk and Compliance
Cyber security: Still No. 1 on Every CIO's Agenda (govtech.com)
Poor cyber security habits are common among younger employees - Help Net Security
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
People Still Matter in Cyber security Management (darkreading.com)
UK businesses face tightening cyber security budgets as incidents spike | CSO Online
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot (darkreading.com)
Evolving conversations: Cyber security as a business risk - Help Net Security
Cyber security preparedness pays big dividends for businesses - Help Net Security
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
Gartner: Spending On Cyber security Services Is Outpacing Expectations In 2023 | CRN
Cyber leaders’ confidence in their organisation’s defences plummets, but costs mount | EY - Global
CISO's compass: Mastering tech, inspiring teams, and confronting risk - Help Net Security
Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024 (darkreading.com)
High-business-impact outages are incredibly expensive - Help Net Security
78% of organisations under-report cyber attacks: ISACA (securitybrief.co.nz)
Moody’s cyber survey reveals growing budgets and improved governance - Reinsurance News
How To Talk To Your Board And C-suite About Cyber Preparedness | Scoop News
Threats
Ransomware, Extortion and Destructive Attacks
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Ransomware is deployed faster as cyber criminals seek to avoid detection (betanews.com)
Microsoft: Human-operated ransomware attacks tripled over past year (therecord.media)
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Dual ransomware attacks: FBI warns of twin threat to businesses (techmonitor.ai)
Ransomware gangs destroying data, using multiple strains during attacks: FBI (therecord.media)
Why the public sector is an easy target for ransomware | TechCrunch
Banks beware: Why one ransomware victim decided to pay up | American Banker
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
Feds hopelessly behind the times on ransomware trends • The Register
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
Ransomware reinfections on the rise from improper remediation (malwarebytes.com)
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang (bleepingcomputer.com)
Ransomware gangs now exploiting critical TeamCity RCE flaw (bleepingcomputer.com)
Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV (securityaffairs.com)
Ransomware disrupts hospitality, healthcare in September | TechTarget
Ransomware Attacks: Bad for Hospitals, Deadly for Patients - Tradeoffs
Lorenz ransomware embroiled in its own two-year data leak • The Register
Ransomware Victims
LockBit crime spree includes FDF and UK law firm (techmonitor.ai)
Motel One discloses data breach following ransomware attack (bleepingcomputer.com)
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
MGM Resorts Refused to Pay Ransom in Cyber attack on Casinos - WSJ
Ransomware attack on Johnson Controls may have exposed sensitive DHS data (securityaffairs.com)
South African insurance clients hit in massive global cyber attack (mybroadband.co.za)
Sony sent data breach notifications to about 6,800 individuals (securityaffairs.com)
Phishing & Email Based Attacks
Report: Over half of phishing emails now use obfuscation tactics to avoid detection - SiliconANGLE
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Will generative AI really supercharge phishing attacks? - Tech Monitor
Other Social Engineering; Smishing, Vishing, etc
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
MGM Cyber attack Shows How Hackers Deploy Social Engineering - Bloomberg
Casino Hackers Use Low-Tech Tricks to Exploit Corporate Targets (bloomberglaw.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
USPS Anchors Snowballing Smishing Campaigns (darkreading.com)
Phishing, Smishing Surge Targets USPS - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
Bing Chat's ads unleash malware mayhem: Users lured into dangerous websites - OnMSFT.com
Protecting against FraudGPT, ChatGPT's evil twin - Help Net Security
The top AI cyber crime threats and solutions | Inquirer Technology
Kaspersky Issues Crimeware Report, Uncovers “WormGPT” | MSSP Alert
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
LLMs lower the barrier for entry into cyber crime - Help Net Security
Will generative AI really supercharge phishing attacks? - Tech Monitor
Are we doomed to make the same security mistakes with AI? (securityintelligence.com)
AI facial recognition: Campaigners and MPs call for ban - BBC News
Malware
Hackers are spreading malware through Indeed job messages | Digital Trends
Cyber criminals Using New ASMCrypt Malware Loader Flying Under the Radar (thehackernews.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
North Korea's Lazarus Group upgrades its main malware • The Register
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
Hundreds of malicious Python packages found stealing sensitive data (bleepingcomputer.com)
Mobile
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Android's October 2023 Security Updates Patch Two Exploited Vulnerabilities - Security Week
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Are executives adequately guarding their gadgets? - Help Net Security
Botnets
Denial of Service/DoS/DDOS
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Cloudflare DDoS protections ironically bypassed using Cloudflare (bleepingcomputer.com)
Royal Family's official website targeted in cyber attack | UK News | Sky News
Global events fuel DDoS attack campaigns - Help Net Security
BYOD
Bad BYOD facilitates most ransomware attacks, says Microsoft • The Register
Are executives adequately guarding their gadgets? - Help Net Security
Internet of Things – IoT
Backdoored Android phones, TVs used for ad fraud - and worse! - Help Net Security
Eyes everywhere: How to safely navigate the IoT video revolution - Help Net Security
FDA cyber mandates for medical devices goes into effect | CyberScoop
Data Breaches/Leaks
European Telecommunications Standards Institute Discloses Data Breach - Security Week
MOVEit cyber attacks: keeping tabs on the biggest data theft of 2023 - The Verge
SiegedSec Hacktivists Claim to Have Stolen 3,000 NATO Files in Second Attack | MSSP Alert
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Sony confirms data breach impacting thousands in the US (bleepingcomputer.com)
DNA testing service 23andMe investigating theft of user data | CyberScoop
Organised Crime & Criminal Actors
Odds Are 1 in 4 Americans Will Fall Victim to Online Crime (prnewswire.com)
People Still Matter in Cyber security Management (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
There's a dangerous new malware-as-a-service on the rise - here's what you need to know | TechRadar
The crypto market bears the scars of FTX's collapse | Reuters
Insider Risk and Insider Threats
Many Cyber Attacks Begin by Breaking Human Trust (govtech.com)
Tech-savvy young workers might be the biggest cyber liability to your business | TechRadar
Younger employees more likely to have unsafe cyber security habits (betanews.com)
Addressing the People Problem in Cyber security - Security Week
Fraud, Scams & Financial Crime
Online fraud can cost you more than money - Help Net Security
The crypto market bears the scars of FTX's collapse | Reuters
How to deal with your brand's doppelgangers | Kaspersky official blog
Visa Program Combats Friendly Fraud Losses For Small Businesses Globally (darkreading.com)
Impersonation Attacks
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
AML/CFT/Sanctions
Insurance
Moody’s global cyber survey finds 50% rise in cyber insurance premiums | Global Reinsurance
Insurance Companies Have a Lot to Lose in Cyber attacks (darkreading.com)
Supply Chain and Third Parties
Software Supply Chain
Software firms under cyber attack | Microscope (computerweekly.com)
Upstream Supply Chain Attacks Triple in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation (darkreading.com)
Cloud/SaaS
Threats in cloud top list of executive cyber concerns, PwC finds | CIO Dive
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud (thehackernews.com)
AWS Using MadPot Decoy System to Disrupt APTs, Botnets - Security Week
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (darkreading.com)
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing (bleepingcomputer.com)
Hybrid/Remote Working
Encryption
API
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
AI facial recognition: Campaigners and MPs call for ban - BBC News
The rise and fall of Clearview.AI and the evolution of facial recognition - SiliconANGLE
Social Media
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
Elon Musk ‘Cut Off Good Guys, Empowered Bad’: Stanford Cyber security Wonk - The Messenger
Malvertising
Training, Education and Awareness
Addressing the People Problem in Cyber security - Security Week
How to Improve Cyber security Awareness and Training (trendmicro.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Cyber experts urge EU to rethink vulnerability disclosure plans | Computer Weekly
Companies are already feeling the pressure from upcoming US SEC cyber rules | CSO Online
Blackbaud Pays $49.5M to Settle With State AGs in Breach (inforisktoday.com)
Models, Frameworks and Standards
Breaches Are the Cost of Doing Business, but NIST Is Here to Help (darkreading.com)
What is Compliance as a Service (CaaS)? - Definition from WhatIs.com (techtarget.com)
Careers, Working in Cyber and Information Security
UK government plans 2,500 new tech recruits by 2025 with focus on cyber security | CSO Online
Up to 500,000 staff required to field off growing cyber security threat to Europe | Business Post
Blue teams on the edge: cyber pros seem to hate their jobs | Cybernews
Soft skills continue to challenge the cyber security sector - Help Net Security
Law Enforcement Action and Take Downs
Prolific malware and botnet operator Qakbot still operating despite FBI takedown - SiliconANGLE
UK student found guilty of 3D printing 'kamikaze' drone • The Register
Privacy, Surveillance and Mass Monitoring
Surge in workplace monitoring prompts new ICO guidelines on employee privacy | ITPro
AI facial recognition: Campaigners and MPs call for ban - BBC News
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State, Cyber Warfare and Cyber Espionage
Espionage fuels global cyber attacks - Microsoft On the Issues
Microsoft: Nation-state cyber espionage on rise in 2023 | Computer Weekly
The sixth domain: The role of the private sector in warfare - Atlantic Council
How this unassuming cable became the world’s most powerful weapon (telegraph.co.uk)
Russia
Russian Cyber Attacks in 2023: Shifting Patterns, Goals, and Capacities
Russian Hacktivism Takes a Toll on Organisations in Ukraine, EU, US (darkreading.com)
Russia-Ukraine war: Cyber space is the latest frontline | Semafor
Flights grounded by DDoS cyber attack on Russia's airports (techmonitor.ai)
Ukrainian Man Calls Russian Tech Support to Help With Captured Tank: Report (businessinsider.com)
China
Iran
North Korea
North Korea's Lazarus Group upgrades its main malware • The Register
Crypto firms beware: Lazarus’ new malware can now bypass detection (cointelegraph.com)
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm (thehackernews.com)
North Korea goes phishing in South’s shipyards • The Register
Vulnerability Management
Vulnerabilities
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA
Exploit released for Microsoft SharePoint Server auth bypass flaw (bleepingcomputer.com)
Microsoft Edge, Teams get fixes for zero-days in open-source libraries (bleepingcomputer.com)
A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day | Ars Technica
Apple fixed the 17th zero-day flaw exploited in attacks (securityaffairs.com)
Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day - Security Week
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software (darkreading.com)
Mass exploitation attempts against WS_FTP have begun • The Register
Millions of Exim mail servers exposed to zero-day RCE attacks (bleepingcomputer.com)
Critical zero-days in Exim revealed, only 3 have been fixed - Help Net Security
Patch Confusion for Critical Exim Bug Puts Email Servers at Risk--Again (darkreading.com)
Microsoft won’t say if its products were exploited by spyware zero-days | TechCrunch
Companies Address Impact of Exploited Libwebp Vulnerability - Security Week
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211) - Help Net Security
Arm warns of Mali GPU flaws likely exploited in targeted attacks (bleepingcomputer.com)
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers (bleepingcomputer.com)
Atlassian patches critical Confluence zero-day exploited in attacks (bleepingcomputer.com)
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits | Ars Technica
Tools and Controls
Does your security program suffer from piecemeal detection and response? (securityintelligence.com)
The Silent Threat of APIs: What the New Data Reveals About Unknown Risk (darkreading.com)
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries (thehackernews.com)
5 common browser attacks and how to prevent them | TechTarget
Rationalizing Your Hybrid Cloud Security Tools (securityintelligence.com)
Protecting your IT infrastructure with Security Configuration Assessment (SCA) (thehackernews.com)
The big debate: is AI a blessing or curse for cyber security? - Raconteur
Is your threat protection giving you a false sense of cyber security? | The Independent
Quash EDR/XDR Exploits With These Countermeasures (darkreading.com)
How to Improve Cyber security Awareness and Training (trendmicro.com)
Reports Published in the Last Week
Other News
Cyber attacks on UK pension funds on the rise – study | Pensions & Investments (pionline.com)
The trust deficit in CNI: How to address a growing concern | Computer Weekly
10 Emerging Cyber security Threats And Hacker Tactics In 2023 | CRN
Lyca Mobile UK Confirm Cyber Attack Responsible for Disruption - ISPreview UK
Global internet freedoms fell again last year as the threat of AI looms (therecord.media)
How Private Equity Firms Can Protect ‘Treasure Trove’ from Digital Threats (ai-cio.com)
10 Routine Security Gaffes the Feds Are Begging You to Fix (darkreading.com)
NSA: Here Are the Dumbest Cyber security Mistakes We See at Large Organisations (pcmag.com)
Edinburgh Trams websites targeted by 'potential cyber attack' - Edinburgh Live
Making Sense of Today's Payment Cyber security Landscape (darkreading.com)
GAO tears into State Department's cyber security management • The Register
First pan-European cyber analysis centre opens (airportsinternational.com)
Mobile customers unable to make or receive calls after firm hit by cyber attack - Mirror Online
Malicious HDMI Cables Steals Photos, Videos, and Location Data (gbhackers.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 September 2023
Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:
-Ransomware Groups Are Shifting Their Focus Away From Larger Targets
-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
-Attacks on SME’s Surged in The First Half of 2023
-The CISO Carousel and Its Effect on Enterprise Cyber Security
-Bermuda Struggles to Recover from Ransomware Attack
-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations
-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
-Boards Still Lack Cyber Security Expertise
-4 Legal Surprises You May Encounter After a Cyber Security Incident
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Groups Are Shifting Their Focus Away from Larger Targets
Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.
Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.
Sources: [Techcentral] [Helpnet Security]
Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.
The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.
Sources: [Computer Weekly] [InfoSecurity Magazine]
Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.
Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.
Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]
Attacks on SME’s Surged in The First Half of 2023
According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.
An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices. Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.
Sources: [Inquirer] [HelpNet Security] [Insurance Times]
The CISO Carousel and Its Effect on Enterprise Cyber Security
The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.
In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.
Source: [Security Week]
Bermuda Struggles to Recover from Ransomware Attack
The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.
The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.
Sources: [Duo] [GovInfo Security] [Bleeping Computer]
Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.
Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.
Source: [Reinsurance News]
Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations
According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.
Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]
Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.
With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.
Sources: [BleepingComputer] [Inforsecurity Magazine]
Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.
AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.
Source: [Management Issues]
Boards Still Lack Cyber Security Expertise
A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]
4 Legal Surprises You May Encounter After a Cyber Security Incident
In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.
Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Governance, Risk and Compliance
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times
Business leaders most anxious about ransomware attacks (techinformed.com)
Cyber security incident response: Your company's ICU (channelweb.co.uk)
Cover-ups still the norm in the wake of a cyber incident | Computer Weekly
Many firms aren't reporting breaches to the proper authorities | TechRadar
Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)
CISOs are struggling to get cyber security budgets: Report | CSO Online
CISOs are spending more on cyber security - but it might not be enough | TechRadar
Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week
Financial crime compliance costs exceed $206 billion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware soars as enterprises struggle to respond - Verdict
Ransomware groups are shifting their focus away from larger targets - Help Net Security
Business leaders most anxious about ransomware attacks (techinformed.com)
Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert
ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
Youth hacking ring at the center of cyber crime spree | CyberScoop
Current ransomware defencs efforts are not working - Help Net Security
VMware users anxious about costs and ransomware threats - Help Net Security
MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)
Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)
Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times
Ransomware Victims
Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)
Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Youth hacking ring at the center of cyber crime spree | CyberScoop
MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com
UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)
Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)
Phishing & Email Based Attacks
This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar
New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)
BEC – Business Email Compromise
Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)
BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Google is working to keep Bard chats out of Search • The Register
New working group to probe AI risks and applications | CyberScoop
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
How should organisations navigate the risks and opportunities of AI? - Help Net Security
Malware
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
A powerful new malware backdoor is targeting governments across the world | TechRadar
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Mobile
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Botnets
Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Denial of Service/DoS/DDOS
Internet of Things – IoT
If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Data Breaches/Leaks
UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine
Reported cyber security breaches increase threefold for financial services firms (cityam.com)
British charities warn supporters their personal data has been breached • Graham Cluley
Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)
National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)
BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)
Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online
Organised Crime & Criminal Actors
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)
Insider Risk and Insider Threats
75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
Fraud, Scams & Financial Crime
Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)
Beware: fraud and smishing scams targeting students | Bournemouth University
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Fraud prevention forces scammers to up their game - Help Net Security
Why young people are more prone to online scams than boomers are (news5cleveland.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher warns of chilling effect after feds search phone at airport | TechCrunch
AML/CFT/Sanctions
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Financial crime compliance costs exceed $206 billion - Help Net Security
Insurance
Dark Web
Supply Chain and Third Parties
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
3 phases of the third-party risk management lifecycle | TechTarget
Cloud/SaaS
Containers
Encryption
The UK just passed an online safety law that could make people less safe (theconversation.com)
Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt
Open Source
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)
Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)
Biometrics
Social Media
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
X scraps tool to report electoral fake news - researchers - BBC News
Malvertising
Training, Education and Awareness
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
The UK just passed an online safety law that could make people less safe (theconversation.com)
Are we about to lose the last pillar of our digital security? | Euronews
New working group to probe AI risks and applications | CyberScoop
Why California's Delete Act matters for the whole country - Help Net Security
Financial crime compliance costs exceed $206 billion - Help Net Security
Models, Frameworks and Standards
Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)
Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week
Careers, Working in Cyber and Information Security
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Demand for cyber security staff trebled since 2019 | Business Post
Cyber security and staffing issues key risks for companies | Accountancy Daily
Cyber security skills employers are desperate to find in 2023 - Help Net Security
Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)
Russian hacking operations target Ukrainian law enforcement | CyberScoop
Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)
Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)
Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News
Examining the Activities of the Turla APT Group (trendmicro.com)
Scottish Tory MSP has website hacked by 'hostile Russian group' | The National
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times
China
Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week
China’s national security minister lists top digital threats • The Register
Misc Nation State/Cyber Warfare
Vulnerability Management
Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)
Vulnerabilities
Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)
Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week
Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica
Firefox 118 Patches High-Severity Vulnerabilities - Security Week
Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Tools and Controls
Cyber security incident response: Your company's ICU (channelweb.co.uk)
CISOs are spending more on cyber security - but it might not be enough | TechRadar
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld
What Is a Network Security Assessment and Why You Need It | MSSP Alert
Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)
The pitfalls of neglecting security ownership at the design stage - Help Net Security
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek
Cyber security budgets show moderate growth - Help Net Security
Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra
Other News
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET
Why aviation needs to prioritise cyber security – Airport World (airport-world.com)
Are Fire Departments Prepared for a Cyber Attack? | HackerNoon
Fintechs must brace for rising cyber security challenges | Mint (livemint.com)
Space Force chief says commercial satellites may need defending | Ars Technica
UK Cyber Security Council CEO reflects on a year of progress | CSO Online
Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)
Cyber Hygiene: A First Line of Against Evolving Cyber Attacks (darkreading.com)
Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)
KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)
US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 22 September 2023
Black Arrow Cyber Threat Intelligence Briefing 22 September 2023:
-New Ransomware Victims Surge by 47% as Small Businesses Targeted
-MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
-SMEs Overestimate Their Cyber Security Preparedness
-China’s Hacking Power Bigger Than Rest of World Combined
-Cyber Insurance Claims for Ransomware Reach Record High
-Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
-Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
-Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
-Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
-Half of Executives Expect Supply Chain Challenges
-How Social Engineering Takes Advantage of Your Kindness
-Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
New Ransomware Victims Surge by 47% as Small Businesses Targeted
Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.
Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.
Source [Infosecurity Magazine]
MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards
The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.
The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens.
Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]
SMEs Overestimate Their Cyber Security Preparedness
According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.
The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Sources: [Helpnet Security] [Security Magazine]
China’s Hacking Power Bigger Than Rest of World Combined
In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.
This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.
Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]
Cyber Insurance Claims for Ransomware Reach Record High
A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.
The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.
Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]
Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives
Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).
C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.
This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.
Sources: [MSSP Alert] [Tech Radar]
Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats
Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.
One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.
Source: [Synack]
Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company
A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.
The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?
Sources [PC Mag]
Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them
With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.
The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.
Sources: [Computer Weekly] [CSO Online]
Half of Executives Expect Supply Chain Challenges
With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.
One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.
Sources [PRnewswire] [SiliconANGLE]
How Social Engineering Takes Advantage of Your Kindness
Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.
Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.
Source: [Engadget]
Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually
A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.
Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.
Source: [Information Security Buzz]
Governance, Risk and Compliance
Cyber security still remains the greatest concern for many executives | TechRadar
Cyber attacks are constant and test even the best | Newsroom
Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)
SMEs overestimate their cyber security preparedness - Help Net Security
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Organisations failing to proactively address insider cyber risk | Computer Weekly
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert
Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)
How to Get Your Board on Board With Cyber security (darkreading.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Poor digital experience a blocker for cyber resilience | Computer Weekly
What is Governance, Risk and Compliance (GRC)? | TechTarget Definition
How to prevent and prepare for a cyber catastrophe (securityintelligence.com)
2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)
Why more security doesn’t mean more effective compliance - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com
Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)
‘Top’ ransomware gangs favour smaller businesses | Computer Weekly
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Ransomware group's evolving tactics pose growing threat - Nextgov/FCW
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian
NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)
Scattered Spider, Alphv, and the MGM hack, explained - The Hustle
Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)
What is Extortionware? How is it Different from Ransomware? (techtarget.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Cyber insurance claims for ransomware reach record high (betanews.com)
Ransomware gang targeting defence firms, FBI warns - Defence One
Scattered Spider snares 100+ victims, moves into ransomware • The Register
BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)
FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)
Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week
Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)
Ransomware vs. resources: A higher education dilemma - eCampus News
Ransomware Victims
Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k
Clorox products in short supply after cyber attack disrupts operations | CNN Business
Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel
UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)
UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)
Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)
Major trucking software provider confirms ransomware incident (therecord.media)
Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)
Phishing & Email Based Attacks
HR phishing: self-evaluation questionnaire | Kaspersky official blog
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)
How social engineering takes advantage of your kindness (engadget.com)
Artificial Intelligence
Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag
NSA Report: Deepfakes Threaten National Security | MSSP Alert
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)
Companies still don’t know how to handle generative AI risks - Help Net Security
85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)
McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)
Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)
2FA/MFA
Malware
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog
macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)
Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Mobile
Dangerous permissions detected in top Android health apps (securityaffairs.com)
Android security updates: Everything you need to know | Android Central
Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Botnets
Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)
P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)
No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)
Data Breaches/Leaks
Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)
Police data breach: 20,000 data points 'at risk' (computing.co.uk)
CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)
Pizza Hut Australia hack: data breach exposes customer information and order details | Australia
Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)
T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK
TransUnion says dump of customer data came from third party • The Register
US govt IT worker accused of leaking top secrets • The Register
Organised Crime & Criminal Actors
Europol lifts the lid on cyber crime tactics (malwarebytes.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
India's biggest tech centres named as cyber crime hotspots • The Register
Scattered Spider snares 100+ victims, moves into ransomware • The Register
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Insider Risk and Insider Threats
Organisations failing to proactively address insider cyber risk | Computer Weekly
HR’s role in cyber security and insider threat mitigation - Hindustan Times
Fraud, Scams & Financial Crime
Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News
How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto
Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)
Court sentences pair for India-based robocall scam • The Register
Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK
Singapore to detail fraud liability split for bank & victim • The Register
Deepfakes
Insurance
Cyber insurance claims for ransomware reach record high (betanews.com)
US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online
Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)
Ransomware cyber insurance claims rose by 27% | Security Magazine
Dark Web
Supply Chain and Third Parties
Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)
Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)
Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
Software Supply Chain
Cloud/SaaS
Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)
IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World
Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)
Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
EU's quest to fix the internet could become a privacy nightmare | TechRadar
UK Minister Warns Meta Over End-to-End Encryption - Security Week
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)
Open Source
Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)
Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)
Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)
Social Media
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)
APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)
Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)
UK Minister Warns Meta Over End-to-End Encryption - Security Week
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)
Malvertising
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK Minister Warns Meta Over End-to-End Encryption - Security Week
EU's quest to fix the internet could become a privacy nightmare | TechRadar
TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week
MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Models, Frameworks and Standards
How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
Data Protection
Careers, Working in Cyber and Information Security
Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)
83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)
IT pros told to accept burnout as normal part of their job - Help Net Security
Wanted: another 3mn cyber professionals | Financial Times (ft.com)
Law Enforcement Action and Take Downs
How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)
Court sentences pair for India-based robocall scam • The Register
Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
California Settles With Google Over Location Privacy Practices for $93 Million - Security Week
TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent
EU's quest to fix the internet could become a privacy nightmare | TechRadar
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
International Criminal Court hacked amid Russia probe • The Register
Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
One of the FBI’s most wanted hackers is trolling the US government | TechCrunch
Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)
Russian allegedly smuggled US weapons electronics to Moscow • The Register
China
China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)
FBI chief says China has bigger hacking program than the competition combined | Reuters
EU warns China on Ukraine disinformation and cyber attacks – POLITICO
Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED
Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica
Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)
Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)
A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar
Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)
Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)
How cyber attacks on Taiwan are hurting global business - Raconteur
DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)
Iran
Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)
Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)
North Korea
Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)
How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)
Misc Nation State/Cyber Warfare
Vulnerability Management
KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned | CISA
Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)
How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)
Vulnerabilities
Fortinet Releases Security Updates for Multiple Products | CISA
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security
iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac
If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar
GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)
Microsoft releases firmware update for all Surface devices | TechSpot
Tools and Controls
Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)
Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)
Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)
Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)
Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security
Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)
Shadow IT: Security policies may be a problem - Help Net Security
Balancing budget and system security: Approaches to risk tolerance - Help Net Security
How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)
How Choosing Authentication Is a Business-Critical Decision (darkreading.com)
Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)
Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE
Reports Published in the Last Week
Other News
Why automakers are worried your car is the next target for cyber attacks - CityAM
Consumers are being bombarded with billions of threats every year | TechRadar
Bad torts: Law firms feel the heat from rising cyber threats (synack.com)
SME Cyber Security – Time for a New Approach? - IT Security Guru
Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)
Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online
Home Office sets up cyber security for Emergency Services Network | UKAuthority
Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)
Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)
Cyber on the battlefield is about more than IT - Nextgov/FCW
Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week
Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week
Singapore's retail banks take steps to enhance cyber security (finextra.com)
Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)
Strong compliance management is crucial for fintech-bank partnerships - Help Net Security
Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)
Dairy industry teams with cyber security group to beef up defences | Food Dive
Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)
GCHQ chief takes job in private security company | The Independent
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.