Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 08 March 2024
Black Arrow Cyber Threat Intelligence Briefing 08 March 2024:
-FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransomw Demand Reaching $600k
-Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
-Employment Law Firm Sues IT Company Over Ransomware Attack
-Stolen Passwords are a Hacker Goldmine
-Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
-Business Leaders Don’t Even Know They’ve Been Hacked
-Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
-Security Risks Plague SMEs in Shift to Remote Working
-After Collecting $22 Million, Ransomware Group Stages FBI Takedown
-Cyber Attacks Remain Chief Concern for Businesses
-Two New Ransomware Groups Join Forces to Launch Joint Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k
An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.
Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]
Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses
In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.
Source: [ITPro]
Employment Law Firm Sues IT Company Over Ransomware Attack
A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.
Source: [Law360]
Stolen Passwords are a Hacker Goldmine
Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.
Sources: [Bleeping Computer] [Axios]
Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success
Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.
Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.
Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]
Business Leaders Don’t Even Know They’ve Been Hacked
A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.
Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.
Source: [Tech.Co]
Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms
According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.
Sources: [TechRadar] [Comms Business]
C-Suite Executives: An Attacker’s Dream?
Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.
Source: [SecurityBrief New Zealand]
Security Risks Plague SMEs in Shift to Remote Working
In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.
Source: [SecurityBrief New Zealand]
After Collecting $22 Million, Ransomware Group Stages FBI Takedown
The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.
Source: [Ars Technica]
Cyber Attacks Remain Chief Concern for Businesses
A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.
Source: [TheHRDirector]
Two New Ransomware Groups Join Forces to Launch Joint Attacks
Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.
Source: [The Hacker News]
Governance, Risk and Compliance
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)
What Cyber Security Chiefs Need From Their CEOs (darkreading.com)
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)
Are C-suite executives cyber security's weakest link? (securitybrief.co.nz
30 years of the CISO role – how things have changed since Steve Katz | CSO Online
How to create an efficient governance control program - Help Net Security
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Research finds that cyber security leaders are taking on multiple roles | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard
What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)
Banning ransomware payments back on the agenda | Computer Weekly
BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register
US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)
Experts echo calls for ransomware ban as LockBit rallies • The Register
Government urged to ban ransom payments to cyber criminals (computing.co.uk)
Ransomware spikes against critical infrastructure, says FBI • The Register
Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security
Government was third-largest ransomware target last year: FBI - Defense One
JetBrains TeamCity under attack by ransomware thugs • The Register
Ransomware Victims
A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica
Change Healthcare hack cripples payment systems across health providers - The Washington Post
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED
Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)
Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine
Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)
Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week
Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)
Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times
Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Possible China link to Change Healthcare ransomware attack • The Register
Action needed to avoid repeat of Southern Water cyber attack - Utility Week
Phishing & Email Based Attacks
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
How attackers leverage social engineering for greater scamming success | CSO Online
Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week
Annual State of Email Security by the Numbers - Security Boulevard
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Other Social Engineering
How attackers leverage social engineering for greater scamming success | CSO Online
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)
Artificial Intelligence
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
AI tools put companies at risk of data exfiltration - Help Net Security
Don't Give Your Business Data to AI Companies (darkreading.com)
Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch
AI worm that infects computers and reads emails created by researchers | The Independent
95% believe LLMs making phishing detection more challenging - Help Net Security
Immediate AI risks and tomorrow's dangers - Help Net Security
Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)
2FA/MFA
Malware
No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)
Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)
New Linux malware found targeting mobile networks across the world | TechRadar
ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)
Malware is coming for your ChatGPT credentials • The Register
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
AI worm that infects computers and reads emails created by researchers | The Independent
New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Mobile
Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)
Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update
Apple warns of increased iPhone security risks | Computerworld
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog
The Importance of Cyber security for Your Smart Devices | HackerNoon
Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)
Popular doorbell camera brands contain security flaws, making them easy to hack: Report | The Hill
NCSC flags up cyber security for connected places | UKAuthority
The Importance of Cyber Security for Your Smart Devices | HackerNoon
Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)
Data Breaches/Leaks
The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)
A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Fidelity Investments Notifying 28,000 People of Data Breach - Security Week
AI tools put companies at risk of data exfiltration - Help Net Security
4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)
Organised Crime & Criminal Actors
FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
$12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)
Crypto fraud in 2023: How can security teams fight (securityintelligence.com)
Insider Risk and Insider Threats
Comms Business - Insider threat main concern among mid-market firms
Current workforce trends feed into rising cyber security risks | TechRadar
Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)
Supply Chain and Third Parties
Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360
Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro
First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)
American Express credit cards exposed in third-party data breach (bleepingcomputer.com)
Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)
Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Cloud/SaaS
10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)
Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)
Identity and Access Management
Encryption
Linux and Open Source
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week
Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)
Malware is coming for your ChatGPT credentials • The Register
Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)
Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)
US State AGs tell Meta to fix rampant account takeovers • The Register
Social Media
Google and Meta users see their 2FA security codes leaked online - Root-Nation.com
“Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert
Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)
Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)
Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED
US State AGs tell Meta to fix rampant account takeovers • The Register
Training, Education and Awareness
Regulations, Fines and Legislation
EU council welcomes cyber solidarity act agreement (verdict.co.uk)
The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)
Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard
Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security
Models, Frameworks and Standards
NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)
NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com
Data Protection
Careers, Working in Cyber and Information Security
11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)
Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)
Law Enforcement Action and Take Downs
Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)
A cyber criminal is sentenced, will it make a difference? - Help Net Security
Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru
We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters
Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)
Possible China link to Change Healthcare ransomware attack • The Register
A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)
Russia
The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)
A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)
Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg
Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian
Valuable Russian Military Documents Exposed: Report (newsweek.com)
Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard
North Korea
Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)
Open source vulnerabilities dominated 2023, and this year looks no different | ITPro
Organisations are knowingly releasing vulnerable applications - Help Net Security
Enhancing security through proactive patch management - Help Net Security
Vulnerabilities
Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)
ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)
North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)
North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)
VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard
Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week
Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)
Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)
Android's March 2024 Update Patches Critical Vulnerabilities - Security Week
CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week
Tools and Controls
Why cyber maturity assessment should become standard practice - Help Net Security
1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)
The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)
The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly
What Is A Cyber Incident Response Policy? - Security Boulevard
Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)
Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)
Resilience is built on a solid framework | Professional Security
Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)
The critical role of DNS in cyber security and digital thriving | TechRadar
What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard
How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 January 2024
Black Arrow Cyber Threat Intelligence Briefing 19 January 2024:
-World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
-Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
-Researcher Uncovers One of The Biggest Password Dumps in Recent History
-Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
-75% of Organisations Hit by Ransomware in 2023
-The Dangers of Quadruple Blow Ransomware Attacks
-Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
-It’s a New Year and a Good Time for a Cyber Security Checkup
-Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
-Cyber Threats Top Global Business Risk Concern for 2024
-Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
-With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
-Digital Resilience – a Step Up from Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape
The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.
The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.
Sources: [ITPro] [The Debrief]
Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge
The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.
However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.
Sources: [ITPro] [Law Society] [Security Brief] [Financial Times] [Infosecurity Magazine]
Researcher Uncovers One of The Biggest Password Dumps in Recent History
Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.
Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.
Source: [Ars Technica]
Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023
Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.
Source: [Infosecurity Magazine]
75% of Organisations Hit by Ransomware in 2023
A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.
Source: [Infosecurity Magazine]
The Dangers of Quadruple Blow Ransomware Attacks
With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.
This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.
Source: [TechRadar]
Human Error and Insiders Expose Millions in UK Law Firm Data Breaches
UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.
Source: [Infosecurity Magazine]
It’s a New Year and a Good Time for a Cyber Security Checkup
2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.
Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.
Source: [JDSupra]
Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster
Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.
In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.
Source: [The Hacker News]
Cyber Threats Top Global Business Risk Concern for 2024
Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.
Source: [Insurance Journal]
Generative AI has CEOs Worried About Cyber Security, PwC Survey Says
A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company. When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.
Source: [Quartz]
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too
As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.
Source: [Dark Reading]
Digital Resilience: a Step Up from Cyber Security
In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.
Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Sources: [CSO Online] [Financial Times]
Governance, Risk and Compliance
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Improving Supply Chain Security, Resiliency (informationweek.com)
Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
How to Recover After Failing a Cyber Security Audit - Security Boulevard
Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Security considerations during layoffs: Advice from an MSSP - Help Net Security
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
How to improve cyber resilience across your workforce (ft.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)
3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)
Ransomware causes mental, physical trauma to security pros • The Register
The dangers of quadruple blow ransomware attacks | TechRadar
Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert
Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security
TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)
Ransomware negotiation: When cyber security meets crisis management - Help Net Security
Ransomware Victims
Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
British Library to share learning from cyber attack - Museums Association
British Library starts restoring services online after hack - BBC News
British cosmetics firm Lush confirms cyber attack (therecord.media)
Delay to Manx Care dental services after cyber attack - BBC News
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)
A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar
Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)
Phishing & Email Based Attacks
Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar
US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard
Artificial Intelligence
AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)
How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)
Adversaries exploit trends, target popular GenAI apps - Help Net Security
The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)
Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
2FA/MFA
Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Malware
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)
Data-theft malware exploits Windows Defender SmartScreen • The Register
MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
5 malware mistakes most people make while traveling and trying to charge (nypost.com)
Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)
Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar
JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)
Modernising print security for today’s working world | TechRadar
Securing Public Sector Against IoT Malware in 2024 - Security Boulevard
Data Breaches/Leaks
Insufficient cyber security caused PSNI data breach (iapp.org)
Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360
Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times
Organised Crime & Criminal Actors
Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar
Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)
GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)
Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard
Illegal online casinos spread crypto-crime across Asia • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)
Illegal online casinos spread crypto-crime across Asia • The Register
Insider Risk and Insider Threats
Insurance
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)
Supply Chain and Third Parties
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)
Improving Supply Chain Security, Resiliency (informationweek.com)
Cloud/SaaS
Insurance website's buggy API leaked Office 365 password • The Register
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
3 ways to combat rising OAuth SaaS attacks - Help Net Security
FBI: Beware of cloud-credential thieves building botnets • The Register
Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)
Identity and Access Management
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Researcher uncovers one of the biggest password dumps in recent history | Ars Technica
Insurance website's buggy API leaked Office 365 password • The Register
FBI: Beware of cloud-credential thieves building botnets • The Register
Social Media
Malvertising
Training, Education and Awareness
The right strategy for effective cyber security awareness - Help Net Security
Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard
How to improve cyber resilience across your workforce (ft.com)
Regulations, Fines and Legislation
As hacks worsen, SEC turns up the heat on CISOs | TechCrunch
IT consultant in Germany fined for exposing shoddy security • The Register
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK
Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard
Home improvement marketers dial up trouble from regulator • The Register
Models, Frameworks and Standards
10 cyber security frameworks you need to know about - Help Net Security
NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST
Backup and Recovery
Data Protection
Over 90 percent of organisations set to increase data protection spending (betanews.com)
Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register
Careers, Working in Cyber and Information Security
Ransomware causes mental, physical trauma to security pros • The Register
Protecting the protectors: combating stress in the cyber security industry | The Independent
Best practices to mitigate alert fatigue - Help Net Security
Universities not delivering the right skills for cyber security (betanews.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro
Geopolitical tensions combined with technology will drive new security risks - Help Net Security
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
Nation State Actors
China
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)
Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)
Russia
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)
Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)
Russia finds way around sanctions on battlefield tech: report – POLITICO
Moscow imports a third of battlefield tech from western companies (ft.com)
Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop
Iran
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
CISA: Critical SharePoint vuln is under active exploitation • The Register
Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)
Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)
Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)
VMware Urges Customers to Patch Critical Aria Automation Vulnerability - SecurityWeek
Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)
Two more Citrix NetScaler bugs exploited in the wild • The Register
Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)
End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)
Windows 10 security update requires some major changes - experts only need apply | TechRadar
GitLab Patches Critical Password Reset Vulnerability - SecurityWeek
Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)
Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek
Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)
Tools and Controls
Akira ransomware attackers are wiping NAS and tape backups - Help Net Security
Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News
Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider
How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)
With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)
Digital resilience – a step up from cyber security | CSO Online
If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online
Key elements for a successful cyber risk management strategy - Help Net Security
Preventing insider access from leaking to malicious actors - Help Net Security
Over 90 percent of organisations set to increase data protection spending (betanews.com)
As Enterprise Cloud Grows, So Do Challenges (darkreading.com)
Best practices to mitigate alert fatigue - Help Net Security
Modernising print security for today’s working world | TechRadar
MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)
Cyber incident response impaired by stress | SC Media (scmagazine.com)
Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)
Digital nomads amplify identity fraud risks - Help Net Security
Out with the old and in with the improved: MFA needs a revamp - Help Net Security
The right strategy for effective cyber security awareness - Help Net Security
SOC-as-a-Service: The Five Must-Have Features - Security Boulevard
Other News
What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)
How news organisations became a prime target for cyber attacks (pressgazette.co.uk)
UK doubles spending on overseas cyber security projects (ft.com)
Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 December 2023
Black Arrow Cyber Threat Intelligence Briefing 29 December 2023:
-UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
-Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
-The Most Popular Passwords of 2023 are Easy to Guess and Crack
-Dangerous Malware Pretends to be Some of Your Most Used Business Software
-MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
-Ransomware Leak Site Victims Reached Record-High in November
-MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
-Europol Warns 443 Online Shops Infected with Credit Card Stealers
-Physical Access Systems Open Door to IT Networks
-Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
-Daily Malicious Files Rise to 411,000 a day in 2023
-Android Malware Actively Infecting Devices to Take Full Control
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions
The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.
The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.
Source: [iNews]
Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance
Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.
Sources: [The Record] [Security Affairs]
The Most Popular Passwords of 2023 are Easy to Guess and Crack
NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.
Source: [gHacks]
Dangerous Malware Pretends to be Some of Your Most Used Business Software
Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.
Source: [TechRadar]
MFA Helps You Stay Resilient, But Nothing is a Silver Bullet
Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.
Source: [Help Net Security]
Ransomware Leak Site Victims Reached Record-High in November
Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.
Source: [Infosecurity Magazine]
MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023
2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.
Source: [TechCrunch]
Europol Warns 443 Online Shops Infected with Credit Card Stealers
Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.
Source: [Bleeping Computer]
Physical Access Systems Open Door to IT Networks
Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.
Source: [Dark Reading]
Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks
Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.
Source: [Pymnts]
Daily Malicious Files Rise to 411,000 a day in 2023
Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.
Source: [Infosecurity Magazine]
Android Malware Actively Infecting Devices to Take Full Control
Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.
Source: [GBhackers]
Threats
Ransomware, Extortion and Destructive Attacks
Rethinking data security in the age of ransomware and AI - SiliconANGLE
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Do the casino ransomware attacks make the case to pay? • The Register
Windows CLFS and five exploits used by ransomware operators | Securelist
Cyber crime experts reveal how to infiltrate ransomware gangs • The Register
How ransomware operators try to stay under the radar | Malwarebytes
How many times are you going to think about ransomware in 2024? (betanews.com)
Ransomware Victims
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)
Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)
Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week
Indian IT services giant HCL Technologies hit by ransomware | TechRadar
LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops
Artificial Intelligence
Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Rethinking data security in the age of ransomware and AI - SiliconANGLE
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)
The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week
Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)
2FA/MFA
Malware
Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)
This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)
Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)
Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)
How the new Instegogram threat creates liability for organisations | CSO Online
Mobile
TikTok makes users give iPhone passwords, reasons unclear (nypost.com)
Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)
Chameleon Android Malware Can Bypass Biometric Security - Security Week
SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Essential DDoS statistics for understanding attack impact - Help Net Security
How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)
In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)
Internet of Things – IoT
Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch
Physical Access Systems Open Door to IT Networks (darkreading.com)
Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru
Data Breaches/Leaks
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)
Real estate agency exposes details of 690k customers (securityaffairs.com)
Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx
Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)
Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)
Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week
Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)
Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian
Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)
CBS, Paramount owner National Amusements says it was hacked | TechCrunch
Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)
Customers warned after major car dealership group Eagers Automotive hacked | The West Australian
Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times
Organised Crime & Criminal Actors
Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon
3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)
Supply Chain and Third Parties
Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)
MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch
Cloud/SaaS
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Data security and cost are key cloud adoption challenges for financial industry - Help Net Security
The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)
Encryption
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Linux and Open Source
Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News
Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week
Social Media
Regulations, Fines and Legislation
Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)
Why data, AI, and regulations top the threat list for 2024 - Help Net Security
Europe classifies three adult sites as worthy of its toughest internet regulations • The Register
5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)
EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)
Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)
How leaders can look after information security professionals | ITPro
Building Mental Resilience: A CISO's Journey - GovInfoSecurity
What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Nation State Actors
China
Russia
Ukrainian remote workers targeted in new espionage campaign (therecord.media)
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)
Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)
Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)
Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)
Iran
Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)
Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
North Korea
Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)
Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar
Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week
Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)
Windows CLFS and five exploits used by ransomware operators | Securelist
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)
Tools and Controls
Physical Access Systems Open Door to IT Networks (darkreading.com)
Even cyber security pros don't fully trust AI just yet | TechRadar
GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)
Verification roadblocks cause frustration for digital nomads - Help Net Security
Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)
API security in 2024: Predictions and trends - Help Net Security
Other News
5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)
Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra
All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)
New insights into the global industrial cyber security landscape - Help Net Security
NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)
Unveiling the true cost of healthcare cyber security incidents - Help Net Security
Hackers see wealth of information to steal in kids' school records (cnbc.com)
A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes
How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)
Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 24 November 2023
Black Arrow Cyber Threat Intelligence Briefing 24 November 2023:
-The Human Element- Cyber Security’s Great Challenge
-Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
-Despite Increasing Ransomware Attacks, Some Companies in Denial
-A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
-The True Cost of a Ransomware Attack
-Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
-Cyber Security Investment Involves More Than Just Technology
-Questions Leaders Must Ask Themselves on Security Culture
-There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
-Cyber Attack on British Library Highlights Lack of UK Resilience
-Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
-The Cyber Security Lawsuit Boards are Talking About
-UK and Republic of Korea Issue Warning About North Korea State-Linked Cyber Actors Attacking Software Supply Chains
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
The Human Element- Cyber Security’s Great Challenge
According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.
Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.
Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.
Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]
Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows
Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.
The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.
Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.
Sources [Computer Weekly] [Beta News] [Beta News]
Despite Increasing Ransomware Attacks, Some Companies are in Denial
A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.
Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.
In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.
Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]
A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People
It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.
In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.
Sources: [The Register] [Computer Weekly]
The True Cost of a Ransomware Attack
While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.
For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [ITPro]
Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk
A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.
The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.
Source: [TechXplore]
Cyber Security Investment Involves More Than Just Technology
C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.
Source: [Dark Reading]
Questions Leaders Must Ask Themselves on Security Culture
In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.
Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.
Source: [AT&T]
There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime
The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.
Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.
Sources: [The Currency]
Cyber Attack on British Library Highlights Lack of UK Resilience
A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).
The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.
Source: [FT]
Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements
The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.
With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.
Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.
Sources: [Help Net Security] [Help Net Security]
The Cyber Security Lawsuit Boards are Talking About
For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.
Source: [The New York Times]
Top Cyber Stories of the Last Week
Governance, Risk and Compliance
Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget
Companies step up investment in ransomware protection (betanews.com)
CISOs can marry security and business success - Help Net Security
7 must-ask questions for leaders on security culture (att.com)
The human element -- cyber security's greatest challenge (betanews.com)
Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Cyber security Investment Involves More Than Just Technology (darkreading.com)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
Only 9% of IT budgets are dedicated to security - Help Net Security
Why transparency and accountability are important in cyber security | Computer Weekly
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Internal audit leaders are wary of key tech investments - Help Net Security
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
Stressed staff put enterprises at risk of cyber attack (betanews.com)
Threats
Ransomware, Extortion and Destructive Attacks
2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)
More than money: The true cost of a ransomware attack | ITPro
Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert
Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Companies step up investment in ransomware protection (betanews.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)
The shifting sands of the war against cyber extortion - Help Net Security
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Ransomware groups rack up victims among corporate America | CyberScoop
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio
UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology
Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)
Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)
4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)
Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal
Ransomware Victims
Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor
British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International
London & Zurich ransomware attack causes customer chaos • The Register
CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek
Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)
Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar
Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)
St Helens Council suspected cyber attack caused significant disruption - BBC News
Western Isles Council backup systems 'inaccessible' following cyber attack | STV News
Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)
BlackCat claims attack on Fidelity National Financial • The Register
Phishing & Email Based Attacks
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon
Artificial Intelligence
Cyber threats reached a new high this year, with AI playing a major role | TechRadar
How to combat AI-produced phishing attacks | SC Media (scmagazine.com)
IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)
Smaller businesses embrace GenAI, overlook security measures - Help Net Security
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
OII | Large Language Models pose risk to science with false answers, says Oxford study
Malware
5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)
Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE
Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly
Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar
Mirai malware infects routers and cameras for new botnet • The Register
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)
Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)
Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)
How Ducktail steals Facebook accounts | Kaspersky official blog
Cyber criminals turn to ready-made bots for quick attacks - Help Net Security
3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)
New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)
Mobile
FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek
Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog
Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
4 data loss examples keeping backup admins up at night | TechTarget
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)
US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)
Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)
Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)
Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)
Sumo Logic says customer data untouched during breach • The Register
Organised Crime & Criminal Actors
Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Supply Chain and Third Parties
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)
Cloud/SaaS
Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)
Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)
Encryption
Passwords, Credential Stuffing & Brute Force Attacks
Your password hygiene remains atrocious, says NordPass • The Register
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Social Media
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)
The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)
SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com
Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek
UK watchdog threatens enforcement action over ad cookies • The Register
Models, Frameworks and Standards
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek
Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)
US cyber cops trace and return nearly $9M stolen by scammers • The Register
Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime
Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Why cyber war readiness is critical for democracies - Help Net Security
Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)
Nation State Actors
China
Russia
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica
Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)
Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)
Iran
Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg
Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online
North Korea
Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)
Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Vulnerabilities
MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register
Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg
Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)
Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)
Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security
Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek
A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)
Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)
Tools and Controls
Only 9% of IT budgets are dedicated to security - Help Net Security
MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)
Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)
Companies step up investment in ransomware protection (betanews.com)
DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT
The 7 Deadly Sins of Security Awareness Training (darkreading.com)
Identity And Access Management: 18 Important Trends And Considerations
The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)
MFA under fire, attackers undermine trust in security measures - Help Net Security
AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)
Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News
Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)
Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)
6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)
The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)
Other News
Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)
Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)
UK proposes 'super-complaints' to help keep internet safe • The Register
Consumers plan to be more consistent with their security in 2024 - Help Net Security
Security trends public sector leaders are watching | CyberScoop
Even gas pumps aren't safe from cyber attacks at the moment | TechRadar
Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider
The US government wants to offer better cyber security to major infrastructure firms | TechRadar
The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar
Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)
Shields Ready: Critical Infrastructure Security and Resilience
Crimeware and financial cyberthreat predictions for 2024 | Securelist
Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters
Read again: Decoding cyber security, safeguarding educational institutions | Edexec
What direction for the EU Cyber security Competence Centre? – EURACTIV.com
Unveiling the Most Common Cyber Threats in Retail – International Supermarket News
Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 15 September 2023
Black Arrow Cyber Threat Intelligence Briefing 15 September 2023:
-Overconfident Organisations Prone to Cyber Breaches
-Board Members Struggling to Understand Cyber Risks
-Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
-Cyber Attacks Reach Fever Pitch in Q2 2023
-Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
-Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
-Europol - Financial Crime Makes “Billions” and Impacts “Millions”
-Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
-Hackers are Dropping USB Drives Outside Buildings to Target Networks
-Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
-If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
-Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Overconfident Organisations Prone to Cyber Breaches
A study found that 95% of UK enterprises were very confident or somewhat confident that they do not have gaps in their security controls, yet despite this, 69% have fallen victim to a cyber attack in the last two years. One of the reasons given for this false sense of confidence was the belief that more tools meant more security; worryingly, 45% of organisations struggled with the implementation of tools due to the need for expertise. Attackers are constantly adapting their tactics to bypass the security controls that most organisations implement. It is difficult for IT teams and business leaders to maintain an objective assessment of how effective their chosen security controls are against today’s attackers. Black Arrow provides the impartial and expert advice that businesses require, including a free initial assessment, with no vested interest other than helping our clients achieve pragmatic and proportionate security.
Source: [IT Security Guru]
Board Members Struggling to Understand Cyber Risks
Board members frequently struggle to understand cyber risks, putting businesses at higher risk of attacks, a new report has found. The report noted that Board interest is being piqued as a result of growing media reporting of cyber incidents, a heightened Board focus on operational resilience post-pandemic, investor pressure and a tightening regulatory environment.
Worryingly, despite the increase in interest and increased internal and external focus on cyber risk, a number of Board-level respondents reported that they felt scared or embarrassed to ask their CISO for fear of exposing their lack of understanding.
Source: [Infosecurity Magazine]
Cyber Criminals are Targeting Top Executives and Could be Using Sensitive Information to Extort Them
Senior executives in today's evolving work landscape face growing cyber security threats, including extortion and device theft. The rise of ‘workcations’, which blend work and leisure, has blurred professional and personal boundaries, exposing leaders to heightened risks, and necessitating a strong focus on cyber security.
These executives are particularly attractive targets due to their access to critical information and decision-making authority. To protect their organisations, they must prioritise robust security measures, such as stronger passwords, anti-theft safeguards for devices, multi factor authentication, and, where appropriate or necessary, the use of virtual private networks. As guardians of their businesses' well-being, executives carry the responsibility of upholding stringent cyber security practices, ensuring that the benefits of remote work do not compromise their organisations' security.
Source: [Fortune]
Cyber Attacks Reach Fever Pitch in Q2 2023
A report has found the global landscape of increasing digitisation, political unrest, the emergence of AI and the widespread adoption of work from home, have all contributed to an increase in attacks, which have increased 314% in the first half of this year compared the first half of 2022. Rather worryingly, between the first and second quarter this year, there was a 387% increase in activity.
Source: [Data Centre & Network News]
Ransomware Attacks Hit Record Levels in UK as More Companies Fail to Tackle Growing Threats
A report from the Information Commissioner’s Office (ICO) in the UK found ransomware attacks on UK organisations reached record levels last year, impacting over 700 organisations. This isn’t the true count though, as it does not factor the overwhelming majority of victims who do not report attacks, so the true number will be many times this. This increase comes as reports are finding that UK companies are struggling to address the growing threats, and this includes a lack of understanding at the Board level. In fact, 59% of directors say their Board is not very effective in understanding the drivers and impacts of cyber risks for their organisation.
Sources: [The Record] [The Fintech Times] [Financial Times]
Microsoft Warns of More Attacks as Ransomware Spreads Through Teams Phishing
Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. Referring to one of the groups, Microsoft said “In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file,". This tactic has also been used by Russian Nation State Actors.
Source: [Bleeping Computer]
Europol - Financial Crime Makes “Billions” and Impacts “Millions”
The European policing alliance’s first ever European Financial and Economic Crime Threat Assessment was compiled from “operational insights and strategic intelligence” contributed by member states and Europol partners. The assessment highlighted a criminal economy worth billions of euros and that impacts millions of victims each year.
Source: [Infosecurity Magazine]
Almost One in Three Parents Have Never Spoken to Their Children About Cyber Security
A recent report found that 30% of parents have never spoken to their children about cyber security. Additionally, over 40% of parents, who themselves admitted that they didn’t know how to create strong passwords, still give their child access to their mobile phones and almost a third (32%) give them access to their computers. By doing so, parents are not only putting their children at risk, but inadvertently, themselves and the organisations they work for as well.
Black Arrow offers a range of training, including formal and informal training, for individuals, employees and business leaders. Contact us today for a free initial conversation.
Source: [IT Security Guru]
Hackers are Dropping USB Drives Outside Buildings to Target Networks
A mid-year cyber security report found that along with the explosive growth in AI, bad actors are still using tried and tested, but unfortunately still very effective, tactics such as dropping USB drives outside target buildings in the hope that an employee will pick them up and plug them into devices connected to the corporate network. Many times, these actors are banking on their targets lacking protections against these attacks. Think about your organisation, would someone plug a device they found in the street into their work computer out of curiosity? Does your organisation have controls in place to prevent this type of attack?
Source: [Tech Republic]
Data Theft is Now the No. 1 Cyber Security Threat Keeping Execs Awake at Night
According to a recent survey, 55% of IT decision-makers cited data theft as their main concern, with ransomware placed third, after phishing. This comes as ransomware attackers are moving towards more exfiltration-based techniques. Exfiltration creates a significant number of issues for an organisation including the regulatory requirements of telling customers, to not knowing what data has been exfiltrated.
Source: [Information Security Buzz]
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now
Criminals have had plenty of time to use encryption keys stolen in the 2022 LastPass hack to open vaults, and there has been a reported increase in the number of vaults that have been cracked. For those attackers that haven’t been able to crack your password, they're under no time constraints.
Whilst successful attackers may not directly target your email accounts, PayPal wallets, or banks, these assets can be packaged and sold to other criminal third parties. If any of the passwords stored in a LastPass vault prior to 2022 are still in use, you should change them immediately.
Source: [Make Use Of]
Cloud Vulnerabilities Surge Nearly 200% as Cloud Credentials Become the New Hot Ticket on the Dark Web
IBM tracked 632 new cloud-related vulnerabilities (CVEs) between June 2022 and June 2023, a 194% increase from the previous year, according to a new report. The latest haul of new CVEs brings the total number tracked by the vendor to 3,900; a number that has doubled since 2019. Similarly, a separate report from Palo Alto Networks found that 80% of security exposures exist in the cloud.
IBM highlighted that this has led to a number of cloud credentials being actively sold on the dark web, in some cases for the same price as a dozen doughnuts. These credentials are believed to account for almost 90% of goods and services for sale on the dark web.
Sources: [Infosecurity Magazine] [The Register] [TechTarget]
Governance, Risk and Compliance
Deputy PM urges UK plc not to lose focus on cyber | Computer Weekly
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
Global companies to hike security spending as threats rise - survey | Reuters
CISOs need to be forceful to gain leverage in the boardroom - Help Net Security
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Cyber Security risks dampen corporate enthusiasm for tech investments - Help Net Security
CISOs and Board Reporting – an Ongoing Problem - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks hit record level in UK, according to neglected official data (therecord.media)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Ransomware thrives as cyber security remains lax, says UK report | Financial Times (ft.com)
Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family (thehackernews.com)
Ransomware in top three threats for 65% of organisations | Security Magazine
TrickBot & Conti Sanctions for CISOs & Board Members (trendmicro.com)
Don’t focus on ransomware variants, say UK’s national cyber and crime agencies (therecord.media)
Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor (darkreading.com)
Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors (darkreading.com)
Ransomware Victims
A phone call to helpdesk was likely all it took to hack MGM | Ars Technica
MGM, Caesars File SEC Disclosures on Cyber Security Incidents (darkreading.com)
Caesars paid millions in ransom to cybercrime group prior to MGM hack – NECN
Group in Casino Hacks Skilled at Duping Workers for Access (1) (bloomberglaw.com)
Ransomware tracker: The latest figures [September 2023] (therecord.media)
Rhysida gang claims to have hacked three more US hospitals (securityaffairs.com)
Ransomware crew claims to have hit Save The Children • The Register
Shell says Australian unit BG Group hit by MOVEit cyber security breach | Reuters
Dutch football association pays ransom to Russian cyber criminals – EURACTIV.com
Cyber security incident affects services at The Weather Network | CFJC Today Kamloops
Phishing & Email Based Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Attackers Abuse Google Looker Studio to Evade DMARC, Email Security (darkreading.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
Ransomware access broker steals accounts via Microsoft Teams phishing (bleepingcomputer.com)
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
Journalists, authors, and other writers targeted by phishing emails | TechRadar
Associated Press Stylebook Users Targeted in Phishing Attack Following Data Breach - SecurityWeek
How should SMBs navigate the phishing minefield? - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Understanding the dangers of social engineering - Help Net Security
How to Avoid Smishing Attacks Targeting Subscription Service Users (securityintelligence.com)
Artificial Intelligence
Cyber Criminals Feasting On Artificial Intelligence (forbes.com)
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud security in the era of artificial intelligence (securityintelligence.com)
Deepfake cyberthreats keep rising. Here's how to prevent them - SiliconANGLE
2FA/MFA
Malware
Microsoft Teams phishing attack pushes DarkGate malware (bleepingcomputer.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Protecting Your Microsoft IIS Servers Against Malware Attacks (thehackernews.com)
3 Strategies to Defend Against Resurging Infostealers (darkreading.com)
New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World (thehackernews.com)
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
'Steal-It' Campaign Uses OnlyFans Models as Lures (darkreading.com)
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor (welivesecurity.com)
Cybersecurity alert: Malware hidden in Microsoft Teams messages targeting users - OnMSFT.com
Iranian Cyberspies Deployed New Backdoor to 34 Organizations - SecurityWeek
Mobile
'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users (darkreading.com)
France halts iPhone 12 sales over radiation levels - BBC News
Denial of Service/DoS/DDOS
Massive DDoS attack on US financial company thwarted by cyber firm (therecord.media)
Akamai prevented largest DDoS attack on a US financial company (securityaffairs.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
Yukon gov't website back after cyber attack, Nunavut gov't site still down | CBC News
Internet of Things – IoT
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Wyze security camera owners report seeing strangers' camera feeds | Mashable
Hackers will hack anything — including your sex toys - The Hustle
Data Breaches/Leaks
Overconfident Organisations Prone to Cyber Breaches, Study Finds - IT Security Guru
LastPass Hackers Cracking Password Vaults - Experts Warns - Cyber Kendra
Dymocks Booksellers suffers data breach impacting 836k customers (bleepingcomputer.com)
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
Airbus data leaked via infected customer computer • The Register
Threat actor leaks sensitive data belonging to Airbus (securityaffairs.com)
Organised Crime & Criminal Actors
How Next-Gen Threats Are Taking a Page From APTs - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Europol's spotlight report sheds light on evolving cyber attacks (amlintelligence.com)
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Top blockchain Cyber security threats to watch out for (att.com)
$24 Million Worth of Crypto Wiped out Overnight in Massive Phishing Attack
Blockchain Security Firm Unveils APT Attack by Lazarus Group - DailyCoin
Hackers steal $53 million worth of cryptocurrency from CoinEx (bleepingcomputer.com)
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Latest fraud schemes targeting the payments ecosystem - Help Net Security
Cryptoqueen: Accomplice jailed for 20 years for OneCoin financial scam - BBC News
Glasgow firm issues warning following recent cyber attack | Glasgow Times
Impersonation Attacks
Email forwarding flaws enable attackers to impersonate high-profile domains - Help Net Security
Cyber criminals Use Webex Brand to Target Corporate Users (darkreading.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
ChatGPT Jailbreaking Forums Proliferate in Dark Web Communities (darkreading.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Supply Chain and Third Parties
Evaluating & Managing Service Provider Security Risks (in 2023) | UpGuard
Airbus Cyber Attack: Over 3,200 Vendor Data Accessed by Hackers (cybersecuritynews.com)
Capita class action: 2,000 sign up in wake of data theft • The Register
The rise and evolution of supply chain attacks - Help Net Security
A 2-Week Prescription for Eliminating Supply Chain Threats (darkreading.com)
Cloud/SaaS
Thousands of Microsoft 365 accounts under threat from W3LL phishing kit | TechRadar
7 Steps to Kickstart Your SaaS Security Program (thehackernews.com)
Cloud storage security: What's new in the threat matrix | Microsoft Security Blog
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Cloud credentials are the hot ticket item on the dark web • The Register
Palo Alto Networks: 80% of security exposures exist in cloud | TechTarget
Cloud security in the era of artificial intelligence (securityintelligence.com)
Containers
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns (darkreading.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Identity and Access Management
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Encryption
API
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating API security to reinforce cyber defence - Help Net Security
Machine Learning is a Must for API Security - IT Security Guru
Open Source
Free Download Manager site redirected Linux users to malware for years (bleepingcomputer.com)
Linux Malware! Read This If You Use Free Download Manager (itsfoss.com)
Passwords, Credential Stuffing & Brute Force Attacks
If You Didn’t Change Your Passwords After the LastPass Data Breach, Do It Now (makeuseof.com)
Root Admin User: When Do Common Usernames Pose a Threat? (databreachtoday.co.uk)
New WiKI-Eve attack can steal numerical passwords over WiFi (bleepingcomputer.com)
Wi-Fi radio signal data can be used 'to predict passwords' • The Register
Cloud credentials are the hot ticket item on the dark web • The Register
Iranian hackers breach defence orgs in password spray attacks (bleepingcomputer.com)
Social Media
Facebook Messenger phishing wave targets 100K business accounts per week (bleepingcomputer.com)
After Microsoft and X, Hackers Launch DDoS Attack on Telegram - SecurityWeek
How Do Hackers Sell and Trade Your Data in the Metaverse? (makeuseof.com)
Millions of Facebook Business Accounts Bitten by Python Malware (darkreading.com)
Training, Education and Awareness
How to Transform Security Awareness Into Security Culture (darkreading.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
How end-user phishing training works (and why it doesn’t) (bleepingcomputer.com)
Great security training is a real challenge - Help Net Security
Digital Transformation
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Issues Final Rules on Cyber Security Disclosures | Kelley Drye & Warren LLP - JDSupra
What Makes an Incident ‘Material’? | Calloquy, PBC - JDSupra
The International Criminal Court will now prosecute cyberwar crimes | Ars Technica
Preparing For Cyber Security Disclosures Set For Public Companies (forbes.com)
Models, Frameworks and Standards
Backup and Recovery
How to develop a cloud backup ransomware protection strategy | TechTarget
How To Backup Data From NAS: A Complete Guide (informationsecuritybuzz.com)
Data Protection
Careers, Working in Cyber and Information Security
Cyber Security Skills Gap: Roadies & Gamers Are Untapped Talent (darkreading.com)
Three ways to overcome cyber security staff shortages (securitybrief.co.nz)
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
China
Risk & Repeat: Big questions remain on Storm-0558 attacks | TechTarget
Parliamentary researcher ‘who spied for China’ arrested | UK news | The Guardian
Arrest of alleged spy raises questions around UK’s China policy | Financial Times (ft.com)
Microsoft, Apple versus China, spyware actors (techrepublic.com)
Co-op to ban Chinese CCTV after security risk warnings (telegraph.co.uk)
Spies, Hackers, Informants: How China Snoops on the West - SecurityWeek
China caught with its malware in another nation's power grid • The Register
China Threat Recap: A Deeper Insight (informationsecuritybuzz.com)
Iran
Iranian hackers backdoor 34 orgs with new Sponsor malware (bleepingcomputer.com)
‘Scan-and-exploit’ campaign snares unpatched Exchange servers | SC Media (scmagazine.com)
North Korea
Misc Nation State/Cyber Warfare
Vulnerability Management
Severe vulnerability found in all browsers, and it's being attacked | PCWorldOvercoming the Rising Threat of Session Hijacking (darkreading.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica
Vulnerabilities
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws (bleepingcomputer.com)
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) - Help Net Security
Severe vulnerability found in all browsers, and it's being attacked | PCWorld
After Apple and Google, Mozilla Also Patches Zero-Day Exploited for Spyware Delivery - SecurityWeek
Notepad++ 8.5.7 released with fixes for four security vulnerabilities (bleepingcomputer.com)
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks (bleepingcomputer.com)
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints (thehackernews.com)
Cisco warns of VPN zero-day exploited by ransomware gangs (bleepingcomputer.com)
Cloud CVEs Surge 200% in a Year - Infosecurity Magazine (infosecurity-magazine.com)
Tools and Controls
Global companies to hike security spending as threats rise - survey | Reuters
Don't Leave Cyber Security to Chance, the Hidden Risk when Staff Depart - IT Security Guru
What Is XDR and Why It's Changing the Security Industry - ReadWrite
Remote Desktop Protocol exposures leave 85% of organisations vulnerable to attack - SiliconANGLE
The Dark Web Is Expanding (As Is the Value of Monitoring It) (darkreading.com)
How to Prevent API Breaches: A Guide to Robust Security (thehackernews.com)
Elevating Cyber Awareness: A Strategic Approach (informationweek.com)
Great security training is a real challenge - Help Net Security
Companies need to rethink how they implement identity security - Help Net Security
Enterprises persist with outdated authentication strategies - Help Net Security
Why Identity Management Is the Key to Stopping APT Cyber Attacks (darkreading.com)
Easy Configuration Fixes Can Protect Your Server from Attack (securityintelligence.com)
Other News
The Weaponization of Operational Technology (securityintelligence.com)
ICS Computers in Western Countries See Increasing Attacks: Report - SecurityWeek
Cyber Trends: The Gunpowder of the Twenty-First Century (e-ir.info)
The 9 Top Technology Trends That Are Shaping the Future of Cyber Security (makeuseof.com)
The Cyber Security Risks In Education Cannot Be Ignored (forbes.com)
A new Repojacking attack exposed over 4,000 GitHub repositories to hack (securityaffairs.com)
Cyber attacks reach fever pitch in Q2 2023 - Data Centre & Network News (dcnnmagazine.com)
Rising OT/ICS cyber security incidents reveal alarming trend - Help Net Security
Brits happy to break cyber law if the price is right | Computer Weekly
British Military Hit by Six Million Cyber Attacks in 2022 (thedefensepost.com)
Trustwave report on hospitality industry security threats | Cyber Magazine
Cyber security impact on construction, engineering projects (csemag.com)
Cyber criminals come for schools — and schools aren’t ready (hechingerreport.org)
Professional Sports: The Next Frontier of Cyber Security? (darkreading.com)
How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)
Poison in the Water: The Physical Repercussions of IoT Security Threats (securityintelligence.com)
Australia Inc roiled by raft of cyber attacks since late 2022 | Reuters
Death by digital: attacks on healthcare put people at risk (synack.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28th July 2023
Black Arrow Cyber Threat Briefing 28 July 2023:
-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions
-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500
-Why Cyber Security Should Be Part of Your ESG Strategy
-Lawyers Take Frontline Role in Business Response to Cyber Attacks
-Organisations Face Record $4.5M Per Data Breach Incident
-Cryptojacking Soars as Cyber Attacks Diversify
-Ransomware Attacks Skyrocket in 2023
-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
-Protect Your Data Like Your Reputation Depends on It (Because it Does)
-Why CISOs Should Get Involved with Cyber Insurance Negotiation
-Companies Must Have Corporate Cyber Security Experts, SEC Says
-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Half of UK Businesses Struggle to Fill Cyber Security Skills Gap
Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.
In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.
With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725
https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/
Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500
The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.
Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.
https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/
https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/
Why Cyber Security Should Be Part of Your ESG Strategy
Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.
Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.
https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy
Lawyers Take Frontline Role in Business Response to Cyber Attacks
Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.
In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.
https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331
Organisations Face Record $4.5M Per Data Breach Incident
In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.
https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Cryptojacking Soars as Cyber Attacks Diversify
According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.
https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/
Ransomware Attacks Skyrocket in 2023
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.
The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.
https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/
Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.
Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.
https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/
https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt
https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/
Protect Your Data Like Your Reputation Depends on It (Because it Does)
Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.
It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.
Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.
Companies Must Have Corporate Cyber Security Experts, SEC Says
A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.
The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.
The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.
Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.
With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.
https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023
Governance, Risk and Compliance
Data Breaches Cost Businesses $4.5M on Average (darkreading.com)
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Companies encounter months-long delays in filling critical security positions - Help Net Security
Enterprises should layer-up security to avoid legal repercussions - Help Net Security
Explaining risk maturity models and how they work | TechTarget
Why cyber security should be part of your ESG strategy | Computer Weekly
The old “trust but verify” adage should be the motto for every CISO | CSO Online
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security
The critical cyber security backup plan too many companies are ignoring (cnbc.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)
Why whistleblowers in cyber security are important and need support | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)
Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Millions of people's healthcare files accessed by Clop gang • The Register
Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek
The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop
Risk & Repeat: Are data extortion attacks ransomware? | TechTarget
ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)
Ransomware: Sophos says most universities pay | Times Higher Education (THE)
Ransomware Victims
PwC has data leaked on the clear web - Cyber Security Connect
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Millions of people's healthcare files accessed by Clop gang • The Register
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek
Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)
Phishing & Email Based Attacks
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
BEC – Business Email Compromise
Artificial Intelligence
Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security
UN Security Council to hold first talks on AI risks | Reuters
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)
Lots of sensitive data is still being posted to ChatGPT | TechRadar
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
The Good, the Bad and the Ugly of Generative AI - SecurityWeek
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Intel's deepfake detector tested on real and fake videos - BBC News
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Malware
Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)
Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)
The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)
Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security
Mobile
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch
Botnets
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Denial of Service/DoS/DDOS
Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
BYOD
Internet of Things – IoT
Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek
Data Breaches/Leaks
Capita breach class action nears 1,000 sign-ups • The Register
VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
NATO investigating apparent breach of unclassified information sharing platform | CyberScoop
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs
Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)
Organised Crime & Criminal Actors
The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking soars as cyber attacks increase, diversify - Help Net Security
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Consumers demand more from businesses when it comes to security - Help Net Security
CISOs gear up to combat the rising threat of B2B fraud - Help Net Security
MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian
Insurance
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal
Dark Web
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Supply Chain and Third Parties
Capita breach class action nears 1,000 sign-ups • The Register
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
Strengthening the weakest links in the digital supply chain - Help Net Security
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)
Software Supply Chain
Cloud/SaaS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Shadow IT
Encryption
Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)
Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)
API
Open Source
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Training, Education and Awareness
Travel
Parental Controls and Child Safety
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Regulations, Fines and Legislation
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Data Protection
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Careers, Working in Cyber and Information Security
Companies encounter months-long delays in filling critical security positions - Help Net Security
Bridging the cyber security skills gap through cyber range training - Help Net Security
Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
Russian court jails cyber security executive for 14 years in treason case | Reuters
Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian
69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica
China
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
The Chinese groups accused of hacking the US and others | Reuters
Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek
North Korea
North Korean Cyber spies Target GitHub Developers (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
Misc/Other/Unknown
Vulnerability Management
Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)
Want to live dangerously? Try running Windows XP in 2023 • The Register
A step-by-step guide for patching software vulnerabilities - Help Net Security
Vulnerabilities
Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek
A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs
Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)
Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)
Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)
Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)
VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)
Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)
Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
Study reveals silent Python package security fixes • The Register
Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)
WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)
Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs
Tools and Controls
Why cyber security should be part of your ESG strategy | Computer Weekly
Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)
Explaining risk maturity models and how they work | TechTarget
Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)
Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)
Zero trust rated as highly effective by businesses worldwide - Help Net Security
50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)
Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)
Why are computer security guidelines so confusing? - Help Net Security
Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)
Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)
Converging networking and security with SASE - Help Net Security
Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)
Key factors for effective security automation - Help Net Security
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
CISOs consider zero trust a hot security ticket - Help Net Security
How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)
Reports Published in the Last Week
Other News
Maritime Cyber attack Database Launched by Dutch University - SecurityWeek
Google’s new security pilot program will ban employee Internet access | Ars Technica
macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)
Why whistleblowers in cyber security are important and need support | CSO Online
World's most internetty firm tries life off the net • The Register
Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 14 July 2023
Black Arrow Cyber Threat Briefing 14 July 2023:
-Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves
-Helping Boards Understand Cyber Risks
-Enterprise Risk Management Should Inform Cyber Risk Strategies
-Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
-20% of Malware Attacks Bypass Antivirus Protection
-Ransomware Payments and Extortion Spiked Compared to 2022
-AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
-Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
-Scam Page Volumes Surge 304% Annually
-Financial Industry Faces Soaring Ransomware Threat
-The Need for Risk-Based Vulnerability Management to Combat Threats
-Government Agencies Breached in Microsoft 365 Email Attacks
-Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
-Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Are a War We'll Never Win, But We Can Defend Ourselves
The cyber threat landscape is constantly evolving, with hackers becoming more creative in their exploitation of businesses and personal data. As the frequency and sophistication of cyber attacks increase, it's clear that the cyber security war is an endless series of battles that demand constant innovation and vigilance. Recognising the necessity of having built-in security, organisations should integrate security measures into their systems and foster a culture of security awareness.
Acknowledging that breaches are an inevitable risk, an orchestrated team response, well-practiced recovery plan, and effective communication strategy are key to managing crises. Organisations must also invest in proactive security measures, including emerging technologies to spot intrusions early. Ultimately, cyber security isn't just a technical concern, it's a cultural and organisational imperative, requiring the incorporation of security measures into every aspect of an organisation's operations and philosophy.
Helping Boards Understand Cyber Risks
A difference in perspective is a fundamental reason board members and the cyber security team are not always aligned. Board members typically have a much broader view of the organisation’s goals, strategies, and overall risk landscape, where CISOs are responsible for assessing and mitigating cyber security risk.
It’s often a result of the board lacking cyber security expertise among its members, the complexity with understanding the topic and CISOs who focus too heavily on technical language during their discussions with the board which can cause a differing perspective. For organisations to be most effective in their approach to cyber security, they should hire CISOs or vCISOs who wear more than one hat and are able to understand cyber in context to the business. In addition, having cyber expertise on the board will pay dividends; this can be achieved by direct hiring or upskilling of board members.
Black Arrow supports clients as their vCISO or Non-Executive Director (NED) with specialist experience in cyber security risk management in a business context.
https://www.helpnetsecurity.com/2023/07/11/david-christensen-plansource-board-ciso-communication/
Enterprise Risk Management Should Inform Cyber Risk Strategies
While executives and boards once viewed cyber security as a primarily technical concern, many now recognise it as a major business issue. A single serious data breach could result in debilitating operational disruptions, financial losses, reputational damage, and regulatory penalties.
Cyber security focuses on protecting digital assets from threats, while enterprise risk management adopts a wider approach, mitigating diverse risks across several domains beyond the digital sphere. Rather than existing in siloes, enterprise risk management and cyber risk management strategies should complement and inform each other. By integrating cyber security into their risk management frameworks, organisations can more efficiently and effectively protect their most valuable digital assets.
Law Firms at High Risk of Attack as Ransomware Groups Begin to Focus Attention
Three of the largest US law firms have been newly hit by the Cl0p cyber syndicate as part of dozens of ransomware attacks across industries that so far have affected more than 16 million people. All three law firms feature on Cl0p’s leak site, which lists organisations who Cl0p have breached.
This comes as the UK National Cyber Security (NCSC) noted in a report the threat to the legal sector. Law firms are a particularly attractive target for the depth of sensitive personal information they hold from individuals and companies, plus the dual threat of publishing it publicly should a ransom demand go unmet. In Australia, law firm HWL Ebsworth confirmed several documents relating to its work with several Victorian Government departments and agencies had been released by cyber criminals to the dark web following a data breach announced in April 2023.
The extortion of law firms allows extra opportunities for an attacker, including exploiting opportunities for insider trading, gaining the upper hand in negotiations and litigation, or subverting the course of justice. Based on the above, it is no wonder the Solicitors Regulation Authority (SRA) in the UK found that 75% of the law firms they visited has been a victim of a cyber attack.
https://www.helpnetsecurity.com/2023/07/10/law-firm-cyberattack/
20% of Malware Attacks Bypass Antivirus Protection
In the first half of 2023, researchers found that 20% of all recaptured malware logs had an antivirus program installed at the time of successful malware execution. Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
The researchers found that the common entry points for malware are permitting employees to sync browser data between personal and professional devices (57%), struggling with shadow IT due to employees' unauthorised use of applications and systems (54%), and allowing unmanaged personal or shared devices to access business applications (36%).
Such practices expose organisations to subsequent attacks, like ransomware, resulting from stolen access credentials. Malware detection and quick action on exposures are critical; however, many organisations struggle with response and recovery with many firms failing to have robust incident response plans.
https://www.helpnetsecurity.com/2023/07/13/malware-infections-responses/
Ransomware Payments and Extortion Spiked Compared to 2022
A recent report from Chainalysis found that ransomware activity is on track to break previous records, having extorted at least $449.1 million through June. For all of 2022, that number didn’t even reach $500 million. Similarly, a separate report using research statistics from Action Fraud UK, the UK’s national reporting centre for fraud, found cyber extortion cases surged 39% annually.
It’s no wonder both are on the rise, as the commonly used method of encrypting data behind a ransom is being combined with threatening to leak data; this gives bad actors two opportunities to gain payment. With this, the worry about the availability of your data now extends to the confidentiality and integrity of it.
https://www.infosecurity-magazine.com/news/cyber-extortion-cases-surge-39/
AI, Trust, and Data Security are Key Issues for Finance Firms and Their Customers
Business leaders have been warned to expect more instability and uncertainly following on from the unpredictable nature of events during the past few years, from COVID-19 to business restructurings, the Russian invasion of Ukraine and the rise of generative artificial intelligence (AI). A recent report found that customers feel they lack appropriate guidance from their financial providers during times of economic uncertainty; the lack of satisfactory experience and a desire for a better digital experience is causing 25% of customers to switch banks.
The report also found that 23% of customers do not trust AI and 56% are neutral. This deficit in trust can swing in either direction based on how Financial Services Institutions (FSIs) use and deliver AI-powered services. While the benefits of AI are unclear, an increased awareness of personal data security has made trust between providers and customers more crucial than ever. In fact, 78% of customers say they would switch financial service providers if they felt their data was mishandled.
Caution: Microsoft Warns of Office Zero-Day Attacks with No Patch Available
Russian spies and cyber criminals are actively exploiting still-unpatched security flaws in Microsoft Windows and Office products, according to an urgent warning from Microsoft. While Microsoft recently released patches for 130 vulnerabilities, including 9 criticals, 6 which are actively being exploited (see our advisory here), a series of remote code execution vulnerabilities were not addressed, and attackers have been actively exploiting them because the patches are not yet available.
An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. All an attacker would have to do is to convince the victim to open the malicious file. Microsoft have stated that a security update may be released out of cycle to address these flaws.
https://www.securityweek.com/microsoft-warns-of-office-zero-day-attacks-no-patch-available/
Scam Page Volumes Surge 304% Annually
Security researchers have recorded a 62% year-on-year increase in phishing websites and a 304% surge in scam pages in 2022. The Digital Risk Trends 2023 report classifies phishing as a threat resulting in the theft of personal information and a scam as any attempt to trick a victim into voluntarily handing over money or sensitive information.
It found that the average number of instances in which a brand’s image and logo was appropriated for use in scam campaigns increased 162% YoY, rising to 211% in APAC. Scams are also becoming more automated, as the ever-increasing number of new tools available to would-be cyber criminals has lowered the barrier of entry. We expect to see AI also play a greater role in scams in the future.
https://www.infosecurity-magazine.com/news/scam-page-volumes-surge-304/
Financial Industry Faces Soaring Ransomware Threat
The financial industry has been facing a surge in ransomware attacks over the past few years, said cyber security provider SOCRadar in a threat analysis post. This trend started in the first half of 2021, when Trend Micro saw a staggering 1,318% increase in ransomware attacks targeting banks and financial institutions compared to the same period in 2020. Sophos also found that over half (55%) of financial service firms fell victim to at least one ransomware attack in 2021, a 62% increase from 2020.
https://www.infosecurity-magazine.com/news/financial-industry-faces-soaring/
The Need for Risk-Based Vulnerability Management to Combat Threats
Cyber attacks are increasing as the number of vulnerabilities found in software has increased by over 50% in the last 5 years. This is a result of unpatched and poorly configured systems as 75% of organisations believe they are vulnerable to a cyber attack due to unpatched software. As vulnerabilities continue to rise and security evolves, it is becoming increasingly apparent that conventional vulnerability management programs are inadequate for managing the expanding attack surface. In comparison, a risk-based strategy enables organisations to assess the level of risk posed by vulnerabilities. This approach allows teams to prioritise vulnerabilities based on their assessed risk levels and remediate those with higher risks, minimising potential attacks in a way that is continuous, and automated.
By enhancing your vulnerability risk management process, you will be able to proactively address potential issues before they escalate and maintain a proactive stance in managing vulnerabilities and cloud security. Through the incorporation of automated threat intelligence risk monitoring, you will be able to identify significant risks before they become exploitable.
Government Agencies Breached in Microsoft 365 Email Attacks
Microsoft disclosed an attack against customer email accounts that affected US government agencies and led to stolen data. While questions remain about the attacks, Microsoft provided some details in two blog posts on Tuesday, including attribution to a China-based threat actor it tracks as Storm-0558. The month long intrusion began on 15 May and was first reported to Microsoft by a federal civilian executive branch (FCEB) agency in June.
Microsoft said attackers gained access to approximately 25 organisations, including government agencies. While Microsoft has mitigated the attack vector, the US Government Cybersecurity and Infrastructure Security Agency (CISA) was first to initially detect the suspicious activity. The government agency published an advisory that included an attack timeline, technical details and mitigation recommendations. CISA said an FCEB agency discovered suspicious activity in its Microsoft 365 (M365) environment sometime last month.
Concerns Raised as Report Questions UK’s “Completely Inadequate” Defence to Threats from China
Britain’s spy watchdog has slammed the UK Government for a “completely inadequate” response to Chinese espionage and interference which risked an “existential threat to liberal democratic systems”. In a bombshell 207 page report, Parliament’s Intelligence and Security Committee issued a series of alarming warnings about how British universities, the nuclear sector, Government and organisations alike were being targeted by China.
Hackers Backed by North Korea have Stolen Billions of Dollars Over the Last Five Years
Hackers have developed a list of sophisticated tricks that allow them to weasel their way into the networks of possible targets, including organisations. Sometimes a North Korean hacker would pose as a recruitment officer to get an employee’s attention. The cyber criminal would then share an infected file with the unsuspecting company employee. This was the case of the famous 2021’s Axie Infinity hack that allowed the North Koreans to steal more than $600 million after one of the game developers was offered a fake job by the hackers.
https://www.pandasecurity.com/en/mediacenter/security/north-korea-stolen-crypto/
Governance, Risk and Compliance
CISO perspective on why boards don't fully grasp cyber attack risks - Help Net Security
Top Takeaways From Table Talks With Fortune 100 CISOs (darkreading.com)
AI, trust, and data security are key issues for finance firms and their customers | ZDNET
Cyber Attacks Are a War We'll Never Win, but We Can Defend Ourselves (darkreading.com)
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Threats
Ransomware, Extortion and Destructive Attacks
Cl0p Hackers Hit Three of the Biggest US Law Firms in Large Ransomware Attack - MSSP Alert
UK battles hacking wave as ransomware gang claims ‘biggest ever’ NHS breach | TechCrunch
Cl0p has yet to deploy ransomware while exploiting MOVEit zero-day | SC Media (scmagazine.com)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Cyber Extortion Cases Surge 39% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Ransomware payments on record-breaking trajectory for 2023 (bleepingcomputer.com)
Beware of Big Head Ransomware: Spreading Through Fake Windows Updates (thehackernews.com)
Deutsche Bank confirms provider breach exposed customer data (bleepingcomputer.com)
BigHead and RedEnergy ransomware, more MOVEIt problems (cisoseries.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Same code, different ransomware? Leaks kick-start myriad of new variants - Help Net Security
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days (thehackernews.com)
Ransomware Victims
Capita admits hackers also stole staff’s personal details (thetimes.co.uk)
Banks, hotels and hospitals among latest MOVEit mass-hack victims | TechCrunch
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Barts NHS hack leaves folks on tenterhooks over extortion • The Register
Scottish university cyber attack under investigation | The National
Phishing & Email Based Attacks
New Phishing Attack Spoofs Microsoft 365 Authentication System (hackread.com)
Number of email-based phishing attacks surges 464% - Help Net Security
Chinese hackers compromised emails of US Government agencies- -Security Affairs
Microsoft: Government agencies breached in email attacks | TechTarget
RomCom hackers target NATO Summit attendees in phishing attacks (bleepingcomputer.com)Facebook and Microsoft remain prime targets for spoofing - Help Net Security
Top 10 Email Security Best Practices in 2023 (gbhackers.com)
Other Social Engineering; Smishing, Vishing, etc
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
Evil QR - A new QR Jacking Attack to Take Over User Accounts (cybersecuritynews.com)
How hackers are now targeting your voice and how to protect yourself | Fox News
Artificial Intelligence
How the EU AI Act Will Affect Businesses, Cyber Security (darkreading.com)
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing (thehackernews.com)
ChatGPT and Cyber Security : 5 Cyber Security Risks of ChatGPT (gbhackers.com)
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
How to Safely Architect AI in Your Cyber Security Programs (darkreading.com)
ChatGPT users drop for the first time as people turn to uncensored chatbots | Ars Technica
Secretaries of State brace for wave of AI-fueled disinformation during 2024 campaign | CyberScoop
Civil society, labor and rights groups express concerns about AI at White House meeting | CyberScoop
2FA/MFA
Malware
20% of malware attacks bypass antivirus protection - Help Net Security
Malware delivery to Microsoft Teams users made easy - Help Net Security
WormGPT Cyber Crime Tool Heralds an Era of AI Malware vs. AI Defences (darkreading.com)
Truebot Malware Variants Abound, According to CISA Advisory (darkreading.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
USB drive malware attacks spiking again in first half of 2023 (bleepingcomputer.com)
Charming Kitten hackers use new ‘NokNok’ malware for macOS (bleepingcomputer.com)
Banking Firms Under Attack by Sophisticated 'Toitoin' Campaign (darkreading.com)
Over 100 malicious signed Windows drivers blocked by Microsoft - NotebookCheck.net News
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data | Macworld
BlackLotus UEFI Bootkit Source Code Leaked on GitHub - SecurityWeek
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Serious Security: Rowhammer returns to gaslight your computer – Naked Security (sophos.com)
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
Mobile
Crooks Evolve Antidetect Tooling for Mobile OS-Based Fraud-Security Affairs
The FCC aims to stop SIM swappers with new rules - The Verge
Google Play will enforce business checks to curb malware submissions (bleepingcomputer.com)
Clever Letscall vishing malware targets Android phones | SC Media (scmagazine.com)
Denial of Service/DoS/DDOS
Industry responses and strategies for navigating the tides of DDoS attacks - Help Net Security
Archive Of Our Own Down: AO3 DDoS Attack Explained - Dataconomy
Internet of Things – IoT
Data Breaches/Leaks
So you gave personal info to a company caught in a data breach. Now what? | CBC News
HCA confirms breach after hacker steals data of 11 million patients (bleepingcomputer.com)
US on Track For Record Number of Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)
Twitter User Exposes Nickelodeon Data Leak - Infosecurity Magazine (infosecurity-magazine.com)
Capita attackers reportedly stole data from pension fund • The Register
Twenty Manx public authorities reprimanded for data breach - BBC News
Bangladesh government website leaked data of millions of citizens-Security Affairs
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cyber security professional accused of stealing $9M in crypto | TechCrunch
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Insider Risk and Insider Threats
How To Protect Your Business From The Security Risks Freelancers Pose (forbes.com)
Former employee charged for attacking water treatment plant (bleepingcomputer.com)
Rogue IT security worker who impersonated ransomware gang is sentenced to jail • Graham Cluley
Fraud, Scams & Financial Crime
E-commerce Fraud Surges By Over 50% Annually - Infosecurity Magazine (infosecurity-magazine.com)
Scam Page Volumes Surge 304% Annually - Infosecurity Magazine (infosecurity-magazine.com)
The FCC aims to stop SIM swappers with new rules - The Verge
Insurance
Dark Web
Supply Chain and Third Parties
Royal Navy contractor forced to pay off cyber criminals (telegraph.co.uk)
Capita attackers reportedly stole data from pension fund • The Register
MOVEit: Testing the Limits of Supply Chain Security - SecurityWeek
Cloud/SaaS
Only 45% of cloud data is currently encrypted - Help Net Security
Microsoft alleges China behind attack on Exchange Online • The Register
For stronger public cloud data security, use defence in depth | TechTarget
Silentbob Campaign: Cloud-Native Environments Under Attack (thehackernews.com)
Global Retailers Must Keep an Eye on Their SaaS Stack (thehackernews.com)
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign (thehackernews.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Why Hybrid Work Has Made Secure Access So Complicated (darkreading.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Encryption
API
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Open Source
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
The EU’s Product Liability Directive could kill open source | TechRadar
Linux Hacker Exploits Researchers With Fake PoCs Posted to GitHub (darkreading.com)
AVrecon malware infects 70,0000 Linux routers to build botnet (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? (darkreading.com)
Travel
Regulations, Fines and Legislation
How the EU AI Act Will Affect Businesses, Cyber security (darkreading.com)
A Cyber Security Wish List Ahead of NATO Summit - SecurityWeek
The EU’s Product Liability Directive could kill open source | TechRadar
Microsoft and AWS caution Ofcom against referring UK cloud market over to CMA | Computer Weekly
Models, Frameworks and Standards
How to map security gaps to the Mitre ATT&CK framework | TechTarget
Get started: Threat modeling with the Mitre ATT&CK framework | TechTarget
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Storm-0978 attacks reveal financial and espionage motives | Microsoft Security Blog
Russia-based actor exploited unpatched Office zero day | TechTarget
SolarWinds Attackers Dangle BMWs to Spy on Diplomats (darkreading.com)
Russian state hackers lure Western diplomats with BMW car ads (bleepingcomputer.com)
Killnet Tries Building Russian Hacktivist Clout With Media Stunts (darkreading.com)
Cl0p hacker operating from Russia-Ukraine war front line-Security Affairs
Killer ‘tracked Russian sub commander using Strava jogging app’ (thetimes.co.uk)
Inside the murky world accelerating Russia’s economic meltdown (telegraph.co.uk)
Cyber attacks Against Ukrainians Adjoin NATO Summit in Lithuania - MSSP Alert
Russian Hackers Find Sneaky Way to Infiltrate Embassy Networks in Kyiv (kyivpost.com)
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland (thehackernews.com)
China
Chinese hackers compromised emails of US Government agencies-Security Affairs
UK has ‘no strategy’ to tackle China threat as spies target Britain, report warns | The Independent
Cabinet tensions emerge over labelling China a threat to UK national security (inews.co.uk)
Iran
North Korea
Vulnerability Management
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities - Help Net Security
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
Creating a Patch Management Playbook: 6 Key Questions (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Vulnerabilities
MOVEit Transfer customers warned to patch new critical flaw (bleepingcomputer.com)
After Zero-Day Attacks, MOVEit Turns to Security Service Packs - SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available - SecurityWeek
Juniper Networks Patches High-Severity Vulnerabilities in Junos OS - SecurityWeek
Cisco SD-WAN vManage impacted by unauthenticated REST API access (bleepingcomputer.com)
SonicWall warns admins to patch critical auth bypass bugs immediately (bleepingcomputer.com)
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices (bleepingcomputer.com)
Russia-based actor exploited unpatched Office zero day | TechTarget
Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems (thehackernews.com)
Raising concerns over Google Authenticator’s new features | TechRadar
Novel Linux kernel vulnerability exploitable for elevated privileges | SC Media (scmagazine.com)
Hackers Exploit Windows Policy Loophole to Forge Kernel-Mode Driver Signatures (thehackernews.com)
VMware warns of exploit available for critical vRealize RCE bug (bleepingcomputer.com)
Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion - SecurityWeek
Zimbra urges customers to manually fix actively exploited zero-day-Security Affairs
Critical Vulnerability Can Allow Takeover of Mastodon Servers - SecurityWeek
New StackRot Linux kernel flaw allows privilege escalation (bleepingcomputer.com)
Exploit Code Published for Remote Root Flaw in VMware Logging Software - SecurityWeek
API Flaw in QuickBlox Framework Exposed PII of Millions of Users - SecurityWeek
Experts released PoC exploit for Ubiquiti EdgeRouter flaw-Security Affairs
Critical RCE found in popular Ghostscript open-source PDF library (bleepingcomputer.com)
Citrix fixed a critical flaw in Secure Access Client for Ubuntu-Security Affairs
OT/ICS Vulnerabilities
Tools and Controls
The Need for Risk-Based Vulnerability Management to Combat Threats (bleepingcomputer.com)
less than half of SMBs use Privileged Access Management- IT Security Guru
Exposure Management Looks to Attack Paths, Identity to Better Measure Risk (darkreading.com)
Enterprise risk management should inform cyber-risk strategies | TechTarget
Infrastructure upgrades alone won't guarantee strong security - Help Net Security
What is a Network Intrusion Protection System (NIPS)? | Definition from TechTarget
Overcoming user resistance to passwordless authentication - Help Net Security
Zero Trust Keeps Digital Attacks From Entering the Real World (darkreading.com)
3 Strategies For Simplifying And Strengthening Your Data Security (forbes.com)
The history, evolution and current state of SIEM | TechTarget
Attack Surface Management: Identify and protect the unknown - Help Net Security
How to Put Generative AI to Work in Your Security Operations Center (darkreading.com)
Close Security Gaps with Continuous Threat Exposure Management (thehackernews.com)
Platform Approach to Cyber Security: The New Paradigm (trendmicro.com)
Intrusion Detection & Prevention Systems Guide (trendmicro.com)
Decentralized storage emerging as solution to cloud-based attacks | Cybernews
Wi-Fi AP placement best practices and security policies | TechTarget
For stronger public cloud data security, use defence in depth | TechTarget
Other News
White House Urged to Quickly Nominate National Cyber Director (darkreading.com)
The rise of cyber threats in a digital dystopia | Mint #AskBetterQuestions (livemint.com)
Building the right collective defence against cyber attacks for critical infrastructure | CyberScoop
Satellites lack standard security mechanisms found in mobile phones and laptops - Help Net Security
White House publishes National Cyber Security Strategy Implementation Plan - Help Net Security
Cyber attacks through Browser Extensions – the Importance of MFA (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 July 2023
Black Arrow Cyber Threat Briefing 07 July 2023:
-Cyber Attacks Against Mobile Devices Growing Fast
-One Third of Security Breaches Go Unnoticed by Security Professionals
-Cyber Security Experts Have Become Targets for Board Seats
-Phishing Attack Prevention as Email Attacks Surge Over 450%
-Outsmarting Business Email Compromise Scammers
-Small Organisations Face Security Threats on a Limited Budget
-Cloud Security: Sometimes the Risks May Outweigh the Rewards
-Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
-75% of Consumers Prepared to Ditch Brands Hit by Ransomware
-Scammers Using AI Voice Technology to Commit Crimes
-What are the Causes of Data Loss and What it the Impact on Your Organisation?
-Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Against Mobile Devices Growing Fast
A rise in mobile-powered businesses is creating vulnerability gaps that are being exploited by cyber criminals and nation-states, according to a new report. 43% of all compromised devices were fully exploited, not just jailbroken or rooted, which is an increase of 187% year-over-year. The report found that the average user is 6 to 10 times more likely to fall for an SMS phishing attack than an email based attack.
It was also found that there was a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild. With malware increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware. For organisations, no matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical.
https://www.darkreading.com/endpoint/mobile-cyberattacks-soar-andoird-users
One Third of Security Breaches Go Unnoticed by Security Professionals
While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches are not spotted by IT and security professionals, according to a recent report.
The report highlighted that 50% of IT and security leaders lack confidence when it comes to knowing where their most sensitive data is stored and how it is secured. The issue is that 31% of breaches are being identified later down the line, rather than pre-emptively using security and observability tools either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.
https://www.helpnetsecurity.com/2023/07/03/hybrid-cloud-security-breaches/
Cyber Security Experts Have Become Targets for Board Seats
The need for strong cyber security programs is a vital part of doing business today, and a good reflection of that is adding security executives to Boards. The trend is for chief information security officers (CISOs) to be elevated to the board of directors, as risk and regulatory compliance become more visible in an organisation, many of the initiatives and controls will be security related, addressing those controls usually falls to the CISO.
The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. With only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.
CISOs are hard to come by and few have the requisite Board level experience. To fill this gap Black Arrow provide a virtual CISO (vCISO) where you get a whole team of highly skilled and experienced professionals for less than you would pay for one permanent resource, and firms can also take advantage of Black Arrow’s Cyber NED, incorporating Board, Governance, Finance, HR and Risk experience with specialist cyber expertise and experience.
https://www.cnbc.com/2023/07/03/cybersecurity-experts-have-become-targets-for-board-seats.html
Phishing Attack Prevention as Email Attacks Surge Over 450%
A Recent report found that email attacks had surged 464% this year compared to the previous year as phishing attacks remain amongst the most used tactics by attackers due to their high success rate and the ease in which they can be conducted. For preventing such attacks, the following principles will help mitigate: not clicking on unknown links, not trusting unknown sites, enabling multi-factor authentication, hardly disclosing personal information and having increased phishing awareness.
In an organisation, such awareness and principles can be highlighted and continually reinforced through having an effective awareness training programme. This in turn, will help to create a cyber aware culture and reduce the risk of someone in the organisation falling victim to phishing.
https://cybersecuritynews.com/phishing-attack-prevention-checklist/
Outsmarting Business Email Compromise (BEC) Scammers
Last year the FBI registered over 21,000 complaints about business email fraud, with adjusted losses of over $2.7 billion. Today this line of attack shows no sign of slowing down. Business email compromise (BEC) techniques are increasingly sophisticated and cyber crime-as-a-service (CaaS) along with AI have lowered the barrier to entry for threat actors.
There are six key elements which can help to mitigate the impact of BEC, these are; inbox protection, strong authentication, secure emails, zero-trust control, secure payment processes and education. Putting the brakes on this con game takes the entire organisation, from the C-suite and IT, compliance, and risk management teams to every business unit. Awareness, backed by policy and technology, is the crucial factor in a consistently strong defence.
https://www.darkreading.com/microsoft/6-steps-to-outsmarting-business-email-compromise-scammers
Small Organisations Face Security Threats on a Limited Budget
Small organisations face the same security threats as larger organisations overall but have less resources to address them. The most common security incidents faced are phishing, ransomware, and user account compromise also known as business email compromise (BEC). However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.
The lack of budget won’t stop a threat actor from attacking however, and so small organisations need to be able to effectively identify, prioritise and mitigate against security incidents. This may require small organisations outsourcing some of their cyber strategy, to allow them access to expertise.
https://www.helpnetsecurity.com/2023/07/05/small-organizations-security-threats/
Cloud Security: Sometimes the Risks May Outweigh the Rewards
Threat actors are well-aware of the vulnerabilities in the cloud infrastructure. IT teams and decision-leadersmakers must have a clear understanding of the types of cloud services and the associated risk of cyber attacks associated. Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found. The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.
Other issues can arise from the cloud as it gives organisations the opportunity to create large amounts of infrastructure quickly and easily, which leaves it exposed to the possibility of substandard security configurations being applied to it. Due to the ease of use of cloud services, companies might become negligent in terms of their security.
https://cyber-reports.com/2023/07/03/cloud-security-sometimes-the-risks-may-outweigh-the-rewards/
https://www.infosecurity-magazine.com/news/human-error-cloud-data-breaches/
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks
A number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data. The ransomware group shows an evolution of its tactics with the MOVEit zero-day, potentially ushering in a new normal when it comes to extortion supply chain cyber attacks, experts say.
From what the industry has seen in recent Cl0p breaches, GoAnywhere, MFT and MOVEit, they have not executed ransomware to encrypt data within the target environments. The operations have strictly been exfiltrating data and using that stolen information for later blackmail and extortion. The MOVEit vulnerability isn't an easy or straightforward one, it required extensive research into the MOVEit platform to discover, understand, and exploit this vulnerability. The skill set required to uncover and exploit this vulnerability isn't easily learned and is hard to come by in the industry. This operation isn't something Cl0p ransomware group usually does, which is another clue leading to suspect Cl0p acquired the MOVEit zero-day vulnerability rather than developing it from scratch. Something future groups may decide to adopt.
https://www.darkreading.com/attacks-breaches/c10p-moveit-campaign-new-era-cyberattacks
75% of Consumers Prepared to Ditch Brands Hit by Ransomware
As 40% of consumers harbour scepticism regarding organisations’ data protection capabilities, 75% would shift to alternate companies following a ransomware attack a recent report found. Furthermore, consumers request increased data protection from vendors, with 55% favouring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies.
While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.
https://www.helpnetsecurity.com/2023/07/05/consumers-data-protection-request/
Scammers Using AI Voice Technology to Commit Crimes
The usage of platforms like Cash App, Zelle, and Venmo for peer-to-peer payments has experienced a significant surge, with scams increasing by over 58%. Additionally, there has been a corresponding rise of 44% in scams stemming from the theft of personal documents according to a recent report.
The report also highlights the rise of AI voice scams as a significant trend in 2023. AI voice technology enables scammers to create remarkably realistic voices and convincingly imitate family members, friends and other trusted individuals. With just a short voice clip usually taken from social media, a scammer can clone a loved one’s voice and call a victim pretending to be that person. The scammer deceives the victim into thinking their loved one is in distress to get them to send money, provide personal information or perform other actions. AI voice technology has gotten to the point where a mother can’t tell the difference between her child’s voice and a machine, and scammers have pounced on this to commit crimes.
https://www.helpnetsecurity.com/2023/07/07/ai-voice-cloning-scams/
What are the Causes of Data Loss and What it the Impact on Your Organisation?
In today’s digital age, data has become the lifeblood of organisations, driving critical decision-making, improving operational efficiency, and allowing for smoother innovation. Simply put, businesses heavily rely on data. In an era where data has become the cornerstone of business operations, the loss of vital information can result in severe setbacks and irreparable damage. Whether it’s due to accidental deletion, hardware failure, cyber-attacks, or natural disasters, the loss of valuable data can have devastating impacts on an organisation.
It's imperative that businesses understand different types of data (structured, unstructured, semi-structured, metadata) and deploy tailored protection strategies. A significant 26% of companies suffered data loss in 2022, underlining the need for robust data security measures like regular backups, cyber security protocols, employee training, and data encryption. Effective data loss prevention can shield organisations from severe impacts like intellectual property theft, operation disruption, and legal repercussions.
https://securityaffairs.com/148086/security/impacts-of-data-loss.html
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem
Many people associate the dark web with drugs, crime, and leaked credentials, but in recent years the dark web has emerged as a complex and interdependent cyber crime ecosystem, exemplified by the increasingly complex methods used to extort companies.
One of the more recent trends we see is that groups are now setting up infrastructure, in some cases outsourcing actual infection (and in some cases negotiation) to “affiliates” who effectively act as contractors to the Ransomware as a Service (RaaS) group and split the profits at the end of a successful attacks. The world of cyber crime is ever-evolving and it is no easy task to stay on top of the changing landscape.
Governance, Risk and Compliance
Cyber Security experts have become targets for board seats (cnbc.com)
The Impacts of Data Loss on Your Organisation -Security Affairs
One third of security breaches go unnoticed by security professionals - Help Net Security
Small organisations face security threats on a limited budget - Help Net Security
How to cultivate a culture of continuous cyber Security improvement - Help Net Security
CISOs Find 'Business as Usual' Shows the Harsh Realities of Cyber-Risk (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Cyber Security's Future Hinges on Stronger Public-Private Partnerships (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
75% of consumers prepared to ditch brands hit by ransomware - Help Net Security
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
Cl0p's MOVEit Campaign Represents a New Era in Cyber Attacks (darkreading.com)
Encryption-less ransomware: Warning issued over emerging attack method for threat actors | ITPro
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising (thehackernews.com)
Seven ways to prepare for double extortion ransomware | SC Media (scmagazine.com)
The rise in cyber extortion attacks and its impact on business security - Help Net Security
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Ransomware Criminals Are Dumping Kids' Private Files Online After School Hacks - SecurityWeek
Ransomware accounts for 54% of cyber threats in the health sector- Security Affairs
Avast released a free decryptor for Windows version of Akira ransomware- Security Affairs
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
How ransomware impacts the healthcare industry - Help Net Security
June saw flurry of ransomware attacks on education sector | TechTarget
Decryption tool for Akira ransomware available for free | Tripwire
Japanese Port of Nagoya Resumes Operations After 2-Day Russian Ransomware Attack - MSSP Alert
Ransomware Victims
Shell Confirms MOVEit-Related Breach After Ransomware Group Leaks Data - SecurityWeek
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
Japan’s largest port stops operations after ransomware attack (bleepingcomputer.com)
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
More than 16 million people and counting have had data exposed in MOVEit breaches (therecord.media)
8Base ransomware group leaks data of 67 victim organisations - Help Net Security
Dublin airport staff’s pay and benefits compromised in cyber attack (thetimes.co.uk)
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
MOVEit Hacks Ensnare US Department of Health and Human Services - Bloomberg
UCLA among victims of worldwide cyber attack – NBC Los Angeles
BlackCat Hacking Gang Says It Stole Data from UK's Barts Health NHS Trust - Bloomberg
Chipmaker TSMC says supplier targeted in cyber Attack | Reuters
MOVEit hack impacts US financial services provider for academics | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Email Cyber Attacks Spiked Nearly 500% in First Half of 2023, Acronis Reports - MSSP Alert
Phishing Attack Prevention Checklist - A Detailed Guide (cybersecuritynews.com)
African Nations Face Escalating Phishing & Compromised Password Cyber Attacks (darkreading.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Quishing on the rise: How to prevent QR code phishing | TechTarget
Why cyberpsychology is such an important part of effective cyber Security | CSO Online
Artificial Intelligence
Microsoft, OpenAI sued for ChatGPT 'privacy violations' • The Register
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
Dutch counterterrorism agency says Generative AI is posing new cyber threats | NL Times
AI-generated attack vectors cyber Security should watch for (fastcompany.com)
OpenAI Pauses ChatGPT's 'Browse With Bing' as Users Bypass Paywalls (gizmodo.com)
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
GPT-4 is great at infuriating telemarketing scammers • The Register
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Malware
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
CISA: Truebot malware infecting networks in US, Canada | TechTarget
Mockingjay - A New Injection Technique to Bypass EDR (cybersecuritynews.com)
Malvertising: A stealthy precursor to infostealers and ransomware attacks (malwarebytes.com)
Mobile
Android Security Updates Patch 3 Exploited Vulnerabilities - SecurityWeek
Mobile Cyber Attacks Soar, Especially Against Android Users (darkreading.com)
Android users at risk as banking trojan targets more apps | Fox News
Cyber Attacks Against Mobile Devices Growing Fast - MSSP Alert
We can’t trust the Government to protect your privacy, says boss of Signal (telegraph.co.uk)
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Botnets
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Denial of Service/DoS/DDOS
CISA issues DDoS warning after attacks hit multiple US orgs (bleepingcomputer.com)
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Data Breaches/Leaks
FIS Global Data Breach: Cyber Attack On FIS Global Follows MOVEit Mayhem (thecyberexpress.com)
Microsoft denies data breach, theft of 30 million customer accounts (bleepingcomputer.com)
Capita’s own pension scheme suffered data breach in March hack | Financial Times (ft.com)Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
The Impacts of Data Loss on Your Organisation- Security Affairs
Nickelodeon investigates breach after leak of 'decades old’ data (bleepingcomputer.com)
OpenAI lawsuit reignites privacy debate over data scraping | CyberScoop
28,000 Impacted by Data Breach at Pepsi Bottling Ventures - SecurityWeek
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Meduza Stealer targets tens of crypto wallers and pwd managers- Security Affairs
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Google Searches for 'USPS Package Tracking' Leads to Banking Theft (darkreading.com)
Support from British businesses crucial in removing over... - NCSC.GOV.UK
GPT-4 is great at infuriating telemarketing scammers • The Register
Ex-Amazon manager who stole $9m+ gets 16 years in prison • The Register
$7.8 Billion Lost to Crypto Ponzi Schemes in 2022: Report (cryptopotato.com)
Deepfakes
Scammers using AI voice technology to commit crimes - Help Net Security
Cyber Criminals can break voice authentication with 99% success rate - Help Net Security
AML/CFT/Sanctions
Insurance
University of California sues Lloyd’s of London in cyber insurance dispute | CSO Online
Find A Cyber Insurance Policy That Fits Your Small Business Budget (forbes.com)
Cyber insurance rates drop 10% in June, report says | Reuters
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Dark Web
Ransomware Affiliates, Triple Extortion, and the Dark Web Ecosystem (bleepingcomputer.com)
Deep Web vs Dark Web: What’s the Difference? - Keeper (keepersecurity.com)
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
Microsoft Teams Exploit Tool Auto-Delivers Malware (darkreading.com)
Japan rebukes Fujitsu for cloud security fails • The Register
IT leaders believe hybrid cloud solutions are the future of IT - Help Net Security
Microsoft investigates Outlook.com bug breaking email search (bleepingcomputer.com)
11 best practices for securing data in the cloud | Microsoft Security Blog
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage (thehackernews.com)
Attack Surface Management
Encryption
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
High school changes every student’s password to ‘Ch@ngeme!’ | TechCrunch
Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets (thehackernews.com)
Social Media
Twitter's bot spam keeps getting worse — it's about porn this time (bleepingcomputer.com)
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Privacy Woes Hold Up Global Instagram Threads Launch (darkreading.com)
Malvertising
Training, Education and Awareness
Regulations, Fines and Legislation
Apple, Civil Liberty Groups Condemn UK Online Safety Bill - SecurityWeek
EU Court Deals Blow to Meta in German Data Case - SecurityWeek
Promoting responsible AI: Balancing innovation and regulation - Help Net Security
European companies slam the EU’s incoming AI regulations in open letter - The Verge
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Crack the Code: How to Secure Your Dream Cyber Security Career - IT Security Guru
3 Ways to Build a More Skilled Cyber Security Workforce (darkreading.com)
Make Diversity the 'How,' Not the 'What,' of Cyber Security Success (darkreading.com)
CISO Speaks: Resilience and Avoiding Burnout - IT Security Guru
Top 5 Free Online Cyber Security Courses in 2023 (analyticsinsight.net)
ISACA joins ECSO to strengthen cyber Security and digital skills in Europe - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russians may have hacked NHS trust with 2.5 million patients (telegraph.co.uk)
Satellite system used by Russian military is hacked - The Washington Post
Russian Hacktivist Platform 'DDoSia' Grows Exponentially (darkreading.com)
Russian railway site allegedly taken down by Ukrainian hackers (therecord.media)
China
US authorities warn on China’s new counter-espionage la' • The Register
Chinese Threat Actors Targeting Europe in SmugX Campaign - Check Point Research
Chinese threat actor attacks diplomats across Europe • The Register
Apps with 1.5M installs on Google Play send your data to China (bleepingcomputer.com)
Iran
Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools (darkreading.com)
Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users (thehackernews.com)
North Korea
Experts detected a new variant of RUSTBUCKET macOS malware- Security Affairs
North Korean satellite had no military utility for spying • The Register
Misc/Other/Unknown
Vulnerability Management
Botnets Send Exploits Within Days to Weeks After Published PoC (darkreading.com)
Mitigate Top 5 Common Cyber Security Vulnerabilities (trendmicro.com)
Vulnerabilities
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug (bleepingcomputer.com)
Microsoft puts out Outlook fire, downplays Teams flaw • The Register
WordPress plugin lets users become admins – Patch early, patch often! – Naked Security (sophos.com)
Cyber Criminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign (thehackernews.com)
Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities - SecurityWeek
Microsoft fixes bug behind Windows LSA protection warnings, again (bleepingcomputer.com)
Cisco warns of bug that lets attackers break traffic encryption (bleepingcomputer.com)
StackRot Linux Kernel Bug Has Exploit Code on the Way (darkreading.com)
Tools and Controls
Cyber Security Awareness Training to Fight Ransomware (trendmicro.com)
Attack surface visibility a top CISO priority amid growing attacks: Report | CSO Online
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Small organisations face security threats on a limited budget - Help Net Security
11 best practices for securing data in the cloud | Microsoft Security Blog
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance (thehackernews.com)
How Cyber Insurance Can Help Relieve The Costs Of A Cyber Attack (forbes.com)
Reports Published in the Last Week
Other News
Foreign spies hacked government 20 years ago (thetimes.co.uk)
GCHQ Reveals Details of State-Backed Breach - Infosecurity Magazine (infosecurity-magazine.com)
Police investigate stolen exam papers after cyber attack (schoolsweek.co.uk)
VMware, Other Tech Giants Announce Push for Confidential Computing Standards - SecurityWeek
Why Schools are Low-Hanging Fruit for Cyber Criminals - IT Security Guru
Hacks targeting British exam boards raise fears of students cheating (therecord.media)
Cyber Attacks and Data Breaches in Review: June 2023 - IT Governance Blog En
Is your browser betraying you? Emerging threats in 2023 - Help Net Security
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 June 2023
Black Arrow Cyber Threat Briefing 30 June 2023:
-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
-Employees Worry Less About Cyber Security Best Practices in the Summer
-Businesses are Ignoring Third-Party Security Risks
-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing
-Widespread BEC Attacks Threaten European Organisations
-Lloyd’s Syndicates Sued Over Cyber Insurance
-95% Fear Inadequate Cloud Security Detection and Response
-The Growing Use of Generative AI and the Security Risks They Pose
-The CISO’s Toolkit Must Include Political Capital Within The C-Suite
-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
-SMBs Plagued by Exploits, Trojans and Backdoors
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible
Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.
The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.
https://cybernews.com/zurich-insurance-data-leak/
Employees Worry Less About Cyber Security Best Practices in the Summer
IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.
In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.
https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/
https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/
Businesses are Ignoring Third-Party Security Risks
With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.
https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/
Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back
When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.
When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.
Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing
The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.
Widespread BEC Attacks Threaten European Organisations
Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.
BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?
This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/
Lloyd’s Syndicates Sued Over Cyber Insurance
The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.
UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.
95% Fear Inadequate Cloud Security Detection and Response
A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.
It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.
https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/
The Growing Use of Generative AI and the Security Risks They Pose
A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.
Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.
The CISO’s Toolkit Must Include Political Capital Within The C-Suite
Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime
Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.
This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.
https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics
Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.
This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.
The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.
https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors
Governance, Risk and Compliance
Businesses are ignoring third-party security risks - Help Net Security
Employees worry less about cyber security best practices in the summer - Help Net Security
Digital-First Economy Has Transformed Role of CISO- IT Security Guru
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
The CISO’s toolkit must include political capital within the C-suite | CSO Online
NCSC Launches Cyber Risk Management Toolbox - Infosecurity Magazine (infosecurity-magazine.com)
Threats
Ransomware, Extortion and Destructive Attacks
MOVEit hackers may have found simpler business model beyond ransomware | SC Media (scmagazine.com)
Dozens of Businesses Hit Recently by '8Base' Ransomware Gang - SecurityWeek
UK cyber spies warn ransomware criminals targeting law firms • The Register
Cl0p in Your Network? Here's How to Find Out (darkreading.com)
July is Ransomware Month: Reminder to Prepare, Defend Against Hijackers - MSSP Alert
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Linux version of Akira ransomware targets VMware ESXi servers (bleepingcomputer.com)
Ransomware Victims
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day | Ars Technica
8 Tech And IT Companies Targeted In The MOVEit Attacks | CRN
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed (bleepingcomputer.com)
Clop names PWC, Ernst & Young, and Sony in MOVEit hack | Cybernews
UCLA, Siemens Among Latest Victims of Relentless MOVEit Attacks (darkreading.com)
Siemens Energy, Schneider Electric Targeted by Ransomware Group in MOVEit Attack - SecurityWeek
10 banks alleged victims of ransomware attacks on file transfer software | American Banker
Almost 770,000 Calpers members hit by cyber attack | Financial Times (ft.com)
Ransomware and phishing attacks continue to plague businesses in Singapore | ZDNET
K-12 schools are revisiting their cyber strategies after year of ransomware attacks (axios.com)
Phishing & Email Based Attacks
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
How a Layered Security Approach Can Minimise Email Threats - MSSP Alert
Less than half of UK banks implement most secure DMARC level | CSO Online
BEC – Business Email Compromise
Widespread BEC attacks threaten European organisations - Help Net Security
The Current State of Business Email Compromise Attacks (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
Artificial Intelligence
Sharing Your Business’ Data With ChatGPT: How Risky Is It? - MSSP Alert
OpenAI lawsuit: Maker of ChatGPT sued over alleged data usage | CNN Business
Lawyers who cited fake cases invented by ChatGPT must pay • The Register
Generative AI Projects Pose Major Cyber security Risk to Enterprises (darkreading.com)
How to Deploy Generative AI Safely and Responsibly (trendmicro.com)
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies (thehackernews.com)
Does the world need an arms control treaty for AI? | CyberScoop
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping (darkreading.com)
2FA/MFA
Malware
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Hackers Use Weaponized PDF Files to Attack Organisations (cybersecuritynews.com)
New Mockingjay Process Injection Technique Could Let Malware Evade Detection (thehackernews.com)
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
NSA warns of ‘false sense of security’ against BlackLotus malware (therecord.media)
Trojanized Super Mario Bros game spreads malware- - Security Affairs
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (bleepingcomputer.com)
NPM Plagued with ‘Manifest Confusion’ Malware-Hiding Weakness (darkreading.com)
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data (thehackernews.com)
North Korean Andariel APT used a new malware named EarlyRat - Security Affairs
Mobile
Mobile Malware and Phishing Surge in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Anatsa Android trojan now steals banking info from users in US, UK (bleepingcomputer.com)
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes (thehackernews.com)
Denial of Service/DoS/DDOS
Global rise in DDoS attacks threatens digital infrastructure - Help Net Security
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Internet of Things – IoT
Someone sent mysterious smartwatches to US Military personnel - Security Affairs
The tech flaw that lets hackers control surveillance cameras - BBC News
Data Breaches/Leaks
Latitude hit with $1 million lawsuit over data breach (9news.com.au)
Recruitment portal exposes data of US pilot candidates • The Register
3 Steps to Successfully & Ethically Navigate a Data Breach (darkreading.com)
Sensitive Information Stolen in LetMeSpy Stalkerware Hack - SecurityWeek
US Patent Office Data Spill Exposes Trademark Applications (darkreading.com)
Organised Crime & Criminal Actors
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Security analyst wanted by both Russia and the US • The Register
Former Group-IB manager has been arrested in Kazahstan - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
JOKERSPY used to target a cryptocurrency exchange in Japan - Security Affairs
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam (thehackernews.com)
Unmasking Pig-Butchering Scams and Protecting Your Financial Future - Security News (trendmicro.com)
This Chatbot Gives Phone Call Scammers a Taste of Their Own Medicine (pcmag.com)
The robotic falcon maker who was targeted by cyber criminals - BBC News
Deepfakes
Insurance
University of California Sues Lloyd’s Syndicates Over Cyber Insurance - WSJ
Insurance companies using AI for underwriting and due diligence amid cyber threats | Fox Business
How Big Is the Cyber Insurance Market? Can It Keep Growing? | Lawfare (lawfaremedia.org)
Dark Web
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
Inside Threat Actors: Dark Web Forums vs. Illicit Telegram Communities (bleepingcomputer.com)
Supply Chain and Third Parties
Cloud/SaaS
95% fear inadequate cloud security detection and response - Help Net Security
Fileless attacks surge as cyber Criminals evade cloud security defences | CSO Online
5 Pitfalls in Cloud Cyber security’s Shared Responsibility Model - MSSP Alert
Uncovering attacker tactics through cloud honeypots - Help Net Security
How hardening Microsoft 365 tenants mitigates potential cloud attacks - Help Net Security
Outlook for the web outage impacts users across America (bleepingcomputer.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Identity and Access Management
Encryption
Apple says proposed UK law ‘poses a serious threat’ to end-to-end encryption - The Verge
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
How to stop quantum computers from breaking the internet’s encryption (sciencenews.org)
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
SEC Alleges SolarWinds CFO, CISO Violated US Securities Laws (bankinfosecurity.com)
US firm 'breached GDPR' by reputation-scoring EU citizens • The Register
JP Morgan accidentally deletes 47 million comms records • The Register
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
SEC notice to SolarWinds CISO and CFO roils cyber security industry | CSO Online
Skill gap plagues cyber security industry as jobs go unfilled | Mint (livemint.com)
Law Enforcement Action and Take Downs
Hacker responsible for 2020 Twitter breach sentenced to prison | TechCrunch
Citizen of Croatia charged with running the Monopoly Market drug marketplace - Security Affairs
2,700 People Tricked Into Working for Cyber Crime Syndicates Rescued in Philippines - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers (thehackernews.com)
Russian Spies, War Ministers Reliant on Cyber Crime in Pariah State (darkreading.com)
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase (bleepingcomputer.com)
Microsoft hackers say they work for Sudan, not Russia | Fortune
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group | CyberScoop
China
China's 'Volt Typhoon' APT Now Exploits Zoho ManageEngine (darkreading.com)
'Chinese spy balloon' was 'crammed' with US hardware • The Register
Iran
The potent cyber adversary threatening to further inflame Iranian politics | CyberScoop
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon (thehackernews.com)
Iran finally admits its 'quantum processor' was in fact not quantum at all | PC Gamer
North Korea
Misc/Other/Unknown
Vulnerability Management
SMBs plagued by exploits, trojans and backdoors | SC Media (scmagazine.com)
Remediation Ballet Is a Pas de Deux of Patch and Performance (darkreading.com)
Micropatches: What they are and how they work - Help Net Security
When It Comes to Secure Coding, ChatGPT Is Quintessentially Human (darkreading.com)
It's 2023 and out-of-bounds write bugs are still number one • The Register
Vulnerabilities
VMware fixed five memory corruption issues in vCenter Server - Security Affairs
US Cyber security Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog (thehackernews.com)
CISA Says Critical Zyxel NAS Vulnerability Exploited in Attacks - SecurityWeek
Serious IDOR Vulnerability Found In Microsoft Teams (latesthackingnews.com)
Fortinet fixes critical FortiNAC RCE, install updates asap - Security Affairs
Details Disclosed for Critical SAP Vulnerabilities, Including Wormable Exploit Chain - SecurityWeek
Critical flaw in VMware Aria Operations for Networks sees mass exploitation | CSO Online
Internet Systems Consortium (ISC) fixed three DoS flaw in BIND - Security Affairs
Chrome 114 Update Patches High-Severity Vulnerabilities - SecurityWeek
Grafana warns of critical auth bypass due to Azure AD integration (bleepingcomputer.com)
The tech flaw that lets hackers control surveillance cameras - BBC News
Exploit released for new Arcserve UDP auth bypass vulnerability (bleepingcomputer.com)
Tools and Controls
95% fear inadequate cloud security detection and response - Help Net Security
How a Layered Security Approach Can Minimize Email Threats - MSSP Alert
ITDR Combines and Refines Familiar Cyber security Approaches (darkreading.com)
Uncovering attacker tactics through cloud honeypots - Help Net Security
10 things every CISO needs to know about identity and access management (IAM) | VentureBeat
FIDO Alliance Publishes Guidance for Deploying Passkeys in the Enterprise (darkreading.com)
3 Tips to Increase Hybrid and Multicloud Security (darkreading.com)
Other News
Businesses count the cost of network downtime - Help Net Security
Exploring the persistent threat of cyber attacks on healthcare - Help Net Security
How Can Manufacturers Stop Being The Top Target For Cyber Crime? (informationsecuritybuzz.com)
Ex-FBI employee jailed for mishandling classified material • The Register
Rapid7: Japan Threat Landscape Takes on Global Significance - SecurityWeek
Over 1500 gas stations disrupted in Canada, after energy giant hacked (bitdefender.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 23rd June 2023
Black Arrow Cyber Threat Briefing 23 June 2023:
-How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
-Attackers Discovering Exposed Cloud Assets Within Minutes
-Majority of Users Neglect Best Password Practices
-One in Three Workers Susceptible to Phishing
-Ransomware Misconceptions Abound, to the Benefit of Attackers
-Threat Actors Scale and Commoditise Uncommon Tools and Techniques
-Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
-Security Budget Hikes are Missing the Mark, CISOs Say
-Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
-Emerging Ransomware Group 8Base Releasing Data on SMBs Globally
-Cyber Security Industry Still Fighting to Recruit and Retain Talent
-Financial Firms to Build Resilience in Face of Growing Cyber-Threats
-Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Security Industry Still Fighting to Recruit and Retain Talent
Cyber security teams are struggling to find the right talent, with the right skills, and to retain experienced employees. The situation is only likely to worsen, as inflation and a tight labour market push up wages. Universities produce graduates with a strong focus on technical knowledge, but not always the broader skills they need to operate in a business environment. This includes the lack of communications skills, understanding of how businesses operate and even emotional intelligence. One solution is to outsource to a corporate cyber security provider or outsource to infill shortages whilst trying to recruit permanent staff.
https://www.infosecurity-magazine.com/news/cybersecurity-industry-recruit/
How the MOVEit Breach Shows Hackers' Interest in Corporate File Transfer Tools
The world of managed file transfer (MFT) software has become a lucrative target for ransom-seeking hackers, with significant breaches including those of Accellion Inc's File Transfer Appliance in 2021 and Fortra's GoAnywhere MFT earlier this year. These MFT programs, corporate versions of popular file sharing programs like Dropbox or WeTransfer, are highly desirable to hackers for the sensitive data they often transfer between organisations and partners. The recent mass compromise tied to Progress Software Corp's MOVEit transfer product has prompted governments and companies worldwide to scramble in response.
Hackers are shifting their tactics, with an increasing focus on MFT programs which typically face the open internet, making them more vulnerable to breaches. Once inside these file transfer points, hackers have direct access to a wealth of data. In addition, there's a noticeable shift from ransomware groups encrypting a company's network and demanding payment to unscramble it, to a simpler tactic of pure extortion by threatening to leak the data.
Attackers Discovering Exposed Cloud Assets within Minutes
The shift to cloud services, increased remote work, and reliance on third-parties has led to widespread use of Software-as-a-Service (SaaS) applications. This has also opened avenues for attackers to exploit weak security configurations and identities. Over the past year, attackers have intercepted authorisation tokens, bypassed multifactor authentication, and exploited misconfigured systems, targeting critical applications like GitHub, Microsoft 365, Google Workspace, Slack, and Okta. A study revealed alarmingly fast rates of breach discovery and compromise of exposed cloud assets, with assets being discovered within as little as two minutes for some and others within an hour.
https://www.darkreading.com/dr-tech/growing-saas-usage-means-larger-attack-surface
Majority of Users Neglect Best Password Practices
The latest Password Management Report by Keeper Security has shed light on the concerning state of password security practices. The survey found that only 25% of respondents used solid and unique passwords. In comparison, 34% admitted to using repeat variations of passwords, and 30% still relied on simple and easily guessable passwords. The survey also found that 44% of individuals who claimed to have well-managed passwords still admitted to using repeated variations, while 20% acknowledged having had at least one password involved in a data breach or available on the dark web. The document also revealed that 35% of respondents feel overwhelmed when it comes to improving their cyber security. Furthermore, 10% admitted to neglecting password management altogether. More generally, Keeper Security said the survey’s findings highlight a significant gap between perception and reality regarding password security.
https://www.infosecurity-magazine.com/news/users-neglect-best-password/
One in Three Workers Susceptible to Phishing
More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4. The study found that 35% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions. Regular training and continual reinforcement can get this figure down but even with training very few organisations ever get click rates down to zero, and you only need one person to click to cause potentially devastating consequences.
Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents. Phishing attacks can often lead to significant reputational damage, financial loss and disruption to business operations.
https://www.infosecurity-magazine.com/news/one-in-three-phishing/
Ransomware Misconceptions Abound, to the Benefit of Attackers
There is a common ransomware misperception that there's no capability to fight this all too common hostage taking of business data. This is not true. Proactive organisations are increasingly making more strategic use of threat intelligence to prevent or disrupt attacks.
Ransomware has evolved into a massive, often state-sponsored, industry where operators buy, develop, and resell ransomware code, infiltrate networks, and collect ransoms. The perception that a speedy response is critical to prevent data encryption and loss is outdated; attackers now focus on data exfiltration, using ransomware as a distraction. They often target smaller organisations that are linked to larger ones through supply chains, using them as stepping stones. It is important to use in-depth defence measures, including email security to prevent phishing and efficient detection and response systems to identify and recover from changes.
Threat Actors Scale and Commoditise Uncommon Tools and Techniques
Proofpoint’s 2023 Human Factor report highlights significant developments in the cyber attack landscape in 2022. Following two years of pandemic-induced disruption, cyber criminals returned to their usual operations, honing their social engineering skills and commoditising once sophisticated attack techniques. There was a noticeable increase in brute-force and targeted attacks on cloud tenants, conversational smishing attacks, and multifactor authentication (MFA) bypasses. Microsoft 365 formed a large part of organisations' attack surfaces and faced broad abuse, from Office macros to OneNote documents.
Despite some advances in security controls, threat actors continue to innovate and scale their bypasses. Techniques like MFA bypass and telephone-oriented attack delivery are now commonplace. Attackers consistently exploit people, who remain the most critical variable in the attack chain.
Goodbyes are Difficult, IT Offboarding Processes Make Them Harder
A recent survey found that 68% of organisations recognise the offboarding process as a major cyber security risk, but only 36% have adequate controls in place to secure data access when employees depart. The study revealed that 60% of organisations have discovered former employees still had access to corporate applications after leaving, and 52% have had security incidents linked to former employees. Interestingly, IT professionals are not always alerted when employees leave, leading to access not being revoked and IT assets being mishandled 34% of the time.
https://www.helpnetsecurity.com/2023/06/19/it-offboarding-processes/
Security Budget Hikes are Missing the Mark, CISOs Say
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. A recent report found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defences. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom.
The report found that just 9% of CISOs said information security is always in the top three priorities on the boardroom’s meeting agenda, and less than a quarter (22%) of CISOs are actively participating in business strategy and decision-making processes. Talking to the board about cyber security in a way that is productive can be a significant challenge for CISOs, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organisation.
https://www.csoonline.com/article/3700073/security-budget-hikes-are-missing-the-mark-cisos-say.html
https://www.helpnetsecurity.com/2023/06/22/average-cybersecurity-budget-increase/
Understanding Cyber Resilience: Building a Holistic Approach to Cyber Security
In today’s interconnected world, the threat of cyber attacks is a constant concern for organisations of all sizes and across all industries. Cyber resilience entails not only making it difficult for attackers to infiltrate your systems but also ensuring that your organisation can bounce back quickly and continue operations successfully.
Cyber resilience offers a holistic approach to cyber security, emphasising the ability to withstand and recover from cyber attacks. By adopting the right mindset, leveraging advanced technology, addressing cyber hygiene, and measuring key metrics, organisations can enhance their cyber resilience. Additionally, collaboration within industries and proactive board engagement are crucial for effective risk management. As cyber threats continue to evolve, organisations must prioritise cyber resilience as an ongoing journey, continuously adapting and refining their strategies to stay ahead of malicious actors.
Emerging Ransomware Group 8Base Releasing Confidential Data from SMBs Globally
A ransomware group that operated under the radar for over a year has come to light in recent weeks, thanks to a series of business data leaks on the Dark Web. Since at least April 2022, 8base has been conducting double-extortion attacks against small and midsized businesses (SMBs). It all came to a head in May, when the group dumped data belonging to 67 organisations on the cyber underground.
Not much is known yet about the group's tactics, techniques, and procedures (TTPs), likely due to the low profile of their victims. The victims span science and technology, manufacturing, retail, construction, healthcare, and more, with victims from as far afield as India, Peru, Madagascar and Brazil, amongst others.
https://www.darkreading.com/vulnerabilities-threats/emerging-ransomware-8base-doxxes-smbs-globally
Financial Firms to Build Resilience in Face of Growing Cyber-Threats
Cyber resilience is now a key component of operational resilience for the UK’s financial markets, according to a Bank of England official. Cyber attacks have increased by 38% in 2022, and the range of firms and organisations being impacted seems to grow broader and broader.
Regulators want to see how financial firms will cope with an attack, and its impact on the wider financial services ecosystem. Similar work is being done at an international level by the G7, which has its own cyber expert group. In the UK, the main tools for improving resilience are threat intelligence sharing, better coordination between firms, regulators, the Bank and the Treasury, and penetration testing including CBEST. Financial services firms should have scenario specific playbooks, to set out how to contain intruders and stop them spreading to clients and counterparties. In the past, simulation exercises have been used to model terrorist incidents and pandemics and they are now being used to model cyber attacks.
https://www.infosecurity-magazine.com/news/financial-firms-to-build-resilience/
Fulfilling Expected SEC Requirements for Cyber Security Expertise at Board Level
The US Securities and Exchange Commission (SEC) is expected to introduce a rule requiring demonstration of cyber security expertise at the board level for public companies. A recent study found that currently up to 90% of companies in the Russell 3000 lack even a single director with the necessary cyber expertise. The simplest and speediest solution would be to promote the existing CISO, provided they have the appropriate qualities and experience, to the board but that would require transplanting a focused operational executive into a strategic business advisory role. A credible alternative is to bring in a cyber focused Non-Executive Director with the appropriate skills and experience.
Governance, Risk and Compliance
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Navigating the Complex World of Cyber security Compliance - MSSP Alert
Security budget hikes are missing the mark, CISOs say | CSO Online
How to Weather the Coming Cyber security Storm - Infosecurity Magazine (infosecurity-magazine.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
CISOs’ New Stressors Brought on by Digitalization: Report - SecurityWeek
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
From details to big picture: how to improve security effectiveness | CIO
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
Ransomware Misconceptions Abound, to the Benefit of Attackers (darkreading.com)
US Offers $10m Reward For MOVEit Attackers - Infosecurity Magazine (infosecurity-magazine.com)
Data leak at Australian law firm spooks government, business • The Register
Fresh Ransomware Gangs Emerge As Market Leaders Decline (darkreading.com)
Emerging Ransomware Group 8Base Doxxes SMBs Globally (darkreading.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Rorschach Ransomware: What You Need to Know (darkreading.com)
Ransomware is only getting faster: Six steps to a stronger defence (bleepingcomputer.com)
Ransomware gang preys on cancer centers, triggers alert | SC Media (scmagazine.com)
Ransomware attacks pose communications dilemmas for local governments | CSO Online
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems (darkreading.com)
Ransomware Victims
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Hackers threaten to release photos of Beverly Hills plastic surgery patients (bitdefender.com)
Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack - SecurityWeek
BlackCat gang threatens to leak plastic surgery photos • The Register
Reddit confirms BlackCat ransomware gang stole its data • The Register
Adur and Worthing Councils investigating after contractor data breach | The Argus
Iowa’s largest school district confirms ransomware attack, data theft (bleepingcomputer.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
USDA is investigating a 'possible data breach' related to global Russian cyber criminal hack | CNN
Avast, Norton Parent Latest Victim of MOVEit Ransomware Attacks (darkreading.com)
MOVEit Vulnerability Breaches Targeted Fed Agencies (trendmicro.com)
Phishing & Email Based Attacks
Cyber crime: what does psychology have to do with phishing? – podcast | Science | The Guardian
Hackers Will Be Quick to Bypass Gmail's Blue Check Verification System (darkreading.com)
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Insurance companies neglect basic email security - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
How generative AI is creating new classes of security threats | VentureBeat
Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces (thehackernews.com)
‘With hackers adopting AI, it’s a cat-and-mouse game’ | Mint (livemint.com)
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Google Tells Employees to Stay Away from Its Bard Chatbot (gizmodo.com)
Malware
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Hackers use fake OnlyFans pics to drop info-stealing malware (bleepingcomputer.com)
Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems (thehackernews.com)
Mysterious Mystic Stealer Spreads Like Wildfire in Mere Months (darkreading.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
To kill BlackLotus malware, patching is a good start, but... • The Register
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
NSA shares tips on blocking BlackLotus UEFI malware attacks (bleepingcomputer.com)
Chinese malware accidentally infects networked storage • The Register
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Mobile
SMS delivery reports can be used to infer recipient's location (bleepingcomputer.com)
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
Android spyware camouflaged as VPN, chat apps on Google Play (bleepingcomputer.com)
Botnets
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
New Condi malware builds DDoS botnet out of TP-Link AX21 routers (bleepingcomputer.com)
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Internet of Things – IoT
Romanian cyber crime gang Diicot builds DDoS botnet with Mirai variant | CSO Online
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Security for embedded devices is ignored by too many companies, expert says | Fierce Electronics
Our cities are becoming increasingly automated—and we’re not ready (fastcompany.com)
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (bleepingcomputer.com)
Data Breaches/Leaks
Data leak at Australian law firm spooks government, business • The Register
Australian Government Says Its Data Was Stolen in Law Firm Ransomware Attack - SecurityWeek
Mondelez says crooks stole staff data in security breach • The Register
UPS discloses data breach after exposed customer info used in SMS phishing (bleepingcomputer.com)
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Australia Inc roiled by raft of cyber attacks since late 2022 - The Economic Times (indiatimes.com)
SSD missing from SAP datacenter turns up on eBay • The Register
Smart Pet Feeders Expose Personal Data - Infosecurity Magazine (infosecurity-magazine.com)
Hackers warn University of Manchester students’ of imminent data leak (bleepingcomputer.com)
Organised Crime & Criminal Actors
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Cyber attackers Got More Creative Post-Pandemic, Proofpoint Study Finds - MSSP Alert
The Great Exodus to Telegram: A Tour of the New Cyber crime Underground (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto and Cyber Security: A Complex Relationship (analyticsinsight.net)
Blockchain security: Everything you should know for safe use | TechTarget
From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet (thehackernews.com)
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Influencers in firing line as France tackles scams - BBC News
Keep Job Scams From Hurting Your Organisation (darkreading.com)
Impersonation Attacks
AML/CFT/Sanctions
Dark Web
Supply Chain and Third Parties
Capita faces first legal Letter of Claim over mega breach • The Register
Why assessing third parties for security risk is still an unsolved problem | CSO Online
Mondelez says crooks stole staff data in security breach • The Register
Untangling the web of supply chain security with Tony Turner - Help Net Security
Software Supply Chain
Cloud/SaaS
Growing SaaS Usage Means Larger Attack Surface (darkreading.com)
Explainer: How MOVEit breach shows hackers' interest in corporate file transfer tools | Reuters
A new threat to financial stability lurks in the cloud | Financial Times (ft.com)
Cloud CISO Perspectives: Early June 2023 | Google Cloud Blog
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Attacker seizes abandoned S3 bucket to launch malicious payloads | SC Media (scmagazine.com)
Attackers discovering exposed cloud assets within minutes | TechTarget
Cloud-native security hinges on open source - Help Net Security
Hybrid Microsoft network/cloud legacy settings may impact your future security posture | CSO Online
US cyber ambassador says China can win on AI, cloud • The Register
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
Quantum hacking alert: Critical vulnerabilities found in quantum key distribution (techxplore.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Physics - Long-Range Quantum Cryptography Gets Simpler (aps.org)
API
Open Source
Hackers infect Linux SSH servers with Tsunami botnet malware (bleepingcomputer.com)
Cloud-native security hinges on open source - Help Net Security
ChamelDoH: New Linux Backdoor Utilising DNS-over-HTTPS Tunneling for Covert CnC (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
The future of passwords and authentication - Help Net Security
These are the most hacked passwords. Is yours on the list? | ZDNET
Social Media
Influencers in firing line as France tackles scams - BBC News
Reddit hackers threaten to leak data stolen in February breach (bleepingcomputer.com)
Training, Education and Awareness
Digital Transformation
Regulations, Fines and Legislation
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Bill allowing CISA to assist foreign governments passes Senate committee | SC Media (scmagazine.com)
Fulfilling Expected SEC Requirements for Cyber security Expertise at Board Level - SecurityWeek
Models, Frameworks and Standards
The significance of CIS Control mapping in the 2023 Verizon DBIR - Help Net Security
What is PCI Compliance? 12 Requirements and More Explained | Definition from TechTarget
Secure Disposal
Data Protection
ChatGPT and data protection laws: Compliance challenges for businesses - Help Net Security
Consumer Data: The Risk and Reward for Manufacturing Companies (darkreading.com)
IT Staff Increasingly Saddled with Data Protection Compliance (darkreading.com)
Careers, Working in Cyber and Information Security
8 notable entry-level cyber security career and skills initiatives in 2023 | CSO Online
UK military is struggling to recruit tech experts, says report | Financial Times (ft.com)
Certifications are no guarantee of security - Infosecurity Magazine (infosecurity-magazine.com)
Google announces $20 million investment for cyber clinics | CyberScoop
Law Enforcement Action and Take Downs
Police crack down on DDoS-for-hire service active since 2013 (bleepingcomputer.com)
Megaupload duo will go to prison at last, but Kim Dotcom fights on… – Naked Security (sophos.com)
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Killnet Threatens Imminent SWIFT, World Banking Attacks (darkreading.com)
A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine | WIRED
Russia sent its reserve team to wipe Ukrainian hard drives • The Register
Russian APT Group Caught Hacking Roundcube Email Servers - SecurityWeek
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
Russian APT28 hackers breach Ukrainian govt email servers (bleepingcomputer.com)
Strategies for staying ahead of modern cyber warfare - CyberTalk
German intelligence services point to increased hybrid security threats – EURACTIV.com
Nation State Actors
Microsoft Pins Early June DDoS Attacks on Russian-linked Cyber Crew - MSSP Alert
US DOJ Launches Cyber Unit to Prosecute Nation-State Threat Actors - SecurityWeek
US Military Personnel Receiving Unsolicited, Suspicious Smartwatches - SecurityWeek
USB Drives Spread Spyware as China's Mustang Panda APT Goes Global (darkreading.com)
CISA orders govt agencies to patch bugs exploited by Russian hackers (bleepingcomputer.com)
US Cyber Ambassador says China can win on AI, cloud • The Register
Cadet Blizzard emerges as a novel and distinct Russian threat actor | Microsoft Security Blog
The Israeli weapons and spyware falling into the hands of despots | Financial Times (ft.com)
The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips | Ars Technica
Zeeland port website hit by DDOS attack, possibly by Russian hackers | NL Times
A Russian national charged for committing LockBit Ransomware attacks - Security Affairs
Hacktivist group Anonymous Sudan a ‘bear in wolf’s clothing’ | SC Media (scmagazine.com)
APT37 hackers deploy new FadeStealer eavesdropping malware (bleepingcomputer.com)
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks (thehackernews.com)
20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (darkreading.com)
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor (thehackernews.com)
North Korean APT targets defectors, activists with infostealer malware | SC Media (scmagazine.com)
China-sponsored APT group targets government ministries in the Americas | CSO Online
Chinese malware accidentally infects networked storage • The Register
Trellix Detects Leading Threat Actor Countries Behind Nation-State Activity - MSSP Alert
Vulnerability Management
Guess what happened to this US agency that didn't patch? • The Register
EU Council mulls pan-European platform to handle cyber vulnerabilities – EURACTIV.com
Vulnerabilities
VMware warns of critical vRealize flaw exploited in attacks (bleepingcomputer.com)
Microsoft Teams Vulnerability: The GIFShell Attack (latesthackingnews.com)
Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild (darkreading.com)
Zyxel addressed critical flaw CVE-2023-27992 in NAS Devices - Security Affairs
Microsoft Teams bug allows malware delivery from external accounts (bleepingcomputer.com)
Chrome and Its Vulnerabilities - Is the Web Browser Safe to Use? - SecurityWeek
Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites - SecurityWeek
SMB Edge Devices Walloped With Asus, Zyxel Patch Warnings (darkreading.com)
VMware fixes vCenter Server bugs allowing code execution, auth bypass (bleepingcomputer.com)
Azure AD 'Log in With Microsoft' Authentication Bypass Affects Thousands (darkreading.com)
Western Digital Blocks Unpatched Devices From Cloud Services - SecurityWeek
Risk & Repeat: Mandiant sheds light on Barracuda ESG attacks | TechTarget
ASUS warns router customers: Patch now, or block all inbound requests – Naked Security (sophos.com)
Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected - CPO Magazine
Apple fixes zero-days used to deploy Triangulation spyware via iMessage (bleepingcomputer.com)
A (cautionary) tale of two patched bugs, both under exploit • The Register
Millions of GitHub repos likely vulnerable to RepoJacking, researchers say (bleepingcomputer.com)
Windows 11 KB5027231 also breaks Chrome for Cisco, WatchGuard EDR users (bleepingcomputer.com)
Gaps in Azure Service Fabric’s Security Call for User Vigilance (trendmicro.com)
Tools and Controls
Getting Over the DNS Security Awareness Gap (darkreading.com)
Zscaler CEO: Firewalls Are Going The Way Of The Mainframe | CRN
The future of passwords and authentication - Help Net Security
Increased spending doesn't translate to improved cyber security posture - Help Net Security
Placing People & Realism at the Center of Your Cyber security Strategy (darkreading.com)
Security investments that help companies navigate the macroeconomic climate - Help Net Security
Reports Published in the Last Week
Other News
Boris Johnson’s notebooks cause national security alarm (thetimes.co.uk)
Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation - SecurityWeek
Cyber attacks on OT, ICS Lay Groundwork for Kinetic Warfare (darkreading.com)
Why CISOs should be concerned about space-based attacks | CSO Online
Legal firms urged to strengthen cyber defences with latest... - NCSC.GOV.UK
GCHQ’s top hacker James Babbage quits to join NCA in blow to UK cyber force (telegraph.co.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 02 June 2023
Black Arrow Cyber Threat Briefing 02 June 2023:
-How to Keep Cyber Attacks from Tanking Your Balance Sheet
-Company Size Doesn’t Matter When It Comes to Cyber Attacks
-‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
-How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
-Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
-Don't be Polite When you Get a Text from a Wrong Number
-Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
-Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
-Organisations Spend 100 Hours Battling Post-Delivery Email Threats
-Ransomware Gangs Adopting Business-like Practices to Boost Profits
-The Sobering Truth About Ransomware—For The 80% Who Paid Up
-The Great CISO Resignation: Why Security Leaders are Quitting in Droves
-When is it Time for a Cyber Hygiene Audit?
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
How to Keep Cyber Attacks from Tanking Your Balance Sheet
According to a recent Forrester report, last year saw 1 billion records exposed in the top 35 breaches, $2.6 billion stolen in the top nine cryptocurrency breaches, and $2.7 billion in fines levied to the top 35 violators.
The average cost of a data breach reached $4.35 million in 2022, according to IBM’s Cost of a Data Breach Report for that year, which represents a 2.6% increase over the prior year, and a 12.7% increase from 2020. For ransomware, a report found the average payment in 2021 was approximately $1.85 million, more than double the $760,000 figure from 2020. These are just direct costs; indirect costs are far greater and can include lost business, lost customers, reputational loss and regulatory fines.
When it comes to managing cyber risk, corporate boards should look to understand cyber security as a strategic business enabler, understand the impacts, align risk-management with business needs, ensure the organisation supports cyber security, incorporate cyber security expertise into governance and encourage systemic resilience.
https://hbr.org/2023/06/how-to-keep-cyberattacks-from-tanking-your-balance-sheet
Company Size Doesn’t Matter When It Comes to Cyber Attacks
65% of large organisations suffered a cyber attack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to a recent report. The most common security incidents were the same for all companies; these were phishing, ransomware and user account compromise, also known as business email compromise (BEC).
Smaller companies often underestimate their risk, with the reasoning that cyber criminals want the biggest targets as they will likely have more intellectual property, however all businesses have valuable data and are therefore a target. Additionally, smaller organisations can sometimes be seen as a way into larger organisations that use their services.
https://www.helpnetsecurity.com/2023/05/29/larger-organizations-cyberattacks/
‘Exceptional’ Cyber Attacks Now Normal, says BT Security Chief
The threat of cyber attacks is growing at an “unprecedented” pace, according to the chief security officer at multinational teleco BT, Howard Watson, but it is not just large organisations such as BT who will be impacted by this increase.
Watson highlighted that the increase in sophisticated technology poses the biggest threat in the long run: “Technological advancement, as ever, is a double-edged sword in security. Quantum and AI have great potential for benefits in the right hands, or to cause massive damage in the wrong hands. But we know that cyber criminals will utilise these technologies, so we have to be able to respond in kind.” Adding to this, the chief security officer highlighted that events that were previously considered as ‘exceptional’ need to be assessed and planned for as a probability, rather than a possibility.
How State-Sponsored/Advanced Persistent Threat Groups (APTs) Target SMBs
Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers who collected data from over 200,000 SMB customers. Proofpoint identified a rise in phishing campaigns originating from such state-sponsored APT groups, who are highly skilled and typically state-sponsored groups with distinct strategic goals. These goals range from espionage and intellectual property theft to destructive attacks, state-sponsored financial theft, and disinformation campaigns.
Unfortunately, SMBs often lack adequate cyber security measures, making them vulnerable to all kinds of cyber threats. APT actors exploit this weakness by targeting SMBs as a stepping stone towards achieving their larger goals.
Alongside phishing campaigns, it was identified that APTs are increasingly targeting regional outsourced IT providers/Managed Service Providers (MSPs) to mount supply chain attacks. By compromising regional MSPs within geographies that align with the strategic collection requirements of APT actors, threat actors can gain access to multiple SMBs to extract sensitive information or execute further attacks.
https://www.helpnetsecurity.com/2023/05/31/apt-targeting-smbs/
Phishing Campaigns Thrive as Evasive Tactics Outsmart Conventional Detection
According to research, 2022 saw a 25% increase in the use of phishing kits. These phishing kits are a set of tools that enable cyber criminals to effortlessly create and maintain large scale sophisticated phishing campaigns. It is this sophistication that allows cyber criminals to circumnavigate conventional detections; in fact, the research found a 40% increase in the use of anti-bot technologies designed to prevent automated scanners from identifying content as phishing.
In some cases (11% of observed phishing kits) malicious links would not be detected when tested by anti-phishing controls because those controls do not use the exact device parameters, geolocation and referrer of the intended target victim’s profile; therefore the malicious link is allowed to be delivered to the intended target.
https://www.helpnetsecurity.com/2023/06/01/advanced-detection-evasion-techniques/
Don't be Polite When you Get a Text from a Wrong Number
You should immediately be suspicious of any text you get from a number not in your contacts, even if it may be innocent looking. Your first reaction may be to be polite and let them know they have the wrong number, but this person is a stranger. Strangely, despite teaching our children not to talk to strangers, many are comfortable with divulging information to them. Although letting them know they made a mistake seems harmless, responding opens you up to being scammed and you’ve just let them know you’re a real person. Every bit of helpful information you provide has the potential to be leveraged by an attacker.
Capita Cyber Attack: 90 Downstream Organisations Reported Data Breaches
90 organisations have reported breaches of personal information held by Capita after the outsourcing group had suffered a cyber attack, according to Britain’s data watchdog. The attack on Capita, which occurred in March, is still impacting businesses, with the UK Information Commissioners Office (ICO) making enquiries. Organisations must notify the ICO within 72 hours of becoming aware of a personal data breach.
The impact of the attack, and its knock-on effect, highlights the need for organisations to consider their third party security, no matter the size of the third party they use.
https://www.theguardian.com/business/2023/may/30/capita-cyber-attack-data-breaches-ico
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
A recent survey from McAfee found that nearly a third (30%) of adults have fallen victim or know someone who has fallen victim to an online scam when bargain hunting for travel deals during the summer season, with a full two-thirds of victims losing up to $1,000.
This has extended to the corporate environment, with threat actors impersonating the HR department and exploiting the trust users place in their employers, a report has found. The attack leverages regular HR procedures associated with holiday requests and taps into the anticipation and excitement surrounding the summer travel season, to capitalise on exploiting the user.
https://www.darkreading.com/endpoint/travel-themed-phishing-bec-campaigns-smarter-summer-season
Organisations Spend 100 Hours Battling Post-Delivery Email Threats
Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organisation, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. The research shows that cyber criminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.
While spear-phishing attacks are low-volume, they are widespread and highly successful compared to other types of email attacks. On average, organisations take nearly 100 hours to identify, respond to, and remediate a post-deliver email threat: 43 hours to detect the attack and 56 hours to respond and remediate after the attack is detected.
Users at companies with more than a 50% remote workforce report higher levels of suspicious emails: 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce. Companies with more than a 50% remote workforce also reported that it takes longer to both detect and respond to email security incidents: 55 hours to detect and 63 hours to respond and mitigate, compared to an average of 36 hours and 51 hours respectively for organisations with fewer remote workers.
https://www.helpnetsecurity.com/2023/05/30/2023-spear-phishing-trends/
Ransomware Gangs Adopting Business-like Practices to Boost Profits
Ransomware gangs are using a variety of business-like practices to boost profits, making it more difficult for defenders to differentiate various groups, a new report by WithSecure has surmised. This move towards mirroring legitimate businesses practices means that tactics, techniques and procedures (TTPs) are blurring.
The underground marketplace now includes entities including ransomware-as-a-service (RaaS) groups, Initial Access Brokers (IAB), crypter-as-a-service (CaaS), cryptojackers, malware-as-a-service (MaaS) groups and nation-state actors. This allows nation-states to use tools available on the underground market to gain access to networks and systems without being detected. Ultimately, this trend towards professionalisation makes the expertise and resources to attack organisations accessible to lesser-skilled or poorly resourced threat actors.
https://www.infosecurity-magazine.com/news/ransomware-gangs-business-practices/
The Sobering Truth about Ransomware—for the 80% Who Paid Up
Newly published research of 1,200 organisations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom. According to research, 80% of the organisations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This is despite 41% of those organisations having a “do not pay” policy in place, which only goes to reinforce the cold hard fact that cyber crime isn’t an easy landscape to navigate. This is something that’s especially true when your business is facing the real-world impact of dealing with a ransomware attack.
Of the 960 organisations that paid a ransom, 201 of them (21%) were still unable to recover their lost data. The same number also reported that ransomware attacks were now excluded from their insurance policies. Of those organisations with cyber insurance cover, 74% reported a rise in premiums. Another report, published by Sophos, revealed that 32% of those surveyed opted to pay the ransom but a shocking 92% failed to recover all their data and 29% were unable to recover more than half of the encrypted data.
Some groups have switched to stealing sensitive customer or corporate data instead, with the ransom demanded in return for them not selling it to the highest bidder or publishing it online. Many groups combine the two for a double extortion ransomware attack.
The Great CISO Resignation: Why Security Leaders are Quitting in Droves
With the rise in AI tools such as ChatGPT broadening an attacker’s arsenal, this places greater and greater pressure on security leaders who are already dealing with shrinking budgets, skeleton crew staff and a conglomeration of security tools and protocols — so much so that they are increasingly quitting. A recent report found that nearly a third (32%) of CISOs in the US and UK were considering leaving their current organisation and 9 out of 10 reported themselves as “moderately” or “tremendously” stressed.
This so-called Great CISO Resignation is concerning, because what happens when there’s nobody guarding the gate and rallying the troops?
When is it Time for a Cyber Hygiene Audit?
Effective cyber hygiene practices limit threats against your systems, devices and users, preventing breaches that could compromise sensitive business information, database information, and personal data. But cyber hygiene isn’t a static or one-off process. It requires routine execution and, occasionally, a full audit. This audit typically covers a range of aspects including encryption, documentation, authentication, patches, security and ongoing cyber hygiene.
Good cyber hygiene is a necessary part of maintaining IT security. Setting up processes and procedures within your organisation’s regular operating procedures is an effective way to maintain cyber hygiene. Although the responsibilities may differ by position, everyone in the organisation plays a role.
An audit provides important information on where and where you need to improve. It also provides a baseline for measuring improvement and effectiveness. The key to success is to integrate hygiene into routine process starting top down from policies into every part of the business and making use of third party experts to help aid in the process.
https://www.trendmicro.com/en_us/devops/23/e/cyber-hygiene-audit-best-practices.html
Governance, Risk and Compliance
Company size doesn't matter when it comes to cyber attacks - Help Net Security
How to Keep Cyber attacks from Tanking Your Balance Sheet (hbr.org)
The great CISO resignation: Why security leaders are quitting in droves - SDxCentral
‘Exceptional’ cyber attacks now normal, says BT security chief (thetimes.co.uk)
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Experts Not Willing To Wager A Candy Bar On Their Security (forbes.com)
Breaking Enterprise Silos and Improving Protection – Security Week
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Attackers leave organisations with no recovery option - Help Net Security
The Sobering Truth About Ransomware—For The 80% Who Paid Up (forbes.com)
Rogue IT security worker failed to cover his tracks | Tripwire
Organisations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation – Security Week
The Week in Ransomware - May 26th 2023 - Cities Under Attack (bleepingcomputer.com)
Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment
AceCryptor: Cyber criminals' Powerful Weapon, Detected in 240K+ Attacks (thehackernews.com)
BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration (securityintelligence.com)
Investigating BlackSuit Ransomware’s Similarities to Royal (trendmicro.com)
Fighting ransomware: Perspectives from cyber security professionals - Help Net Security
Ransomware Victims
New York county still dealing with ransomware 8 months later • The Register
ABB confirms data stolen in Black Basta ransomware attack | SC Media (scmagazine.com)
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Industrial Giant ABB Confirms Ransomware Attack, Data Theft – Security Week
MCNA Dental data breach impacts 8.9 million people after ransomware attack (bleepingcomputer.com)
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people (bleepingcomputer.com)
Cyble — Bl00dy Ransomware Targets Indian University: Actively Exploiting PaperCut Vulnerability
Phishing & Email Based Attacks
Phishing campaigns thrive as evasive tactics outsmart conventional detection - Help Net Security
Organisations spend 100 hours battling post-delivery email threats - Help Net Security
Phishing remained the top identity abuser in 2022: IDSA report | CSO Online
New phishing technique poses as a browser-based file archiver | CSO Online
Sustained 'Red Deer' Phishing Attacks Impersonate Israel Post, Drop RATs (darkreading.com)
North Korean phishing gang stole rocket tech info • The Register
Artificial Intelligence
AI: War crimes evidence erased by social media platforms - BBC News
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
ChatGPT Plugins Open Security Holes From PDFs, Websites and More | Tom's Hardware (tomshardware.com)
What not to share with ChatGPT if you use it for work | Mashable
Is ChatGPT a cyber security disaster? We asked the experts | Digital Trends
Generative AI: The new attack vector for trust and safety - Help Net Security
2FA/MFA
Malware
QBot malware abuses Windows WordPad EXE to infect devices (bleepingcomputer.com)
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
RomCom malware spread via Google Ads for ChatGPT, GIMP, more (bleepingcomputer.com)
Stealthy SeroXen RAT malware increasingly used to target gamers (bleepingcomputer.com)
Terminator antivirus killer is a vulnerable Windows driver in disguise (bleepingcomputer.com)
Top macOS Malware Threats: Here Are 6 to Watch (darkreading.com)
PyPI malware ramps up the threat to the code repository • The Register
Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks (thehackernews.com)
Cyber criminals use legitimate websites to obfuscate malicious payloads - Help Net Security
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Mobile
Don't be polite when you get a text from a wrong number | kens5.com
Predator Android Spyware: Researchers Uncover New Data Theft Capabilities (thehackernews.com)
Android threat: 'Guerrilla' virus sneakily snuck onto 8.9m phones (citizen.co.za)
Operation Triangulation: previously undetected malware targets iOS devices - Security Affairs
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
Android apps with spyware installed 421 million times from Google Play (bleepingcomputer.com)
Botnets
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
What Are Botnet Attacks & Explained Prevention Techniques | EC-Council (eccouncil.org)
Denial of Service/DoS/DDOS
SAS Airlines hit by $3 million ransom demand following DDoS attacks (bitdefender.com)
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Internet of Things – IoT
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks (thehackernews.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers (thehackernews.com)
Solar panels vulnerable to hackers, concern for network security - DutchNews.nl
Data Breaches/Leaks
Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints (darkreading.com)
Dutch watchdog looking into alleged Tesla data breach | Reuters
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
The root causes of API incidents and data breaches - Help Net Security
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Yet Another Toyota Cloud Data Breach Jeopardises Thousands of Customers (darkreading.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Risk & Repeat: A troubling trend of poor breach disclosures | TechTarget
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Workforce platform Prosperix leaks drivers licenses and medical records - Security Affairs
Organised Crime & Criminal Actors
US intelligence research agency examines cyber psychology to outwit criminal hackers | CyberScoop
What is the Cyber Crime Atlas? How it can help disrupt cyber crime | CSO Online
New hacking forum leaks data of 478,000 RaidForums members (bleepingcomputer.com)
Hacking forum hacked, user database leaked online • Graham Cluley
Tricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets (thehackernews.com)
Hacked DJ's Twitter account costs cryptocurrency investors $170,000 (bitdefender.com)
Cyber criminals Targeting Apache NiFi Instances for Cryptocurrency Mining (thehackernews.com)
Insider Risk and Insider Threats
Rogue IT security worker failed to cover his tracks | Tripwire
Pentagon Leaks Emphasise the Need for a Trusted Workforce (darkreading.com)
Insider risk management: Where your program resides shapes its focus | CSO Online
Fraud, Scams & Financial Crime
Don't be polite when you get a text from a wrong number | kens5.comTricks of the trade: How a cyber crime ring operated a multi‑level fraud scheme | WeLiveSecurity
HMRC in New Tax Credits Scam Warning - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cyber Insurance: A Growth Market for Insurers With Some Caveats (carriermanagement.com)
Dark Web
Supply Chain and Third Parties
Software Supply Chain
Cloud/SaaS
One of Microsoft Azure's top tools has a serious security flaw | TechRadar
Top public cloud security concerns for the media and entertainment industry - Help Net Security
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Why organisations should adopt a cloud cyber security framework - Help Net Security
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Hybrid/Remote Working
Shadow IT
Identity and Access Management
Encryption
API
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Raspberry Pi Malware Infects Using Default Username and Password | Tom's Hardware (tomshardware.com)
Swiss real estate agency Neho fails to put a password on its systems - Security Affairs
Can Cloud Services Encourage Better Login Security? Netflix's Accidental Model (darkreading.com)
Social Media
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
Twitter pulls out of voluntary EU disinformation code - BBC News
AI: War crimes evidence erased by social media platforms - BBC News
Malvertising
Training, Education and Awareness
Travel
Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives (darkreading.com)
US court finds that border phone searches need a warrant • The Register
Parental Controls and Child Safety
3 signs your kids may be hackers and what to do about it | Euronews
“I was a teenage hacker”: Two child hackers share their stories | Euronews
Regulations, Fines and Legislation
OneMain pays $4.5M after ignored security flaws caused data breaches | SC Media (scmagazine.com)
Netflix warns it may remove content from UK catalogue over government media bill | The Independent
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Ways to Help Cyber security's Essential Workers Avoid Burnout (darkreading.com)
Managing mental health in cyber security - Help Net Security
ISACA pledges to help grow cyber security workforce in Europe | CSO Online
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine war blurs lines between cyber crims and state hacks • The Register
Pegasus Spyware Is Detected in a War Zone for the First Time | WIRED
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
How giant pieces of spyware are shaping our views and our world | Evening Standard
Predator may have more spyware capabilities than we know • The Register
Cyberweapon manufacturers plot to stay on the right side of US | Financial Times (ft.com)
Suspected Russia-trained spy whale reappears off Sweden’s coast | Sweden | The Guardian
AI: War crimes evidence erased by social media platforms - BBC News
Nation State Actors
China hacking Guam: Can the US stop foreign cyber attacks? | The Week
Russian government accuses Apple of colluding with NSA in iPhone spy operation | CyberScoop
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army (bleepingcomputer.com)
Home routers helped Chinese hackers breach US Navy networks (mybroadband.co.za)
Investigation Launched After London City Airport Website Hacked (simpleflying.com)
Taiwan rushes to prevent China from cutting off internet and phones | The Japan Times
North Korea says spy satellite launch crashed into sea - BBC News
Dark Pink hackers continue to target govt and military organisations (bleepingcomputer.com)
The next Chinese tech threat is already here | The Spectator
North Korean phishing gang stole rocket tech info • The Register
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks (thehackernews.com)
North Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT (thehackernews.com)
Vulnerability Management
Zero-Day Vulnerabilities: 17 Consequences And Complications (forbes.com)
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Focus Security Efforts on Choke Points, Not Visibility (darkreading.com)
Vulnerabilities
New MOVEit Transfer zero-day mass-exploited in data theft attacks (bleepingcomputer.com)
Zero-day vulnerability in MoveIt Transfer under attack | TechTarget
Alert: Hackers Exploit Barracuda Email Security Gateway 0-Day Flaw for 7 Months (thehackernews.com)
WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection (bleepingcomputer.com)
WordPress force installs critical Jetpack patch on 5 million sites (bleepingcomputer.com)
Microsoft finds macOS bug that lets hackers bypass SIP root restrictions (bleepingcomputer.com)
Zyxel patches vulnerability in NAS devices (CVE-2023-27988) - Help Net Security
Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices (thehackernews.com)
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
Barracuda Email Security Gateway under active attack • The Register
MacOS 'Migraine' Bug: Big Headache for Device System Integrity (darkreading.com)
FTC accuses Amazon of nightmare IoT security fails • The Register
Critical Vulnerabilities Found in Faronics Education Software – Security Week
Tools and Controls
HowTo: Improve Your Cyber Resilience - Infosecurity Magazine (infosecurity-magazine.com)
The strategic importance of digital trust for modern businesses - Help Net Security
Vendors: Threat actor taxonomies are confusing but essential | TechTarget
Artificial Intelligence's Risks and Rewards in Cyber security (analyticsinsight.net)
Digital nomads drive changes in identity verification - Help Net Security
Tracking down a trojan: An inside look at threat hunting in a corporate network (malwarebytes.com)
The Top 10 endpoint security challenges and how to overcome them | VentureBeat
Why You Need Cyber Insurance and How to Obtain It - Arctic Wolf
Cloud Security: Don’t Confuse Vendor and Tool Consolidation - The New Stack
Disaster recovery challenges enterprise CISOs face - Help Net Security
Implementing Risk-Based Vulnerability Discovery and Remediation (thehackernews.com)
Research Reveals UK Firms Plan to Embrace New Era of Digital Identity- IT Security Guru
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 May 2023
Black Arrow Cyber Threat Briefing 26 May 2023:
-50% of UK CEOs See Cyber as a Bigger Business Risk than the Economy
-Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
-SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
-IT Employee Piggybacked on Cyber Attack for Personal Gain
-Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
-Microsoft Reports Jump in Business Email Compromise (BEC) Activity
-Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
-Advanced Phishing Attacks Surge 356% in 2022
-Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
-Almost All Ransomware Attacks Target Backups, Says Veeam
-NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
-Half of all Companies were Impacted by Spearphishing in 2022
-Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
50% of UK CEOs see Cyber as a Bigger Business Risk than the Economy
Half of UK CEOs consider cyber security as a bigger risk to their organisation than economic uncertainty, a new study by Palo Alto Networks has found. The findings came from a survey of 2500 CEOs from the UK, Germany, France, Brazil and the UAE at large organisations (500+ employees).
Despite the recognition of the business threats posed by cyber attacks, UK CEOs have a lower level of understanding of cyber security risks than their international counterparts, with just 16% saying they have a complete understanding. This compares to 21% in Brazil, 21% in the UAE, 22% in France and 39% in Germany. Additionally, many UK CEOs feel detached from responsibility for cyber security at their organisations, instead leaving it to the responsibility of IT, although IT is only part of the solution.
https://www.infosecurity-magazine.com/news/uk-ceo-cyber-risk-economy/
Report Finds 78% of Organisations Felt Prepared for Ransomware Attacks, Yet Half Still Fell Victim
Fortinet has unveiled its 2023 Global Ransomware Report based on a recent global survey and explores cyber security leaders’ perspectives on ransomware, particularly how it impacted their organisations in the last year and their strategies to mitigate an attack. The report found that the global threat of ransomware remains at peak levels, with half of organisations across all sizes, regions and industries falling victim in the last year.
The top challenges to stopping a ransomware attack were people and process related, with many organisations lacking clarity on how to secure against the threat. Specifically, four out of the five top challenges to stopping ransomware were people or process related. The second largest challenge was a lack of clarity on how to secure against the threat as a result of a lack of user awareness and training and no clear chain-of-command strategy to deal with attacks.
Despite the global macroeconomic environment, security budgets will have to increase in the next year with a focus on AI/ML technologies to speed detection, centralised monitoring tools to speed response and better preparation of people and processes.
https://www.itweb.co.za/content/mYZRX79g8gRqOgA8
SMBs and Regional MSPs are Increasingly Targeted by State-Sponsored APT Groups
Advanced persistent threat (APT) attacks were once mainly a concern for large corporations in industries that presented cyber espionage interest. That's no longer the case and over the past year in particular, the number of such state-sponsored attacks against small- and medium-sized businesses (SMBs) has increased significantly.
Cyber security firm Proofpoint analysed its telemetry data more than 200,000 SMB customers over the past year and saw a rise in phishing campaigns originating from APT groups, particularly those serving Russian, Iranian, and North Korean interests.
SMBs are also targeted by APT groups indirectly, through the managed services providers (MSPs) that maintain their infrastructure. Proofpoint has seen an increase in attacks against regional MSPs because their cyber security defences could be weaker than larger MSPs yet they still serve hundreds of SMBs in local geographies.
IT Employee Piggybacked on Cyber Attack for Personal Gain
A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorised access to a computer with intent to commit other offences.
The convicted employee was the one who began to investigate the incident and, along with colleagues and the police, tried to mitigate it and its fallout. But he also realized that he could take advantage of the breach to line his own pockets.
“He accessed a board member’s private emails over 300 times as well as altering the original blackmail email and changing the payment address provided by the original attacker. This was in the hope that if payment was made, it would be made to him rather than the original attacker,” the South East Regional Organised Crime Unit (SEROCU) revealed. He went as far as creating an almost identical email address to that of the original attacker, using it to pressure his employer into making the payment.
While some insider threats may stem from negligence or ignorance, this case highlights a more sinister scenario involving a malicious, opportunistic individual. Malicious insiders exploit their authorized access and privileges to engage in harmful, unethical, or illegal activities.
https://www.helpnetsecurity.com/2023/05/24/it-employee-blackmailing-company/
Ransomware Threats Are Growing, and Targeting Microsoft Devices More and More
Ransomware attacks have never been this popular, a new report from cyber security researchers Securin, Ivanti, and Cyware has stated. New ransomware groups are emerging constantly, and new vulnerabilities being exploited are being discovered almost daily, but out of all the different hardware and software, Microsoft’s products are being targeted the most.
Attackers are now targeting more than 7,000 products built by 121 vendors, all used by businesses in their day-to-day operations. Most products belong to Microsoft, which has 135 vulnerabilities associated with ransomware. In just March 2023, there had been more breaches reported, than in all three previous years combined. Even though most cyber security incidents never get reported, too. In the first quarter of the year, the researchers discovered 12 new vulnerabilities used in ransomware attacks, three-quarters of which (73%) were trending in the dark web.
Microsoft Reports Jump in Business Email Compromise (BEC) Activity
Thirty-five million business email compromise (BEC) attempts were detected in the last year, according to the latest Microsoft Cyber Signals report. Activity around BEC spiked between April 2022 and April 2023, with over 150,000 daily attempts, on average, detected by Microsoft’s Digital Crimes Unit.
Rather than targeting unpatched devices for vulnerabilities, BEC operators focus on leveraging the vast volume of daily email and other message traffic to trick victims into sharing financial information or unknowingly transferring funds to money mule accounts. Their goal is to exploit the constant flow of communication to carry out fraudulent money transfers.
Using secure email applications, securing identities to block lateral movement, adopting a secure payment platform and training employees are a few effective methods, according to the report.
Forrester Predicts 2023’s Top Cyber security Threats: From Generative AI to Geopolitical Tensions
The nature of cyber attacks is changing fast. Generative AI, cloud complexity and geopolitical tensions are among the latest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of security decision-makers say their organisations’ sensitive data was “potentially compromised or breached in the past 12 months” alone. Forrester’s Top Cyber security Threats in 2023 report provides a stark warning about the top cyber security threats this year, along with prescriptive advice to CISOs and their teams on countering them. By weaponising generative AI and using ChatGPT, attackers are fine-tuning their ransomware and social engineering techniques.
Perimeter-based legacy systems not designed with an AI-based upgrade path are the most vulnerable. With a new wave of cyber attacks coming that seek to capitalise on any given business’ weakest links, including complex cloud configurations, the gap between reported and actual breaches will grow.
Forrester cites Russia’s invasion of Ukraine and its relentless cyber attacks on Ukrainian infrastructure as examples of geopolitical cyber attacks with immediate global implications. Forrester advises that nation-state actors continue to use cyber attacks on private companies for geopolitical purposes like espionage, negotiation leverage, resource control and intellectual property theft to gain technological superiority.
Advanced Phishing Attacks Surge 356% in 2022
A new report published this week observed a 356% growth in the number of advanced phishing attacks attempted by threat actors in 2022, with the total number of attacks having increased by 87%. Among the reasons behind this growth is the fact that malicious actors continue to gain widespread access to new tools, including artificial intelligence (AI) and machine learning (ML)-powered tools. These have automated the process of generating sophisticated attacks, including those characterized by social engineering as well as evasion techniques.
The global threat landscape continues to evolve with a meteoric rise in the number of attacks, combined with increasingly sophisticated attack techniques designed to breach and damage organisations.
Additionally, the report highlighted that the changing threat landscape has resulted from the swift adoption of new cloud collaboration apps, cloud storage and productivity services for external collaboration.
https://www.infosecurity-magazine.com/news/advanced-phishing-attacks-surge/
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security
Organisations can mistakenly believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter can be very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming. Blindly purchasing more security tools can add to complexity in enterprise environments and creates a false sense of security that contributes to today’s cyber security challenges.
To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cyber security risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.
Almost All Ransomware Attacks Target Backups
Data stored in backups is the most common target for ransomware attackers. Almost all intrusions (93%) target backups and in 75% of cases succeed in taking out victims’ ability to recover. In addition, 85% of global organisations suffered at least one cyber attack in the past year according to the Veeam 2023 Ransomware trends report. Only 16% of organisations avoided paying ransom because they were able to recover from backups, down from 19% in last year’s survey.
According to the survey, criminals attempt to attack backup repositories in almost all (93%) cyber events in EMEA, with 75% losing at least some of their backups and more than one-third (39%) of backup repositories being completely lost.
Other key findings included that 21% said ransomware is now specifically excluded from insurance policies; and of those with cyber insurance, 74% saw increased premiums since their last policy renewal.
With most ransomware actors moving to double and triple extortion the days of a backup being all you need to keep you safe are far behind and firms should do more to prevent being the victim of ransomware in the first place.
NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure
The UK National Cyber Security Centre (NCSC) and several other international security agencies have issued a new advisory warning the public against Chinese cyber activity targeting critical national infrastructure networks. According to the document, the People’s Republic of China (PRC)’s associated threat actors employed sophisticated tactics to evade detection while conducting malicious activities against targets in the US and Guam. These tactics are expected to be used on critical infrastructure targets outside the US, including the UK.
The document further added that the threat actors mainly focused on credential access theft via brute force and password spraying techniques. The NCSC advisory provides network defenders with technical indicators and examples of techniques used by the attacker to help identify any malicious activity.
https://www.infosecurity-magazine.com/news/ncsc-warns-chinese-cyber-attacks/
Half of All Companies were Impacted by Spearphishing in 2022
Spearphishing is a sliver of all email exploits but the extent to which it succeeds is revealed in a new study from cyber security firm Barracuda Networks, which analysed 50 billion emails across 3.5 million mailboxes in 2022, unearthing around 30 million spearphishing emails and affecting 50% of all companies.
The report identified the top prevalent spearphishing emails were Scamming (47%) used to trick victims into disclosing sensitive information and the other being brand impersonation (42%) attacks mimicking a brand familiar with the victim to harvest credentials.
The report found that remote work is increasing risks. Users at companies with more than a 50% remote workforce report higher levels of suspicious emails — 12 per day on average, compared to 9 per day for those with less than a 50% remote workforce.
https://www.techrepublic.com/article/barracuda-networks-spearphishing-study/
Google's .zip, .mov Domains Give Social Engineers a Shiny New Tool
Two new top-level domain names (.zip and .mov) have caused concern among security researchers, who say they allow for the construction of malicious URLs that even tech-savvy users are likely to miss. While a top-level domain (TLD) that mimics a file extension is only one component in the lookalike attack, the overall combination is much more effective with the .zip or .mov extension.
There's no question that phishing links that involve these TLDs can be used to lure unsuspecting users into accidentally downloading malware. Unlike other kinds of phishing URLs that are intended to lure the user to enter credentials into a phony login page, the lures with the .zip or .mov domains are more suited to drive-by download types of attacks.
https://www.darkreading.com/endpoint/google-zip-mov-domains-social-engineers-shiny-new-tool
Governance, Risk and Compliance
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
The Rising Threat of Secrets Sprawl and the Need for Action (thehackernews.com)
Mass resignations, layoffs seen as major threat to corporate cyber security - The Korea Times
Improving Cyber security Requires Building Better Public-Private Cooperation (darkreading.com)
5 Cyber security Woes That Threaten Digital Growth (analyticsinsight.net)
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
What Security Professionals Need to Know About Aggregate Cyber Risk (darkreading.com)
Where to Focus Your Company’s Limited Cyber security Budget (hbr.org)
Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online
CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams (darkreading.com)
Today’s Cyber Defence Challenges: Complexity and a False Sense of Security - SecurityWeek
The biggest threats are always those we fail to predict - Big Think
How continuous security monitoring is changing the compliance game - Help Net Security
Defining CISOs, CTOs, and CIOs' Roles in Cyber security (analyticsinsight.net)
Threats
Ransomware, Extortion and Destructive Attacks
3 Common Initial Attack Vectors Account for Most Ransomware Campaigns (darkreading.com)
12 vulnerabilities newly associated with ransomware - Help Net Security
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Ransomware threats are growing, and targeting Microsoft devices more and more | TechRadar
Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks (bleepingcomputer.com)
FIN7 gang returned and was spotted delivering Clop ransomware - Security Affairs
Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking (darkreading.com)
Cyble — New Ransomware Wave Engulfs over 200 Corporate Victims
Updated 'StopRansomware Guide' warns of shifting tactics | TechTarget
The Week in Ransomware - May 19th 2023 - A Shifting Landscape (bleepingcomputer.com)
US saw 45% fewer ransomware victims posted on the dark web | Security Magazine
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
Ransomware tales: The MitM attack that really had a Man in the Middle – Naked Security (sophos.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (thehackernews.com)
Buhti Ransomware Gang Switches Tactics, Utilizes Leaked LockBit and Babuk Code (thehackernews.com)
Ransomware Victims
Food Distributor Sysco Says Cyber Attack Exposed 126,000 Individuals - SecurityWeek
Suzuki motorcycle plant shut down by cyber attack (bitdefender.com)
Iowa hospital discloses breach following Royal ransomware leak | TechTarget
Arms maker Rheinmetall confirms BlackBasta ransomware attack (bleepingcomputer.com)
Dish Network says February ransomware attack impacted +300K - Security Affairs
Philly Inquirer disputes Cuba ransomware gang's leak claims • The Register
Dorchester school IT system held to ransom in cyber attack - BBC News
BlackByte lists city of Augusta after cyber 'incident' • The Register
Phishing & Email Based Attacks
Advanced Phishing Attacks Surge 356% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)
50% of companies had spearphishing puncture wounds in 2022 (techrepublic.com)
Microsoft 365 phishing attacks use encrypted RPMSG messages (bleepingcomputer.com)
Threat actors exploit new channels for advanced phishing attacks - Help Net Security
Malicious links and misaddressed emails slip past security controls - Help Net Security
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
BEC – Business Email Compromise
Cyber Signals: Shifting tactics show surge in business email compromise | Microsoft Security Blog
Microsoft reports jump in business email compromise activity | CSO Online
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Employees are banned from using ChatGPT at these companies | Fortune
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
6 ChatGPT risks for legal and compliance leaders - Help Net Security
5 Ways Hackers Will Use ChatGPT For Cyber attacks (informationsecuritybuzz.com)
Simple OSINT techniques to spot AI-fueled disinformation, fake reviews - Help Net Security
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
The Security Hole at the Heart of ChatGPT and Bing | WIRED UK
2FA/MFA
Malware
New PowerExchange malware backdoors Microsoft Exchange servers (bleepingcomputer.com)
Hackers Use Weaponised DOCX File to Deploy Stealthy Malware (gbhackers.com)
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware (thehackernews.com)
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware (thehackernews.com)
CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules (thehackernews.com)
Threat actors leverage kernel drivers in new attacks | TechTarget
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer - Security Affairs
Malicious links and misaddressed emails slip past security controls - Help Net Security
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
PyPI open-source code repository deals with manic malware maelstrom – Naked Security (sophos.com)
Legion Malware Upgraded to Target SSH Servers and AWS Credentials (thehackernews.com)
AI Used to Create Malware, WithSecure Observes - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Android phones are vulnerable to fingerprint brute-force attacks (bleepingcomputer.com)
New AhRat Android malware hidden in app with 50,000 installs (bleepingcomputer.com)
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Botnets
How smart bots are infecting and exploiting the internet - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Denial of Service/DoS/DDOS
Internet of Things – IoT
Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
Data Breaches/Leaks
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
Luxottica confirms 2021 data breach after info of 70M leaks online (bleepingcomputer.com)
Hackers steal the SSN of nearly 6 million people (pandasecurity.com)
Food Distributor Sysco Says Cyber attack Exposed 126,000 Individuals - SecurityWeek
Organised Crime & Criminal Actors
IT employee piggybacked on cyber attack for personal gain - Help Net Security
Child hackers: How are kids becoming sophisticated cyber criminals? | Euronews
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
The Strange Story of the Teens Behind the Mirai Botnet - IEEE Spectrum
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Cyber criminals masquerading as MFA vendors - Help Net Security
The Dark Frost Enigma: An Unexpectedly Prevalent Botnet Author Profile | Akamai
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes (darkreading.com)
Insider Risk and Insider Threats
How to prevent against the 5 main types of insider threats - IT Security Guru
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Get-rich-quick schemes, pyramids and ponzis: five signs you're being scammed (theconversation.com)
Scammers Using ChatGPT "Fleeceware" Apps to Cash In on AI Hype, Sophos Report - MSSP Alert
Online scams target bargain-hunting holiday travelers - Help Net Security
Ads for lucrative jobs in Asia may be tech slavery scams • The Register
Crypto phishing service Inferno Drainer defrauds thousands of victims (bleepingcomputer.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Forex boss Anthony Constantinou guilty of £70m ‘Ponzi’ fraud (thetimes.co.uk)
IT employee impersonates ransomware gang to extort employer (bleepingcomputer.com)
Supply Chain and Third Parties
Capita under fire after ‘confidential’ files published online (thetimes.co.uk)
UK councils caught in Capita unsecured AWS bucket data leak • The Register
New Cyber Security Training Packages Launched to Manage Supply Chain Risk - NCSC
Software Supply Chain
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains (thehackernews.com)
Cloud/SaaS
UK councils caught in Capita unsecured AWS bucket data leak • The Register
CISO-level tips for securing corporate data in the cloud - Help Net Security
Google Cloud Bug Allows Server Takeover From CloudSQL Service (darkreading.com)
Attack Surface Management
Identity and Access Management
7 access management challenges during M&A - Help Net Security
Think security first when switching from traditional Active Directory to Azure AD | CSO Online
Encryption
API
API bug in OAuth dev tool opened websites, apps to account hijacking | SC Media (scmagazine.com)
The fragmented nature of API security ownership - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Inactive accounts pose significant account takeover security risks | CSO Online
What’s a Double-Blind Password Strategy and When Should It Be Used (bleepingcomputer.com)
Netflix's Password-Sharing Ban Offers Security Upsides (darkreading.com)
Biometrics
Social Media
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Pentagon explosion hoax goes viral after verified Twitter accounts push (bleepingcomputer.com)
Training, Education and Awareness
Travel
Online scams target bargain-hunting holiday travelers - Help Net Security
Four ways your devices can be hacked in hotels and how to stay safe | This is Money
Tips to Protect Against Holiday and Airline Scams - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations (darkreading.com)
Microsoft urges lawmakers to adopt new guidelines for responsible AI | CyberScoop
Models, Frameworks and Standards
NIST Launches Cyber security Initiative for Small Businesses (securityintelligence.com)
New security model launched to eliminate 95% of cyber breaches - IT Security Guru
Backup and Recovery
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
UK Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes (thehackernews.com)
79-year-old woman tricks German scammers into getting arrested (iamexpat.de)
Privacy, Surveillance and Mass Monitoring
UK police to 'embed' facial recog but oversight is at risk • The Register
Abuse of government spying powers: What's to worry about? • The Register
Reflections on Ten Years Past The Snowden Revelations (ietf.org)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyber Warfare Lessons From the Russia-Ukraine Conflict (darkreading.com)
Russia's War in Ukraine Shows Cyber attacks Can Be War Crimes (darkreading.com)
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade (thehackernews.com)
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Cyber Attacks Strike Ukraine's State Bodies in Espionage Operation (thehackernews.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
United Nations official and others in Armenia hacked by NSO Group spyware | Hacking | The Guardian
Predator: Looking under the hood of Intellexa’s Android spyware (bleepingcomputer.com)
Nation State Actors
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques (malwarebytes.com)
SMBs and regional MSPs are increasingly targeted by state-sponsored APT groups | CSO Online
The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED
Malware turns home routers into proxies for Chinese state-sponsored hackers | Ars Technica
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware (thehackernews.com)
Five Eyes and Microsoft accuse China US infrastructure raids • The Register
Iranian hackers use new Moneybird ransomware to attack Israeli orgs (bleepingcomputer.com)
Mysterious malware designed to cripple industrial systems linked to Russia | CyberScoop
GCHQ warns of fresh threat from Chinese state-sponsored hackers | Hacking | The Guardian
New Russian-linked CosmicEnergy malware targets industrial systems (bleepingcomputer.com)
Five Eyes agencies detail how Chinese hackers breached US infrastructure - Help Net Security
Lazarus Group Striking Vulnerable Windows IIS Web Servers (darkreading.com)
'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns (darkreading.com)
Vulnerability Management
12 vulnerabilities newly associated with ransomware - Help Net Security
Fresh perspectives needed to manage growing vulnerabilities - Help Net Security
Judge Throws Out Ransomware Class-Action Suit Against Rackspace - MSSP Alert
How to check for new exploits in real time? VulnCheck has an answer | CSO Online
Vulnerabilities
12 vulnerabilities newly associated with ransomware - Help Net Security
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (bleepingcomputer.com)
Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws (informationsecuritybuzz.com)
Threat Actors Compromise Barracuda Email Security Appliances (darkreading.com)
Microsoft: Windows issue causes file copying, saving failures (bleepingcomputer.com)
GitLab 'strongly recommends' patching max severity flaw ASAP (bleepingcomputer.com)
83C0000B: The error code that means a software update bricked your HP printer (bitdefender.com)
CISA adds iPhone bugs to Known Exploited Vulnerabilities catalog - Security Affairs
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771) - Help Net Security
Zyxel warns of critical vulnerabilities in firewall and VPN devices (bleepingcomputer.com)
Warning: Samsung Devices Under Attack! New Security Flaw Exposed (thehackernews.com)
Tools and Controls
Security Pros: Before You Do Anything, Understand Your Threat Landscape - SecurityWeek
Malicious links and misaddressed emails slip past security controls - Help Net Security
Making The Most Of A Penetration Test: The Organisational Perspective (forbes.com)
Against the Clock: Cyber Incident Response Plan (trendmicro.com)
Investigating Risks Through Threat Hunting Capability Guide (informationsecuritybuzz.com)
Almost all ransomware attacks target backups, says Veeam | Computer Weekly
How continuous security monitoring is changing the compliance game - Help Net Security
Blacklist untrustworthy apps that peek behind your firewall - Help Net Security
How generative AI is reshaping the identity verification landscape - Help Net Security
The fragmented nature of API security ownership - Help Net Security
Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans (darkreading.com)
Cutting Through the Noise: What is Zero Trust Security? - SecurityWeek
CISO-level tips for securing corporate data in the cloud - Help Net Security
6 ways generative AI chatbots and LLMs can enhance cyber security | CSO Online
'Operation Magalenha' Attacks Gives Window Into Brazil's Cyber crime Ecosystem (darkreading.com)
Here's another great reason to make sure your enterprises is safeguarded from ransomware | TechRadar
Attributes of a mature cyber-threat intelligence program | CSO Online
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 May 2023
Black Arrow Cyber Threat Briefing 19 May 2023:
-Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats
-Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once
-Ensuring Security Remains/Becomes Everyone’s Responsibility
-Software Supply Chain Attacks Hit 61% of Firms
-More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees
-Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot
-Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table
-How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response
-Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information
-Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats
-Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation
-Capita Warns Customers They Should Assume Data was Stolen
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats
Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.
Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.
Ensuring Security Remains/Becomes Everyone’s Responsibility
In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.
Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.
https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/
Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.
According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.
Software Supply Chain Attacks Hit 61% of Firms
More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.
Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.
https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/
More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees
In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.
Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.
Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot
Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.
Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table
Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.
How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response
Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.
The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.
Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.
https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response
Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information
The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.
Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.
Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats
A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.
Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.
https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/
Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation
Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.
Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.
https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/
Capita Warns Customers They Should Assume Data was Stolen
Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.
Governance, Risk and Compliance
Cyber security Often Overlooked as Key Factor for Business Success, New Study Says - MSSP Alert
Cyber Risk Management in 2023: The People Element (trendmicro.com)
Is Your Cyber security “Too” Good? (securityintelligence.com)
Cyber risk: Can banks win the arms race? | Financial Times (ft.com)
Security breaches push digital trust to the fore | CSO Online
5 Ways Security Testing Can Aid Incident Response (darkreading.com)
Organisations reporting cyber resilience are hardly resilient: Study | CSO Online
Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security
Keeping a competitive edge in the cyber security ‘game’ | CyberScoop
UK NCSC, ICO debunk 6 cyber attack reporting myths | CSO Online
An Executive's Guide To The Cyber crime Underground (forbes.com)
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
20 Ways to Ensure Security Remains/Becomes Everyone’s Responsibility (cisoseries.com)
Talking Security Strategy: Cyber security Has a Seat at the Boardroom Table (darkreading.com)
Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek
Threats
Ransomware, Extortion and Destructive Attacks
Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online
Ransomware payments nearly double in one year | Cyber crime | The Guardian
The Week in Ransomware - May 12th 2023 - New Gangs Emerge (bleepingcomputer.com)
New trends in ransomware attacks shape the future of cyber security - Help Net Security
ABB 'suffers cyber attack' by ransomware gang Black Basta (techmonitor.ai)
Why Amazon S3 is a ransomware target and how to protect it | TechTarget
Experts question San Bernardino's $1.1M ransom payment | TechTarget
Ransomware corrupts data, making restoration harder • The Register
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
VPN vulnerability linked to ransomware attack on Law Society: PDPC - CNA (channelnewsasia.com)
Philadelphia Inquirer operations disrupted after cyber attack (bleepingcomputer.com)
Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)
New RA Group ransomware targets US orgs in double-extortion attacks (bleepingcomputer.com)
Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)
Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyber attacks (darkreading.com)
Ransomware-as-a-service groups pay affiliates top dollar • The Register
Russian ransomware affiliate charged with attacks on critical infrastructure (bleepingcomputer.com)
This new ransomware group is targeting big businesses - here's what you need to know | TechRadar
Warning Issued About BianLian Ransomware Attacks By CISA & FBI (informationsecuritybuzz.com)
FBI confirms BianLian ransomware switch to extortion only attacks (bleepingcomputer.com)
'Strictly limit' remote desktop to avoid BianLian ransomware • The Register
MalasLocker ransomware targets Zimbra servers, demands charity donation (bleepingcomputer.com)
Russian national indicted for ransomware attacks against the US | CSO Online
A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop
Phishing & Email Based Attacks
What the Email Security Landscape Looks Like in 2023-Security Affairs
Ongoing Facebook phishing campaign without a sender and (almost) without links
Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News
New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)
Exploring the tactics of phishing and scam websites in 2023 - Help Net Security
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security
Insider threats surge across US CNI as attackers exploit human factors | CSO Online
Microsoft Teams Features Amp Up Orgs' Cyber attack Exposure (darkreading.com)
Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online
Artificial Intelligence
New Google search tool will distinguish real images from AI-generated phonies | ZDNET
AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert
AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)
Generative AI Empowers Users but Challenges Security (darkreading.com)
Security Vulnerabilities of ChatGPT-Generated Code (trendmicro.com)
3 Ways Hackers Use ChatGPT to Cause Security Headaches (darkreading.com)
ChatGPT is about to revolutionize cyber security | VentureBeat
Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)
2FA/MFA
Malware
Microsoft is scanning the inside of password-protected zip files for malware | Ars Technica
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)
Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
No more macros? No problem, say attackers, we'll adapt • The Register
The new info-stealing malware operations to watch out for (bleepingcomputer.com)
DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)
Stealthy MerDoor malware uncovered after five years of attacks (bleepingcomputer.com)
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (thehackernews.com)
New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)
Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security
Once Again, Malware Discovered Hidden in npm (darkreading.com)
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Mobile
Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)
Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)
Converso walks back E2EE claims, yanks app from stores • The Register
OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users (thehackernews.com)
Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek
Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware - SecurityWeek
Botnets
Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs
Spanish cops arrest 69 in immigration bot scheme • The Register
Denial of Service/DoS/DDOS
Internet of Things – IoT
Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance (thehackernews.com)
Why 2.4GHz Wi-Fi is both the savior and the scourge of the smart home - The Verge
Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)
Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)
Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyber attacks (darkreading.com)
Is your car safe from a cyber attack? | E&T Magazine (theiet.org)
Data Breaches/Leaks
UK's largest private pension scheme hit by Capita attack • The Register
Capita warns customers they should assume data was stolen (bleepingcomputer.com)
More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees - MSSP Alert
MP’s laptop stolen from Welcome Break spot 'not covered by CCTV' | UK News | Metro News
Discord discloses data breach after support agent got hacked (bleepingcomputer.com)
Data of 237,000 US government employees breached - CNA (channelnewsasia.com)
Toyota: Car location data of 2 million customers exposed for ten years (bleepingcomputer.com)
Toyota's bungling of customer privacy is becoming a pattern • The Register
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers - SecurityWeek
Personal info of 90k hikers leaked by French tourism company La Malle Postale-Security Affairs
Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)
Airline exposes passenger info to others due to a 'technical error' (bleepingcomputer.com)
University admission platform exposed student passports-Security Affairs
Millions of deleted files recovered in hard drives purchased online | TechRadar
Organised Crime & Criminal Actors
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
An Executive's Guide To The Cyber crime Underground (forbes.com)
Hacker marketplace still active despite police 'takedown' claim - BBC News
How Cyber criminals Adapted to Microsoft Blocking Macros by Default (darkreading.com)
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley
Hacker admits he was connected to 'tens of thousands’ laptops to mine crypto (finbold.com)
CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)
Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs
North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters
DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)
Landmark crypto rules make exchanges liable for customer losses in EU | Ars Technica
Insider Risk and Insider Threats
Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek
Avoiding Reputational Damage By Conquering Insider Threats (informationsecuritybuzz.com)
Insider threats surge across US CNI as attackers exploit human factors | CSO Online
Ex-Apple engineer accused of stealing self-driving car secrets - BBC News
Identity crimes: Too many victims, limited resources - Help Net Security
Fraud, Scams & Financial Crime
Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security
Exploring the tactics of phishing and scam websites in 2023 - Help Net Security
How To Avoid Mother's Day Scams By Protecting Your Purse And Heart (informationsecuritybuzz.com)
Spanish cops arrest 69 in immigration bot scheme • The Register
Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs
18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)
AML/CFT/Sanctions
Insurance
Dark Web
Hacker marketplace still active despite police 'takedown' claim - BBC News
Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)
Supply Chain and Third Parties
Capita warns customers they should assume data was stolen (bleepingcomputer.com)
Capita hit by new data breach incident | Financial Times (ft.com)
Another security calamity for Capita: Unsecured AWS bucket • The Register
UK's largest private pension scheme hit by Capita attack • The Register
Discord Informs Users of Data Breach Involving Customer Support Provider - SecurityWeek
Preparing for federal supply chain security standardization - Help Net Security
Software Supply Chain
Cloud/SaaS
Security experts share cloud auditing best practices | TechTarget
Stop worrying about cloud-lock-in, and outages: Gartner • The Register
Microsoft Azure VMs Hijacked in Cloud Cyber attack (darkreading.com)
Why High Tech Companies Struggle with SaaS Security (thehackernews.com)
Capita hit by new data breach incident | Financial Times (ft.com)
Why Amazon S3 is a ransomware target and how to protect it | TechTarget
Microsoft lets Azure AD choose authentication method • The Register
Encryption
Converso walks back E2EE claims, yanks app from stores • The Register
Protect against current and future threats with encryption | TechTarget
API
Open Source
EU attempts to secure software could hurt open source • The Register
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)
Malicious open-source components threatening digital infrastructure - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Time Taken For Hackers to Crack Passwords Revealed - IT Security Guru
AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert
Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica
Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)
KeePass 2.X Master Password Dumper allows retrieving the KeePass master password-Security Affairs
Social Media
Former TikTok official says China had access to app data | Al Arabiya English
Ongoing Facebook phishing campaign without a sender and (almost) without links
Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News
Twitter sued over Saudi spying that allegedly landed popular user in prison [Updated] | Ars Technica
Training, Education and Awareness
Parental Controls and Child Safety
Regulations, Fines and Legislation
EU attempts to secure software could hurt open source • The Register
AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)
Preparing for federal supply chain security standardization - Help Net Security
Secure Disposal
Careers, Working in Cyber and Information Security
Open source and Linux skills are still in demand in a dark economy | ZDNET
Top 10 Ideas for Addressing the Cyber security Skills Gap in 2023 (analyticsinsight.net)
Google Cloud CISO on why the Google Cyber security Certificate matters - Help Net Security
Law Enforcement Action and Take Downs
Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online
Hacker marketplace still active despite police 'takedown' claim - BBC News
Spanish cops arrest 69 in immigration bot scheme • The Register
Identity crimes: Too many victims, limited resources - Help Net Security
Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)
Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs
18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)
Russian national indicted for ransomware attacks against the US | CSO Online
Privacy, Surveillance and Mass Monitoring
The UK’s Secretive Web Surveillance Program Is Ramping Up | WIRED
WhatsApp allows users to lock sensitive chats - Help Net Security
Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)
Google details its next steps for wiping out Chrome tracking cookies | Engadget
Misinformation, Disinformation and Propaganda
Pakistan shut down the internet - but that didn't stop the protests - BBC News
Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
Former TikTok official says China had access to app data | Al Arabiya English
Gatewatcher unveils research into advanced persistent threats | Data Centre Solutions
How China came to dominate the black market for money laundering (telegraph.co.uk)
North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters
Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)
Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)
Cyble — Cisco Routers Exploited by Russian State-Sponsored Attackers
DOJ links Iran, China and Russia to five IP theft-related cases | SC Media (scmagazine.com)
Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)
Vulnerability Management
Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica
Remote updates on motherboards could lead to bricked servers • The Register
Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
How to build a better vulnerability management program | TechTarget
Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek
How to Protect Your Organisation From Vulnerabilities (darkreading.com)
Vulnerabilities
Hackers target Wordpress plugin flaw after PoC exploit released (bleepingcomputer.com)
Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (thehackernews.com)
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security
Apple fixes three new zero-days exploited to hack iPhones, Macs (bleepingcomputer.com)
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)
Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers - SecurityWeek
Arm confident Cortex-M is secure after side-channel attack • The Register
Microsoft Follina Bug Is Back in Meme-Themed Cyber attacks Against Travel Orgs (darkreading.com)
CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek
Remote updates on motherboards could lead to bricked servers • The Register
Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica
Microsoft pulls Defender update fixing Windows LSA Protection bug (bleepingcomputer.com)
WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities – WP Tavern
Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities - SecurityWeek
Tools and Controls
Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security
Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)
5 Ways Security Testing Can Aid Incident Response (darkreading.com)
Organisations reporting cyber resilience are hardly resilient: Study | CSO Online
Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica
The Ultimate Guide to Multi-Factor Authentication - Security Boulevard
Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)
Protect against current and future threats with encryption | TechTarget
Can AI Decision-Making Be Trusted for Cyber security? (analyticsinsight.net)
'Strictly limit' remote desktop to avoid BianLian ransomware • The Register
Millions of deleted files recovered in hard drives purchased online | TechRadar
Key Metrics In Evaluating DevOps Threat Matrix (informationsecuritybuzz.com)
ChatGPT is about to revolutionize cyber security | VentureBeat
A Requirements-Driven Approach to Cyber Threat Intelligence | Mandiant
Embedding Security by Design: A Shared Responsibility (darkreading.com)
Reports Published in the Last Week
Other News
Heightened cyber attacks threat before Council of Europe summit in Reykjavik – EURACTIV.com
12 common network protocols and their functions explained | TechTarget
Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT (newsweek.com)
Ukraine, Ireland, Japan and Iceland join NATO CCDCOE-Security Affairs
Web entity activity reveals insights into internet security - Help Net Security
Microsoft Security highlights from RSAC 2023 - Microsoft Security Blog
Top 5 Cyber security Predictions and Statistics for 2023 (analyticsinsight.net)
No more macros? No problem, say attackers, we'll adapt • The Register
Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online
Rebinding Attacks Persist With Spotty Browser Defences (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 12 May 2023
Black Arrow Cyber Threat Briefing 12 May 2023:
-79% of Cyber Pros Make Decisions Without Threat Intelligence
-61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success
-Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’
-Small and Medium-Sized Businesses: Don’t Give up on Cyber Security
-AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence
-Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows
-Majority of US, UK CISOs Unable to Protect Company 'Secrets'
-Company Executives Can’t Afford to Ignore Cyber Security Anymore
-BEC Campaign via Israel Spotted Targeting Multinational Companies
-CISOs Worried About Personal Liability for Breaches
-UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries
-Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
79% of Cyber Pros Make Decisions Without Threat Intelligence
In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?
Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.
Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?
61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success
A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.
Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’
The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.
It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.
“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.
The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.
https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835
Small and Medium-Sized Businesses: Don’t Give up on Cyber Security
In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.
Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.
AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence
Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.
Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows
In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.
The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.
Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.
Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.
Majority of US, UK CISOs Unable to Protect Company 'Secrets'
A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.
Company Executives Can’t Afford to Ignore Cyber Security Anymore
In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).
https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/
BEC Campaign via Israel Spotted Targeting Multinational Companies
An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.
CISOs Worried About Personal Liability for Breaches
Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.
It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.
Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.
CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.
https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/
UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries
The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.
Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.
According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.
According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.
https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/
Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns
A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.
Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.
The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.
https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks
Threats
Ransomware, Extortion and Destructive Attacks
Make them pay: Hackers devise new tactics to ensure ransomware payment | CSO Online
Ransomware gangs display ruthless extortion tactics in April | TechTarget
Our appetite for data increases the risk of being held to ransom (thetimes.co.uk)
Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows - MSSP Alert
Refined methodologies of ransomware attacks - Help Net Security
Ranking ransomware: The gangs, the malware and the ever-present risks | CyberScoop
Ransomware Encryption Rates Reach New Heights - Infosecurity Magazine (infosecurity-magazine.com)
UK ‘increasingly concerned’ ransomware victims are keeping incidents secret (therecord.media)
Royal ransomware gang quickly expands reign | SC Media (scmagazine.com)
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)
Ransomware attack confirmed at Rochester Public Schools, FBI alerted - Bring Me The News
Constellation Struck By Ransomware Attack, ALPHV Lays Claim (informationsecuritybuzz.com)
New Ransomware Strain 'CACTUS' Exploits VPN Flaws to Infiltrate Networks (thehackernews.com)
New Akira Ransomware Operation Hits Corporate Networks | Black Hat Ethical Hacking
Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers (bleepingcomputer.com)
$1.1M Paid to Resolve Ransomware Attack on California County - SecurityWeek
Western Digital store offline due to March breach - Help Net Security
Western Digital Confirms Ransomware Group Stole Customer Information - SecurityWeek
Former Conti members are behind latest Royal ransomware hacking spree, report finds (axios.com)
Hackers Contacted Dragos CEO’s Son, Wife in Extortion Attempt - Bloomberg
Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs (darkreading.com)
Australian software giant won’t say if customers affected by hack | TechCrunch
Multinational tech firm ABB hit by Black Basta ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Gmail gets blue verification checks to protect against spoofing and phishing | ZDNET
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
BEC – Business Email Compromise
2FA/MFA
Malware
Chrome users, stay alert: Malware may be just one click away - gHacks Tech News
Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)
56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security
Millions of mobile phones come pre-infected with malware • The Register
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
Fake system update drops Aurora stealer via Invalid Printer loader (malwarebytes.com)
Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)
Mobile
Millions of mobile phones come pre-infected with malware • The Register
Mobile hacking and spyware – understanding the risks - TechHQ
Google Announces New Privacy, Safety, and Security Features Across Its Services (thehackernews.com)
Google Improves Android Security With New APIs - SecurityWeek
New Android FluHorse malware steals your passwords, 2FA codes (bleepingcomputer.com)
New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)
Botnets
Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs
RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)
Denial of Service/DoS/DDOS
FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
Fortinet warns of a spike of the activity linked to AndoryuBot botnet- Security Affairs
RapperBot DDoS malware adds cryptojacking as new revenue stream (bleepingcomputer.com)
Internet of Things – IoT
Data Breaches/Leaks
Security researcher finds trove of Capita data exposed online | TechCrunch
In a new hacking crime wave, more personal data is being held hostage (cnbc.com)
Western Digital says hackers stole customer data in March cyber attack (bleepingcomputer.com)
Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica
Boot Guard Keys From MSI Hack Posted, Many PCs Vulnerable | Tom's Hardware(tomshardware.com)
1 Million Impacted by Data Breach at NextGen Healthcare - SecurityWeek
Twitter admits 'security incident' broke Circle privacy • The Register
Food distribution giant Sysco warns of data breach after cyber attack (bleepingcomputer.com)
North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)
Brightly warns of SchoolDude data breach exposing credentials (bleepingcomputer.com)
Simplify data hack cost the firm almost £7m - Property Industry Eye
Organised Crime & Criminal Actors
In a new hacking crime wave, more personal data is being held hostage (cnbc.com)
The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison - SecurityWeek
UK cops score another legal win in EncroChat spying case • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)
Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur
Fraud, Scams & Financial Crime
UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)
Your voice could be your biggest vulnerability - Help Net Security
QR codes used in fake parking tickets, surveys to steal your money (bleepingcomputer.com)
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
Security researcher finds trove of Capita data exposed online | TechCrunch
Cyber hack to cost UK outsourcer Capita up to $25 mln | Reuters
Leak of MSI UEFI signing keys stokes fears of “doomsday” supply chain attack | Ars Technica
Software Supply Chain
Cloud/SaaS
56,000+ cloud-based apps at risk of malware exfiltration - Help Net Security
How to reduce risk with cloud attack surface management | TechTarget
ENISA leans into EU clouds with draft cyber security label • The Register
Hybrid/Remote Working
Attack Surface Management
Identity and Access Management
Top 3 trends shaping the future of cyber security and IAM - Help Net Security
Review your on-prem ADCS infrastructure before attackers do it for you | CSO Online
Why the FTX Collapse Was an Identity Problem (darkreading.com)
Asset Management
CISOs confront mounting obstacles in tracking cyber assets - Help Net Security
How Attack Surface Management Supports Continuous Threat Exposure Management (thehackernews.com)
Encryption
API
Open Source
India bans open source messaging apps on security grounds • The Register
Stealthier version of Linux BPFDoor malware spotted in the wild (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
83% of Americans’ Passwords Can Be Hacked in Less Than a Second, Study Shows (thedailybeast.com)
Top 5 Password Cracking Techniques Used by Hackers (bleepingcomputer.com)
Social Media
Twitter admits 'security incident' broke Circle privacy • The Register
TikTok tracked UK journalist via her cat's account - BBC News
Parental Controls and Child Safety
Regulations, Fines and Legislation
UK’s new fraud strategy too weak to tackle soaring crime, say experts | Financial Times (ft.com)
EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian
India bans open source messaging apps on security grounds • The Register
PEGA committee calls for EU level regulation of spyware • The Register
ENISA leans into EU clouds with draft cyber security label • The Register
Europe’s Moral Crusader Lays Down the Law on Encryption | WIRED
Scanning Plans On Europe's CSAM May Violate International Law (informationsecuritybuzz.com)
Governance, Risk and Compliance
Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)
79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)
Company executives can't afford to ignore cyber security anymore - Help Net Security
Majority of US, UK CISOs unable to protect company 'secrets': Report | CSO Online
Small- and medium-sized businesses: don’t give up on cyber security | CSO Online
(ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert
Organisations Reliant on Social Media For Threat Intelligence - TechRound
Recognizing Cyberthreat Trends For Effective Defence (forbes.com)
Digital trust can make or break an organisation - Help Net Security
Why more transparency around cyber attacks is good for everyone - NCSC
CISOs face mounting pressures, expectations post-pandemic | TechTarget
CISOs' confidence in post-pandemic security landscape fades - Help Net Security
Overlooking These 4 Critical Measures Expose Your Company to Cyber Attacks | Entrepreneur
NCSC and ICO Dispel Incident Reporting Myths - Infosecurity Magazine (infosecurity-magazine.com)
Models, Frameworks and Standards
(ISC)² Calls for Global Cyber security Standards, Collaboration, Frameworks - MSSP Alert
ENISA leans into EU clouds with draft cyber security label • The Register
Data Protection
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
FBI seizes 13 more domains linked to DDoS-for-hire services (bleepingcomputer.com)
Phishing Ring Bust, Spanish Police Have Arrested 40 People (informationsecuritybuzz.com)
UK cops score another legal win in EncroChat spying case • The Register
Privacy, Surveillance and Mass Monitoring
The (Security) Cost of Too Much Data Privacy (darkreading.com)
Twitter admits 'security incident' broke Circle privacy • The Register
TikTok tracked UK journalist via her cat's account - BBC News
Artificial Intelligence
Top US cyber official warns AI may be the 'most powerful weapon of our time' | CyberScoop
Amazon Is Being Flooded With Books Entirely Written by AI (futurism.com)
Your voice could be your biggest vulnerability - Help Net Security
The security and privacy risks of large language models - Help Net Security
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
EU parliament report calls for tighter regulation of spyware | Surveillance | The Guardian
China targets foreign consulting companies in anti-spying raids | China | The Guardian
Mobile hacking and spyware – understanding the risks - TechHQ
New Android updates fix kernel bug exploited in spyware attacks (bleepingcomputer.com)
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)
PEGA committee calls for EU level regulation of spyware • The Register
FBI-led Operation Medusa kills Russian FSB malware network • The Register
How one of Vladimir Putin’s most prized hacking units got pwned by the FBI | Ars Technica
Nation State Actors
Microsoft warns Iran increasing its cyber-enabled influence operations | SC Media (scmagazine.com)
China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register
CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (thehackernews.com)
LinkedIn shuts service in China, lays off employees | Fortune
Microsoft: Iranian hacking groups join Papercut attack spree (bleepingcomputer.com)
FBI-led Operation Medusa kills Russian FSB malware network • The Register
China targets foreign consulting companies in anti-spying raids | China | The Guardian
Beijing raids consultancy firm Capvision, promises more • The Register
SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack (darkreading.com)
North Korean Hackers Stole 830K Data From Seoul's Top Hospital (informationsecuritybuzz.com)
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices | CISA
Vulnerability Management
Vulnerabilities
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug (thehackernews.com)
Microsoft warns of two bugs under active exploit • The Register
Light May Patch Tuesday will weigh heavily on Windows admins | TechTarget
Fortinet fixed two severe issues in FortiADC and FortiOS-Security Affairs
New PaperCut RCE exploit created that bypasses existing detections (bleepingcomputer.com)
Microsoft issues optional fix for Secure Boot zero-day used by malware (bleepingcomputer.com)
Adobe Patches 14 Vulnerabilities in Substance 3D Painter - SecurityWeek
Severe Ruckus RCE Flaws Utilized By Fresh DDoS Botnet Malware (informationsecuritybuzz.com)
CyberGhost VPN patches command injection vulnerability | SC Media (scmagazine.com)
A Linux NetFilter kernel flaw allows escalating privileges to 'root'-Security Affairs
SAP Patches Critical Vulnerabilities With May 2023 Security Updates - SecurityWeek
Fortinet warns of a spike of the activity linked to AndoryuBot botnet-Security Affairs
Tools and Controls
Risk managers warn cyber insurance could become ‘unviable product’ | Financial Times (ft.com)
79% of Cyber Pros Make Decisions Without Threat Intelligence (securityintelligence.com)
Human Error Drives Most Cyber Incidents. Could AI Help? (hbr.org)
Identifying Compromised Data Can Be a Logistical Nightmare (darkreading.com)
Organisations Reliant on Social Media For Threat Intelligence - TechRound
Recognizing Cyberthreat Trends For Effective Defence (forbes.com)
Digital trust can make or break an organisation - Help Net Security
Prevent attackers from using legitimate tools against you - Help Net Security
How to implement principle of least privilege in Azure AD | TechTarget
What is Digital Forensics? Tools, Types, Phases & History (cybersecuritynews.com)
Microsoft enforces number matching to fight MFA fatigue attacks (bleepingcomputer.com)
AI Will Take Many Cyber security Jobs, But It's Not a Complete Disaster | PCMag
Google Broadens Dark Web Monitoring To Track All Gmail Users (informationsecuritybuzz.com)
5 SBOM tools to start securing the software supply chain | TechTarget
The Industrywide Consequences of Making Security Products Inaccessible (darkreading.com)
Top 3 trends shaping the future of cyber security and IAM - Help Net Security
Other News
The Team of Sleuths Quietly Hunting Cyber attack-for-Hire Services | WIRED
Why Should You Take IT Security Seriously? - IT Security Guru
To enable ethical hackers, a law reform is needed - Help Net Security
How datacentre operators can fend off cyber attacks | Computer Weekly
'Windows for Gamers' Rolls Dice With Your Security (vice.com)
Risk of cyber attack is main Eurovision worry, says BBC executive | Eurovision 2023 | The Guardian
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 05 May 2023
Black Arrow Cyber Threat Briefing 05 May 2023:
- Boards Need Better Conversations About Cyber Security
- Uber’s Ex-Security Chief Sentenced for Security Breach
- Global Cyber Attacks Rise by 7% in Q1 2023
- Three-Quarters of Firms Predict Breach in Coming Year
- The Costly Threat That Many Businesses Fail to Address
- European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
- Understanding Cyber Threat Intelligence for Business Security
- Hackers Are Finding Ways to Evade Latest Cyber Security Tools
- Study Shows a 27% Spike in Publicly Known Ransomware Victims
- Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
- Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
- 4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Boards Need Better Conversations About Cyber Security
In a survey by Harvard Business Review, 65% of directors believed their organisations were at risk of a cyber attack within the next 12 months, and almost half believed they were unprepared to cope with such an attack. Boards that struggle with their role in providing oversight for cyber security create a security problem for their organisations. By not focusing on resilience, boards fail their companies and their stakeholders.
Regarding board interactions with CISOs, just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. This is worrying, as this leaves little time for leaders to have a meaningful dialogue about cyber security.
As a result, boards need to discuss their organisations’ cyber security-induced risks and evaluate plans to manage those risks frequently; the CISO should be involved in this. With the right conversations about keeping the organisation resilient, they can take the next step to provide adequate cyber security oversight. To bring more cyber security into the board room, board members may need to gain expertise, whether through frequent training or development programmes.
https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity
Uber’s Ex-Security Chief Sentenced for Security Breach
Earlier this week, Uber’s former head of cyber security, Joseph Sullivan, faced several years of prison time for covering up a massive security breach at the ride-hailing company seven years ago. When it actually came to sentencing he managed to avoid jail but received three years of probation and 200 hours of community service, despite pleas from the prosecution to throw him in jail.
The case highlights the seriousness of covering up a security breach, as at one point the ex-security chief was looking at 24-30 months of jail time. With increasing regulations and focus on cyber security, it is unlikely that this is a one-off incident.
https://gizmodo.com/uber-security-joe-sullivan-sentenced-prison-data-breach-1850403347
Global Cyber Attacks Rise by 7% in Q1 2023
Weekly cyber attacks have increased worldwide by 7% in Q1 2023 compared to the same period last year, with each firm facing an average of 1,248 attacks per week according to Check Point’s latest research. The report highlights a number of sophisticated campaigns including using ChatGPT for code generation to help less-skilled threat actors effortlessly launch cyber attacks.
The Check Point report also shows that 1 in 31 organisations worldwide experienced a ransomware attack weekly over the first quarter of 2023. To defend against such threats, the security researchers recommended a series of cyber safety tips, such as keeping computers and servers up-to-date, conducting regular cyber awareness training and utilising better threat prevention tools, among others.
https://www.infosecurity-magazine.com/news/global-cyber-attacks-rise-7-q1-2023/
Three-Quarters of Firms Predict a Breach in the Coming Year
Most global organisations anticipate suffering a data breach or cyber attack in the next 12 months. Trend Micro’s six-monthly Cyber Risk Index (CRI) was compiled from interviews with 3,729 global organisations.
While results of the index score move in a positive direction showing organisations are taking steps to improve cyber preparedness, most responding organisations are pessimistic about the year ahead.
Respondents pointed to both negligent insiders and mobile users, and a lack of trained staff, as a key cause of concern going forward. Alongside cloud infrastructure and virtual computing environments, these comprised the top five infrastructure risks.
https://www.infosecurity-magazine.com/news/threequarters-firms-predict-breach/
The Costly Threat That Many Businesses Fail to Address
Insider attacks such as fraud, sabotage, and data theft plague 71% of businesses, according to a recent report. The report found companies that allow excessive data access are much more likely to suffer insider attacks. However, only 57% of companies limit data appropriately while 31% allow employees access to more data than necessary and 12% allow employees access to all company data.
Alarmingly, of the companies that have experienced insider attacks, one in three (34%) report that the attack involved an employee with privileged access. Data theft was the most common type of insider attack, reported by 38% of businesses.
Insider attacks can damage businesses’ reputations, finances, and competitiveness, and therefore companies should take a proactive approach in preventing these incidents.
https://www.helpnetsecurity.com/2023/05/02/insider-attacks-damage/
European Data at Risk with Tick-box GDPR Compliance and High Cyber Attack Volumes
Recent research revealed that European IT and security leaders may be dangerously over-confident in their ability to avoid cyber attacks and mitigate the risk of serious data compromise. The findings reveal that most organisations have suffered a serious cyber attack in the last two years, with over half of respondents saying their company suffered an attack 1 to 3 times in this time period. Worryingly, 20% of respondents claim to have been attacked 4 to 6 times. Only 18% managed to avoid an attack altogether.
Worryingly, three-quarters (76%) of those interviewed admit they’re taking a tick-box approach to GDPR compliance, which involves doing the bare minimum on data privacy and security. Although most (97%) have a contingency plan in place should they get breached, a quarter (26%) have not tested it.
Around two-thirds of respondents say their organisation considers customer (66%) and financial data (63%) to be “risky.” But the figure drops to 60% for employee data, and even further for intellectual property (45%) and health data (28%). Alarmingly, health-related data is classified as a special category data by GDPR, meaning it requires more protection.
Understanding Cyber Threat Intelligence for Business Security
Cyber threat intelligence is not a solution itself, but a crucial component of any mature security programme, enabling organisations to gain insights into the motives, targets and behaviours of threat actors. As such, it is crucial for businesses looking to protect themselves from the ever-evolving cyber threat landscape.
Some of the benefits of effective cyber threat intelligence to a business include early threat detection, improved response, regulation compliance, competitive advantage and cost savings. It is important to highlight that an organisation does not need to come up with their own cyber threat intelligence initiative, it can instead be purchased as a service.
Hackers Are Finding Ways to Evade Latest Cyber Security Tools
As hacking has gotten more destructive and pervasive, new defensive tools continue to be developed. One such tool is called endpoint detection and response (EDR) software, it’s designed to spot early signs of malicious activity on laptops, servers and other devices known as “endpoints” on a computer network — and block them before intruders can steal data or lock the machines.
Experts however, claim hackers have developed workarounds for some forms of the technology, allowing them to slip past products that have become the gold standard for protecting critical systems. Security software is not enough on its own, it is just one of the layers of defence that organisations should employ as part of their cyber resilience; there is no silver bullet.
https://finance.yahoo.com/news/hackers-finding-ways-evade-latest-131600565.html
Study Shows a 27% Spike in Publicly Known Ransomware Victims
A report released this week highlights a 27% increase in publicly known ransomware victims in the first quarter of the year. Some of the report’s key findings include the fact that manufacturing, technology, education, banking, finance, and healthcare organisations are the largest to be exposed to ransomware.
The report identified an increase in the use of “double extortion” as an attack model. This method is where ransomware groups not only encrypt files but also exfiltrate data. The top five most active ransomware threat actors are LockBit, Clop, AlphV, Royal and BianLian.
Data Loss Costs Are Going Up – and Not Just for Those Who Choose to Pay Thieves
A recent report found while the number of ransomware incidents that firms responded to dipped in early 2022, it came roaring back toward the end of the year and into early 2023. With this came higher ransom demands and, eventually, payments. The largest ransom demand last year was more than $90 million, with the largest payment exceeding $8 million. Both were larger than in 2021 (more than $60 million and $5.5 million respectively).
Ransomware groups are upping their attacks all the time and you don’t want to be an easy target.
https://www.theregister.com/2023/05/02/data_breach_costs_rise/
Give NotPetya-hit Merck that $1.4B, Appeals Court Tells Insurers
In a significant ruling this week a court in the US found that pharmaceutical company Merck's insurers can't use an "act of war" clause to deny the pharmaceutical giant an enormous payout to clean up its NotPetya infection from 2017. The ruling will also undoubtedly affect the language used in underwriting policies, especially when it comes to risks such as ransomware and cyber warfare.
https://www.theregister.com/2023/05/03/merck_14bn_insurance_payout_upheld/
4 Ways Leaders Should Re-evaluate Their Cyber Security's Focus
The technology industry has long been building walls around structured data and communications—with little consideration of how employees use that information. Outlined below are four 4 ways leaders can better protect raw data.
Recognise that priorities have evolved.
Understand that security burdens have changed.
Understand why, despite best efforts, criminals are still successful.
Evaluate the ways in which you are protecting your most vulnerable data.
Threats
Ransomware, Extortion and Destructive Attacks
Data loss costs go up, and not just from ransom shakedowns • The Register
To Fight Ransomware, Move Beyond Detection to Real-Time Response, Fortinet Study Says - MSSP Alert
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
Merck's $1.4B NotPetya insurance payout upheld by court • The Register
GuidePoint Study Shows a 27% Spike in Public Ransomware Victims - MSSP Alert
Rapture, a Ransomware Family With Similarities to Paradise (trendmicro.com)
The Tragic Fallout From a School District’s Ransomware Breach | WIRED
Hackers leak images to taunt Western Digital's cyber attack response (bleepingcomputer.com)
‘Big game hunting’ hackers ALPHV claim major breach of law firm HWL Ebsworth (afr.com)
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (darkreading.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
BlackCat group releases screenshots of stolen Western Digital data | CSO Online
Ransomware Attack Affects Dallas Police, Court Websites – Security Week
Studies show ransomware has already caused patient deaths | TechTarget
Cold storage giant Americold outage caused by network breach (bleepingcomputer.com)
Payment software giant AvidXchange suffers its second ransomware attack of 2023 | TechCrunch
City of Dallas hit by Royal ransomware attack impacting IT services (bleepingcomputer.com)
Ransomware gang hijacks university alert system to issue threats (bleepingcomputer.com)
Cyber attack cost conveyancing giant £7m - but the insurers paid up | News | Law Gazette
Teiss - News - Lockbit 3.0 targets Fullerton India, demands a £2.3 million ransom
Phishing & Email Based Attacks
Malicious HTML Attachment Volumes Surge - Infosecurity Magazine (infosecurity-magazine.com)
A Comprehensive Look At Email-Based Threats In 2023 (informationsecuritybuzz.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor (darkreading.com)
Security experts are using malware's own code to protect potential victims | TechSpot
New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks (thehackernews.com)
How to Detect and Remove a Keylogger From Your Computer (howtogeek.com)
Hackers start using double DLL sideloading to evade detection (bleepingcomputer.com)
Mobile
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Google fought a mountain of malware in 2022 | Android Central
Google Bans Thousands of Play Store Developer Accounts to Block Malware (darkreading.com)
Digital Intruders – Top Ways Hackers Can Breach Your Smartphone’s Security (freecodecamp.org)
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
Botnets
Cyber criminals use proxies to legitimise fraudulent requests - Help Net Security
Bot Attacks Are Easy to Launch, Human Security Reports - MSSP Alert
Denial of Service/DoS/DDOS
Internet of Things – IoT
Hackers exploit 5-year-old unpatched flaw in TBK DVR devices (bleepingcomputer.com)
CISA warns of Mirai botnet exploiting TP-Link routers • The Register
Drone goggles maker claims firmware sabotaged to ‘brick’ devices (bleepingcomputer.com)
Data Breaches/Leaks
Kodi Forum Data Breach - Lessons Learned, Actions Taken | News | Kodi
T-Mobile suffered the second data breach in 2023 - Security Affairs
Sensitive data is being leaked from servers running Salesforce software | Ars Technica
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
Millions of patients’ data confirmed stolen after Fortra mass-hack | TechCrunch
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crooks broke into AT&T email accounts to empty their crypto wallets - Security Affairs
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
Hackers stole $93M from crypto projects in April (cryptoslate.com)
Insider Risk and Insider Threats
The costly threat that many businesses fail to address - Help Net Security
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Fraud, Scams & Financial Crime
Hackers swap stealth for realistic checkout forms to steal credit cards (bleepingcomputer.com)
Advanced Fee Fraud Surges by Over 600% - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals use proxies to legitimize fraudulent requests - Help Net Security
UK to ban all cold calls selling financial products - BBC News
Smartphone owners warned about ‘shoulder-surfing’ thieves (thetimes.co.uk)
UK intelligence agencies to step up anti-fraud efforts | Financial Times (ft.com)
National Crime Agency urged to crush rogue US candy stores (thetimes.co.uk)
Clampdown on cold calls and mass texting technology announced in UK | Scams | The Guardian
AML/CFT/Sanctions
Dark Web
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals – Security Week
Supply Chain and Third Parties
How to keep calm and carry on in a supply chain attack • The Register
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack | WIRED
DOJ Detected SolarWinds Breach Months Before Public Disclosure | WIRED
Aviva says it thinks customer data secure after Capita cyber attack (proactiveinvestors.co.uk)
Cloud/SaaS
Using just-in-time access to reduce cloud security risk - Help Net Security
Cloud security threats are growing faster than ever | TechRadar
Hybrid/Remote Working
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
White House seeks information on tools used for automated employee surveillance | Computerworld
Attack Surface Management
Encryption
API
Report shows 92% of orgs experienced an API security incident last year | VentureBeat
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
5 API security best practices you must implement - Help Net Security
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
Open Source
Passwords, Credential Stuffing & Brute Force Attacks
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
Your passwords could be cracked using thermal cameras powered by AI | TechRadar
Your Google Account is getting rid of its password (androidpolice.com)
PSA. Don’t share your password in your app’s release notes • Graham Cluley
Social Media
TikTok security breach allowed attackers to leak personal information (ynetnews.com)
Twitter outage logs you out and won’t let you back in (bleepingcomputer.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
Strike 3: FTC says Meta still failing to protect privacy • The Register
Malvertising
Regulations, Fines and Legislation
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
White House unveils AI rules to address safety and privacy | Computerworld
Governance, Risk and Compliance
Hackers Are Finding Ways to Evade Latest Cyber security Tools (yahoo.com)
Global Cyber Attacks Rise by 7% in Q1 2023 - Infosecurity Magazine (infosecurity-magazine.com)
European Data at Risk With Tick-box GDPR Compliance and High Cyber attack Volumes- IT Security Guru
Data loss costs go up, and not just from ransom shakedowns • The Register
Boards Are Having the Wrong Conversations About Cyber security (hbr.org)
Uber Ex-Security Chief Joe Sullivan to Be Sentenced for Breach (gizmodo.com)
Trends and Insights from the New Global Threat Intelligence Report - MSSP Alert
Why Your Detection-First Security Approach Isn't Working (thehackernews.com)
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
What the Cyber security Industry Can Learn From the SVB Crisis (darkreading.com)
4 Ways Leaders Should Reevaluate Their Cyber security's Focus (forbes.com)
Optimising Cyber Security Costs In A Recession (informationsecuritybuzz.com)
Malicious content lurks all over the web - Help Net Security
Microsoft Digital Defence Report: Key Cyber crime Trends (darkreading.com)
Closing up holes: Infoseccers on being less reactive • The Register
Organisations brace for cyber attacks despite improved preparedness - Help Net Security
Global Cyber Risk Lowers to Moderate Level in 2H' 2022 (trendmicro.com)
Japan’s ‘myth of security’ raises cyber attack risk | Financial Times (ft.com)
Secure Disposal
Careers, Working in Cyber and Information Security
UK Cyber Security Council launches certification mapping tool - Help Net Security
DHS’ cyber talent management system slowly gaining traction | Federal News Network
The warning signs for security analyst burnout and ways to prevent - Help Net Security
Google Launches Cyber security Career Certificate Program (darkreading.com)
Law Enforcement Action and Take Downs
FBI Uncovers 9 Crypto Exchanges In Ransomware Laundering (informationsecuritybuzz.com)
US, Ukraine Shut Down Cryptocurrency Exchanges Used by Cyber criminals - SecurityWeek
Privacy, Surveillance and Mass Monitoring
Open Banking: A Perfect Storm for Security and Privacy? - SecurityWeek
Employees Using ‘Productivity Theater’ To Protect Against Surveillance, Study Finds (forbes.com)
Apple and Google Team Up to Stop Unwanted Tracking by AirTags, Other Devices - CNET
White House seeks information on tools used for automated employee surveillance | Computerworld
Strike 3: FTC says Meta still failing to protect privacy • The Register
Artificial Intelligence
5 ways threat actors can use ChatGPT to enhance attacks | CSO Online
Workers are secretly using ChatGPT, AI, with big risks for companies (cnbc.com)
AI will do 'real damage', warns Microsoft chief (telegraph.co.uk)
Microsoft’s chief economist says A.I. can be dangerous | Fortune
It's time to harden AI and ML for cyber security | TechTarget
Stop using generative-AI tools, Samsung orders staff | Digital Trends
ChatGPT Confirms Data Breach, Raising Security Concerns (securityintelligence.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
PrivateGPT Tackles Sensitive Info in ChatGPT Prompts (darkreading.com)
Meta kills over 1,000 ChatGPT-related malicious spoofs • The Register
How AI is reshaping the cyber security landscape - Help Net Security
White House unveils AI rules to address safety and privacy | Computerworld
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (bleepingcomputer.com)
Russian APT Hacked Tajikistani Carrier to Spy on Government, Public Services - SecurityWeek
Russian APT Nomadic Octopus hacked Tajikistani carrier - Security Affairs
Russia’s APT28 targets Ukraine with bogus Windows updates • The Register
Russian spy network smuggles sensitive EU tech despite sanctions | Financial Times (ft.com)
Finnish newspaper hides Ukraine news reports for Russians in online game | Censorship | The Guardian
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
Nation State Actors
China’s Hackers Vastly Outnumber US. Cyber Agents by 50 to 1, FBI Director Testifies - MSSP Alert
Chinese APT Uses New 'Stack Rumbling' Technique to Disable Security Software - SecurityWeek
China 'Innovated' Its Cyber attack Tradecraft, Mandia Says (darkreading.com)
'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware (darkreading.com)
APT41 Subgroup Plows Through Asia-Pacific, Utilizing Layered Stealth Tactics (darkreading.com)
APT41’s PowerShell Backdoor Download Files From Windows (cyber securitynews.com)
US Chamber of Commerce warns of major increase in risks for businesses in China | CNN Business
China’s ‘men in black’ step up scrutiny of foreign corporate sleuths | Financial Times (ft.com)
Microsoft says Iranian hackers combine influence ops with hacking for maximum impact | CyberScoop
Attack on Security Titans: Earth Longzhi Returns With New Tricks (trendmicro.com)
North Korean APT Gets Around Macro-Blocking With LNK Switch-Up (darkreading.com)
Meta Unravels Social Media Cyber Espionage Operations In South Asia (informationsecuritybuzz.com)
China labels USA ‘Empire of hacking’ citing old WikiLeaks • The Register
Kimsuky hackers use new recon tool to find security gaps (bleepingcomputer.com)
Vulnerability Management
Vulnerabilities
WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin (searchenginejournal.com)
Cisco discloses a bug in Prime Collaboration Deployment solution - Security Affairs
Cisco Warns of Critical Vulnerability in EoL Phone Adapters - SecurityWeek
Apple pushes first-ever 'rapid' patch, rapidly screws up • The Register
Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now (thehackernews.com)
Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (thehackernews.com)
AMD TPM Exploit: faulTPM Attack Defeats BitLocker and TPM-Based Security (Updated) (msn.com)
Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation - SecurityWeek
Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service (thehackernews.com)
Apple Releases First-Ever Security Updates for Beats, AirPods Headphones - SecurityWeek
Some of the top AMD chips are suffering a serious security flaw | TechRadar
Tools and Controls
How Strategic Threat Intelligence Elevates a Cyber security Program (accelerationeconomy.com)
86 percent of developers knowingly deploy vulnerable code (betanews.com)
The hidden security risks in tech layoffs and how to mitigate them | CSO Online
Benefits and Challenges of Data Analytics in Cyber security (analyticsinsight.net)
ViperSoftX info-stealing malware now targets password managers (bleepingcomputer.com)
It's time to harden AI and ML for cyber security | TechTarget
Using just-in-time access to reduce cloud security risk - Help Net Security
Using multiple solutions adds complexity to your zero trust strategy - Help Net Security
Your decommissioned routers could be a security disaster | Network World
Wanted Dead or Alive: Real-Time Protection Against Lateral Movement (thehackernews.com)
5 API security best practices you must implement - Help Net Security
3 questions CISOs expect you to answer during a security pitch | TechCrunch
Level Finance crypto exchange hacked after two security audits (bleepingcomputer.com)
4 Principles for Creating a New Blueprint for Secure Software Development (darkreading.com)
How To Secure Web Applications Against AI-assisted Cyber Attacks (bleepingcomputer.com)
AppSec Making Progress or Spinning Its Wheels? (darkreading.com)
Windows admins can now sign up for ‘known issue’ email alerts (bleepingcomputer.com)
Top API vulnerabilities organisations can't afford to ignore - Help Net Security
How AI is reshaping the cyber security landscape - Help Net Security
Getting cyber-resilience right in a zero-trust world starts at the endpoint | VentureBeat
Practical Protection: Limiting the Damage from Local Admin Accounts (practical365.com)
To Fight Cyber Extortion and Ransomware, Shift Left (trendmicro.com)
Using Threat Intelligence to Get Smarter About Ransomware – Security Week
New Generative AI Tools Aim to Improve Security (darkreading.com)
Other News
Firmware Looms as the Next Frontier for Cyber security (darkreading.com)
Open Banking: A Perfect Storm for Security and Privacy? – Security Week
Malicious content lurks all over the web - Help Net Security
How Public-Private Information Sharing Can Level the Cyber security Playing Field (darkreading.com)
Eric Idle tells RSAC to look in the bright side of life • The Register
Your decommissioned routers could be a security disaster | Network World
FBI Focuses on Cyber security With $90M Budget Request (darkreading.com)
Google will remove secure website indicators in Chrome 117 (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 28 April 2023
Black Arrow Cyber Threat Briefing 28 April 2023:
- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key
- Shadow IT, SaaS Pose Security Liability for Enterprises
- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
- Over 70 billion Unprotected Files Available on Unsecured Web Servers
- Cyber Thieves Are Getting More Creative
- Modernising Vulnerability Management: The Move Toward Exposure Management
- Almost Three-quarters of Cyber Attacks Involve Ransomware
- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
- Email Threat Report 2023: Key Takeaways
- 5 Most Dangerous New Attack Techniques
- Many Public Salesforce Sites are Leaking Private Data
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key
Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.
Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.
Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.
Shadow IT, SaaS Pose Security Liability for Enterprises
There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.
A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.
To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.
https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises
The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection
While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.
According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.
Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks
Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.
The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.
Over 70 Billion Unprotected Files Available on Unsecured Web Servers
A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.
The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.
Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/
Cyber Thieves Are Getting More Creative
Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.
Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.
https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative
Modernising Vulnerability Management: The Move Toward Exposure Management
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.
Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.
As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.
https://thehackernews.com/2023/04/modernizing-vulnerability-management.html
Two-thirds of Cyber Attacks Involve Ransomware
A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.
Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts
A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).
Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.
When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.
https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/
NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities
According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.
Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.
https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/
Email Threat Report 2023: Key Takeaways
According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.
With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.
https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/
5 Most Dangerous New Attack Techniques
Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.
The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.
https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html
Many Public Salesforce Sites are Leaking Private Data
A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.
This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.
It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
Threats
Ransomware, Extortion and Destructive Attacks
New coercive tactics used to extort ransomware payments - Help Net Security
Almost three-quarters of cyber attacks involve ransomware | Computer Weekly
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (thehackernews.com)
Tank storage company Vopak hacked, Ransomware groups report | NL Times
Health insurer Point32Health suffered a ransomware attack-Security Affairs
Hacker demands ransom after 'taking control' of Wiltshire school's IT | Swindon Advertiser
RSAC speaker offers ransomware victims unconventional advice | TechTarget
How ransomware victims can make the best of a bad situation | TechTarget
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse (gizmodo.com)
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
CommScope employees left in the dark after ransomware attack | TechCrunch
Phishing & Email Based Attacks
How Dangerous Is Phishing in 2023? - Duo Blog | Duo Security
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioural AI (darkreading.com)
BEC – Business Email Compromise
2FA/MFA
CrowdStrike details new MFA bypass, credential theft attack | TechTarget
Phishing-resistant MFA shapes the future of authentication forms - Help Net Security
Malware
Malware-Free Cyber attacks Are On the Rise; Here's How to Detect Them (darkreading.com)
Ex-Conti and FIN7 Actors Collaborate with New Backdoor (securityintelligence.com)
EvilExtractor malware activity spikes in Europe and the US (bleepingcomputer.com)
Zaraza Malware Exploits Web Browsers To Steal Stored Passwords (latesthackingnews.com)
This evil malware disables your security software, then goes in for the kill | TechRadar
Decoy Dog malware toolkit found after analysing 70 billion DNS queries (bleepingcomputer.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
A Security Team Is Turning This Malware Gang’s Tricks Against It | WIRED
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Mobile
WhatsApp used in BEC scam to pilfer $6.4M | SC Media (scmagazine.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
New SLP bug can lead to massive 2,200x DDoS amplification attacks (bleepingcomputer.com)
'Anonymous Sudan' Claims Responsibility for DDoS Attacks Against Israel (darkreading.com)
Internet of Things – IoT
Data Breaches/Leaks
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Many Public Salesforce Sites are Leaking Private Data – Krebs on Security
American Bar Association data breach hits 1.4 million members (bleepingcomputer.com)
American Bar Association (ABA) suffered a data breach-Security Affairs
Shields Health Breach Exposes 2.3M Users' Data (darkreading.com)
Serving UK Armed Forces member charged under Official Secrets Act (telegraph.co.uk)
Yellow Pages Canada confirms cyber attack as Black Basta leaks data (bleepingcomputer.com)
Vantage Travel Experiences Data Security Incident (darkreading.com)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
The IRS is sending four investigators across the world to fight cyber crime | TechCrunch
US deploys more cyber forces abroad to help fight hackers | Reuters
The ‘Your computer was locked’ scam is gaining traction (consumeraffairs.com)
Google banned 173K developer accounts to block malware, fraud rings (bleepingcomputer.com)
Deepfakes
AML/CFT/Sanctions
Insurance
Dark Web
Supply Chain and Third Parties
The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks | WIRED
That 3CX supply chain attack keeps getting worse • The Register
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
North Korean hackers breach software firm in significant cyber attack | CNN Politics
SD Worx hack: Payroll firm for M&S hit by cyber attack (thetimes.co.uk)
A third-party’s perspective on third-party InfoSec risk management - Help Net Security
Software Supply Chain
Cloud/SaaS
Shadow IT, SaaS Pose Security Liability for Enterprises (darkreading.com)
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Ransomware attacks, human error main cause of cloud data breaches: Report (business-standard.com)
GhostToken Flaw Could Let Attackers Hide Malicious Apps in Google Cloud Platform (thehackernews.com)
Saas Security: The Need For Continuous Sustenance (informationsecuritybuzz.com)
How CISOs navigate security and compliance in a multi-cloud world - Help Net Security
Security experts found a major bug in Google Cloud | TechRadar
Most SaaS adopters exposed to browser-borne attacks - Help Net Security
Exposed Artifacts Seen In Misconfigured Cloud Software Registries (informationsecuritybuzz.com)
Google accounts attacked and hijacked by this devious security flaw | TechRadar
Containers
Kubernetes RBAC abused to create persistent cluster backdoors (bleepingcomputer.com)
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC-Security Affairs
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Attack Surface Management
Over 70 billion unprotected files available on unsecured web servers - Help Net Security
Study of past cyber attacks can improve organisations' defence strategies - Help Net Security
Shadow IT
Identity and Access Management
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Combating Kubernetes — the Newest IAM Challenge (darkreading.com)
Open Source
The double-edged sword of open-source software - Help Net Security
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Chinese hackers launch Linux variant of PingPull malware | CSO Online
Linux version of RTM Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Password reset woes could cost FTSE 100 companies $156 million each month - Help Net Security
A '!password20231#' password may not be as complex as you think (bleepingcomputer.com)
Social Media
Malvertising
Google ads push BumbleBee malware used by ransomware gangs (bleepingcomputer.com)
35M Downloads Of Android Minecraft Clones Spreads Adware (informationsecuritybuzz.com)
Training, Education and Awareness
Digital Transformation
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
Is your bank account safe? Mass layoffs weaken cyber security across finance sector | Fox Business
The strong link between cyber threat intelligence and digital risk protection | CSO Online
Organisations are stepping up their game against cyber threats - Help Net Security
CISOs: unsupported, unheard, and invisible - Help Net Security
The Relationship Between Security Maturity and Business Enablement | CSO Online
CISOs Rethink Data Security with Info-Centric Framework (darkreading.com)
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
Good, Better And Best Security (informationsecuritybuzz.com)
SANS Reveals Top 5 Most Dangerous Cyber attacks for 2023 (darkreading.com)
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
UK Cyber Pros Burnt Out and Overwhelmed - Infosecurity Magazine (infosecurity-magazine.com)
How to Begin a Career in Ethical Hacking in the Year 2023? (analyticsinsight.net)
Law Enforcement Action and Take Downs
To combat cyber crime, US law enforcement increasingly prioritizes disruption | CyberScoop
US to focus on stifling cyber attacks, not convictions • The Register
US deploys more cyber forces abroad to help fight hackers | Reuters
Effects of the Hive Ransomware Group Takedown (darkreading.com)
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
The Growing Need for Cyber Security in an Age of AI Disruption (analyticsinsight.net)
Cyber security Survival: Hide From Adversarial AI (darkreading.com)
AI Experts: Account for AI/ML Resilience & Risk While There's Still Time (darkreading.com)
NSA Cyber security Director Says ‘Buckle Up’ for Generative AI | WIRED
From ChatGPT to HackGPT: Meeting the Cyber security Threat of Generative AI (mit.edu)
ChatGPT fans need 'defensive mindset' to avoid scammers • The Register
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
The New Frontier in Email Security: Goodbye, Gateways; Hello, Behavioral AI (darkreading.com)
Nvidia releases a toolkit to make text-generating AI ‘safer’ | TechCrunch
Artificial intelligence takes RSA Conference by storm | SC Media (scmagazine.com)
Secureworks CEO weighs in on XDR landscape, AI concerns | TechTarget
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
FBI aiding Ukraine in collection of digital and physical war crime evidence | CyberScoop
NSA sees 'significant' Russian intel gathering on European, US supply chain entities | CyberScoop
UK undersea cables worth £7.4 trillion a day under ‘real threat’ from Russia | The Independent
Eurocontrol says website 'under attack' by pro-Russia crew • The Register
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering (thehackernews.com)
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Nation State Actors
Chinese Cyber spies Delivered Malware via Legitimate Software Updates - SecurityWeek
North Korean hackers breach software firm in significant cyber attack | CNN Politics
China building cyber weapons to hijack enemy satellites, says US leak | Financial Times (ft.com)
NCSC raises alert on cyber threat to infrastructure | UKAuthority
Iran cyberespionage group taps SimpleHelp for persistence on victim devices | CSO Online
DHS announces AI task force, security sprint on China-related threats | SC Media (scmagazine.com)
North Korea's Kimsuky APT Keeps Growing, Despite Public Outing (darkreading.com)
APT 'Mint Sandstorm' quickly exploits new PoC hacks | SC Media (scmagazine.com)
Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers (thehackernews.com)
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware (thehackernews.com)
US Cyberwarriors Thwarted 2020 Iran Election Hacking Attempt - SecurityWeek
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
Linux Shift: Chinese APT Alloy Taurus Is Back With Retooling (darkreading.com)
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks (thehackernews.com)
Iranian cyber spies deploy new malware implant on Microsoft Exchange Servers | CSO Online
Ukrainian arrested for selling data of 300M people to Russians (bleepingcomputer.com)
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Chinese hackers launch Linux variant of PingPull malware | CSO Online
CISA, Cyber Command Collaboration Blocks Attempted Attacks on US Interests - MSSP Alert
Lazarus, Scarcruft North Korean APTs Shift Tactics, Thrive (darkreading.com)
Vulnerabilities
New Google Chrome Zero-Day Bug Actively Exploited in Wide (gbhackers.com)
Flaw in Microsoft Process Explorer under active attack • The Register
APC warns of critical unauthenticated RCE flaws in UPS software (bleepingcomputer.com)
Double zero-day in Chrome and Edge – check your versions now! – Naked Security (sophos.com)
Security experts found a major bug in Google Cloud | TechRadar
TP-Link Archer WiFi router flaw exploited by Mirai malware (bleepingcomputer.com)
SolarWinds Platform Update Patches High-Severity Vulnerabilities - SecurityWeek
VMware Releases Critical Patches for Workstation and Fusion Software (thehackernews.com)
Cisco discloses XSS zero-day flaw in server management tool (bleepingcomputer.com)
Microsoft removes LSA Protection from Windows settings to fix bug (bleepingcomputer.com)
PaperCut says hackers are exploiting ‘critical’ security flaws in unpatched servers | TechCrunch
FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability - SecurityWeek
Tools and Controls
Corporate boards pressure CISOs to step up risk mitigation efforts - Help Net Security
14 Kubernetes and Cloud Security Challenges and How to Solve Them (thehackernews.com)
Six Key Considerations When Choosing a Web Application Firewall - Security Boulevard
The Complexities of Cyber Insurance | Cyber Risk Management (telos.com)
Unified Endpoint Management: A Powerful Tool for Your Cyber security Arsenal | CSO Online
GitLab’s new security feature uses AI to explain vulnerabilities to developers | TechCrunch
Google Authenticator finally, mercifully adds account syncing for two-factor codes - The Verge
The Needs of a Modernized SOC for Hybrid Cloud (securityintelligence.com)
Rethinking the effectiveness of current authentication initiatives - Help Net Security
Google will add End-to-End encryption to Google Authenticator (bleepingcomputer.com)
Google 2FA Syncing Feature Could Put Your Privacy at Risk (darkreading.com)
CISOs struggle to manage risk due to DevSecOps inefficiencies - Help Net Security
Generative AI and security: Balancing performance and risk - Help Net Security
CISA aims to reduce email threats with serial CDR prototype | TechTarget
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Reports Published in the Last Week
Other News
The threat from commercial cyber proliferation - NCSC.GOV.UK
Hackers could learn how to send fake terror threats on YouTube, warn experts (telegraph.co.uk)
Government launches new cyber security measures to tackle ever growing threats - GOV.UK (www.gov.uk)
Attackers are logging in instead of breaking in - Help Net Security
38 Countries Take Part in NATO's 2023 Locked Shields Cyber Exercise - SecurityWeek
The White House National Cyber security Strategy Has a Fatal Flaw (darkreading.com)
Threat Actor Names Proliferate, Adding Confusion (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 April 2023
Black Arrow Cyber Threat Briefing 21 April 2023:
-March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
-Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
-One in Three Businesses Faced Cyber Attacks Last Year
-Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
-Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
-Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
-83% of Organizations Paid Up in Ransomware Attacks
-Security is a Revenue Booster, Not a Cost Centre
-EX-CEO Gets Prison Sentence for Bad Security
-Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
-KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
-Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber-Attack
-Outdated Cyber Security Practices Leave Door Open for Criminals
-Quantifying cyber risk vital for business survival
-Recycled Network Devices Exposing Corporate Secrets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
March 2023 Broke Ransomware Attack Records with a 91% Increase from the Previous Month
March 2023 was the most prolific month recorded by cyber security analysts in recent years, measuring 459 attacks, an increase of 91% from the previous month and 62% compared to March 2022. According to NCC Group, which compiled the report based on statistics derived from its observations, the reason last month broke all ransomware attack records was CVE-2023-0669. This is a vulnerability in Fortra's GoAnywhere MFT secure file transfer tool that the Clop ransomware gang exploited as a zero-day to steal data from 130 companies within ten days.
Regarding the location of last month's victims, almost half of all attacks (221) breached entities in North America. Europe followed with 126 episodes, and Asia came third with 59 ransomware attacks.
The recorded activity spike in March 2023 highlights the importance of applying security updates as soon as possible, mitigating potentially unknown security gaps like zero days by implementing additional measures and monitoring network traffic and logs for suspicious activity.
Organisations Overwhelmed with Cyber Security Alerts, Threats and Attack Surfaces
Many organisations are struggling to manage key security projects while being overwhelmed with volumes of alerts, increasing cyber threats and growing attack surfaces, a new report has said. Compounding that problem is a tendency by an organisation’s top brass to miss hidden risks associated with digital transformation projects and compliance regulations, leading to a false sense of confidence in their awareness of these vulnerabilities.
The study comprised IT professionals from the manufacturing, government, healthcare, financial services, retail and telecommunications industries. Five of the biggest challenges they face include:
Keeping up with threat intelligence (70%)
Allocating cyber security resources and budget (47%)
Visibility into all assets connected to the network (44%)
Compliance and regulation (39%)
Convergence of IT and OT (32%)
The report also focused on breaches within organisations, finding that 64% had suffered a breach or ransomware attack in the last five years; 43% said it had been caused by employee phishing.
One in Three Businesses Faced Cyber Attacks Last Year
Nearly a third of businesses and a quarter of charities have said they were the subject of cyber attacks or breaches last year, new data has shown. Figures collected for the UK Government by polling company Ipsos show a similar proportion of larger and medium-sized companies and high-income charities faced attacks or breaches last year as in 2021.
Overall, 32% of businesses said they had been subject to attacks or breaches over a 12-month period, with 24% of charities saying the same. Meanwhile, about one in ten businesses (11%) and 8% of charities said they had been the victims of cyber crime – which is defined more narrowly – over the 12-month period. This rose to a quarter (26%) of medium-sized businesses, 37% of large businesses and 25% of high-income charities. The UK Government estimated there had been 2.4 million instances of cyber crime against UK businesses, costing an average of £15,300 per victim.
https://www.aol.co.uk/news/one-three-businesses-faced-cyber-105751822.html
Why Your Anti-Fraud, Identity & Cyber Security Efforts Should Be Merged
Across early-stage startups and mature public companies alike, organisations are increasingly moving to a convergence of fraud prevention, identity and access management (IdAM), and cyber security. To improve an organisation's overall security posture, business, IT, and fraud leaders must realise that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling that today's organisations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers. At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimisation. Cutting back in the wrong areas, however, increases risk.
Tight Budgets and Burnout Push Enterprises to Outsource Cyber Security
With cyber security teams struggling to manage the remediation process and monitor for vulnerabilities, organisations are at a higher risk for security breaches, according to cyber security penetration test provider Cobalt. As enterprises prioritise efficiencies, security leaders increasingly turn to third-party vendors to alleviate the pressures of consistent testing and to fill in talent gaps.
Cobalt’s recent report found:
Budget cuts and layoffs plague security teams: 63% of US cyber security professionals had their department’s budget cut in 2023.
Cyber security professionals deprioritise responsibilities to stay afloat: 79% of US cyber security professionals admit to deprioritising responsibilities leading to a backlog of unaddressed vulnerabilities.
Inaccurate security configurations cause vulnerabilities: 40% of US respondents found the most security vulnerabilities were related to server security misconfigurations.
https://www.helpnetsecurity.com/2023/04/19/cybersecurity-professionals-responsibilities/
Complex 8 Character Passwords Can Be Cracked in as Little as 5 Minutes
Recently, security vendor Hive released their findings on the time it takes to brute force a password in 2023. This year’s study included the emergence of AI tools. The vendor found that a complex 8 character password could be cracked in as little as 5 minutes. This number rose to 226 years when 12 characters were used and 1 million years when 14 characters were used. A complex password involves the use of numbers, upper and lower case letters and symbols.
Last year, the study found the same 8 and 12 character passwords would have taken 39 minutes and 3,000 years, showing the significant drop in the time it takes to brute force a password. The study highlights the importance for organisations to be aware of their password security and the need for consistent review and updates to the policy.
https://www.hivesystems.io/blog/are-your-passwords-in-the-green
83% of Organisations Paid Up in Ransomware Attacks
A report this week found that 83% of victim organisations paid a ransom at least once. The report found that while entities like the FBI and CISA argue against paying ransoms, many organisations decide to eat the upfront cost of paying a ransom, costing an average of $925,162, rather than enduring the further operational disruption and data loss.
Organisations are giving ransomware attackers leverage over their data by failing to address vulnerabilities created by unpatched software, unmanaged devices and shadow IT. For instance, 77% of IT decision makers argue that outdated cyber security practices have contributed to at least half of security incidents. Over time, these unaddressed vulnerabilities multiply, giving threat actors more potential entry points to exploit and greater leverage to force companies into paying up.
https://venturebeat.com/security/83-of-organizations-paid-up-in-ransomware-attacks/
Security is a Revenue Booster, Not a Cost Centre
Security has historically been seen as a cost centre, which has led to it being given as little money as possible. Many CISOs, CSOs, and CROs fed into that image by primarily talking in terms of disaster avoidance, such as data breaches hurting the enterprise and ransomware potentially shutting it down. But what if security presented itself instead as a way to boost revenue and increase market share? That could easily shift those financial discussions into something much more comfortable.
For example, Apple touted its investments into the secure enclave to claim that it offers users better privacy. Specifically, the company argued that it couldn't reveal information to federal authorities because the enclave was just that secure. Apple turned that into a powerful competitive argument against rival Android creator Google, which makes much of its revenue by monetising users' data.
In another scenario, bank regulations require financial institutions to reimburse customers who are victimised by fraudsters, but they carve out an exception for wire fraud. Imagine if a bank realises that covering all fraud — even though it is not required to do so — could be a powerful differentiator that would boost its market share by supporting customers better than competitors do.
https://www.darkreading.com/edge-articles/security-is-a-revenue-booster-not-a-cost-center
Ex-CEO Gets Prison Sentence for Bad Security
A clinic was recently subject to a cyber attack and even though the clinic was itself the victim, the ex-CEO of the clinic faced criminal charges, too. It would appear that the CEO was aware of the clinic’s failure to employ data security precautions and was aware of this for up to two years before the attack took place.
Worse still, the CEO allegedly knew about the problems because the clinic suffered breaches in 2018 and 2019, and failed to report them; presumably hoping that no traceable cyber crimes would arise as a result, and thus that the company would never get caught out. However, modern breach disclosure and data protection regulations, such as GDPR in Europe, make it clear that data breaches can’t simply be “swept under the carpet” any more, and must be promptly disclosed for the greater good of all.
The former CEO has now been convicted and given a prison sentence, reminding business leaders that merely promising to look after other people’s personal data is not enough. Paying lip service alone to cyber security is insufficient, to the point that you can end up being treated as both a cyber crime victim and a perpetrator at the same time.
Warning From UK Cyber Agency for a New ‘Class’ of Russian Hackers
There is a new ‘class’ of Russian hackers, the UK cyber-agency NCSC warns. Due to an increased danger of attacks by state-aligned Russian hackers, the NCSC is encouraging all businesses to put the recommended protection measures into place. The NCSC alert states, “during the past 18 months, a new kind of Russian hacker has developed.” These state-aligned organisations frequently support Russia’s incursion and are driven more by ideology than money. These hacktivist organisations typically concentrate their harmful online activity on launching DDoS (distributed denial of service) assaults against vital infrastructure, including airports, the legislature, and official websites. The NCSC has released a special guide with a list of steps businesses should take when facing serious cyber threats. System patching, access control confirmation, functional defences, logging, and monitoring, reviewing backups, incident plans, and third-party access management are important steps.
https://informationsecuritybuzz.com/warning-uk-cyberagency-russian-hackers/
KnowBe4 Q1 Phishing Report Reveals IT and Online Services Emails Drive Dangerous Attack Trend
KnowBe4 announced the results of its Q1 2023 top-clicked phishing report, and the results included the top email subjects clicked on in phishing tests.
The report found that phishing tactics are changing with the increasing trend of cyber criminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
71% of the most effective phishing lures related to HR (including leave, dress code, expenses, pay and performance) or tax, and these types of emails continue to be very effective.
Emails that are disguised as coming from an internal source such as the IT department or HR are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as sceptical. Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.
Outsourcing Group Capita Admits Customer Data May Have Been Breached During Cyber Attack
Capita, which runs crucial services for the UK NHS, Government, Military and Financial Services, has for the first time admitted that hackers accessed potential customer, staff and supplier data during a cyber attack last month. The company said its investigation into the attack – which caused major IT outages for clients – found that hackers infiltrated its systems around 22 March, meaning they had around nine days before Capita “interrupted” the breach on 31 March.
While Capita has admitted that data was breached during the incident, it raises the possibility that public sector information was accessed by hackers. Capita, which employs more than 50,000 people in Britain, is one of the government’s most important suppliers and holds £6.5bn-worth of public sector contracts. Capita stopped short of disclosing how many customers were potentially affected by the breach, and is still notifying anyone whose data might be at risk.
Outdated Cyber Security Practices Leave Door Open for Criminals
A recent report found that as organisations increasingly find themselves under attack, they are drowning in cyber security debt – unaddressed security vulnerabilities like unpatched software, unmanaged devices, shadow IT, and insecure network protocols that act as access points for bad actors. The report found a worrying 98% of respondents are running one or more insecure network protocols and 47% had critical devices exposed to the internet. Despite these concerning figures, fewer than one-third said they have immediate plans to address any of the outdated security practices that put their organisations at risk.
https://www.helpnetsecurity.com/2023/04/20/outdated-cybersecurity-practices/
Quantifying Cyber Risk Vital for Business Survival
Organisations are starting to wake up to the fact that the impact of ransomware and other cyber attacks cause long term issues. The financial implications are far reaching and creating barriers for companies to continue operations after these attacks. As such, quantifying cyber risk is business-specific, and organisations must assess what type of loss they may face, which includes revenue, remediation, legal settlement, or otherwise.
https://www.helpnetsecurity.com/2023/04/19/cyber-attacks-financial-impact/
Recycled Network Devices Exposing Corporate Secrets
Over half of corporate network devices sold second-hand still contain sensitive company data, according to a new study. The study involved the purchase of recycled routers, finding that 56% contained one or more credentials as well as enough information to identify the previous owner.
Some of the analysed data included customer data, credentials, connection details for applications and authentication keys. In some cases, the data allowed for the location of remote offices and operators, which could be used in subsequent exploitation efforts.
In a number of cases the researchers were able to determine with high confidence — based on the data still present on the devices — who their previous owner was. The list included a multinational tech company and a telecoms firm, both with more than 10,000 employees and over $1 billion in revenue.
The study informed organisations who had owned the routers. Unfortunately, when contacted, some of the organisations failed to respond or acknowledge the findings.
https://www.infosecurity-magazine.com/news/recycled-network-exposing/
Threats
Ransomware, Extortion and Destructive Attacks
83% of organisations paid up in ransomware attacks | VentureBeat
March 2023 broke ransomware attack records with 459 incidents (bleepingcomputer.com)
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Vice Society ransomware uses new PowerShell data theft tool in attacks (bleepingcomputer.com)
RTM Locker: Emerging Cyber crime Group Targeting Businesses with Ransomware (thehackernews.com)
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
NCR was the victim of BlackCat/ALPHV ransomware gang - Security Affairs
Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site - SecurityWeek
LockBit ransomware encryptors found targeting Mac devices (bleepingcomputer.com)
Hackers publish sensitive employee data stolen during CommScope ransomware attack | TechCrunch
Vice Society is using custom PowerShell tool for data exfiltrationSecurity Affairs
Black Basta claims it's selling off stolen Capita data • The Register
Ransomware reinfection and its impact on businesses - Help Net Security
Microsoft SQL servers hacked to deploy Trigona ransomware (bleepingcomputer.com)
Play ransomware gang uses custom Shadow Volume Copy data-theft tool (bleepingcomputer.com)
Ransomware gangs abuse Process Explorer driver to kill security software (bleepingcomputer.com)
Medusa ransomware crew boasts of Microsoft code leak • The Register
New Ransomware Attack Hits Health Insurer Point32Health (informationsecuritybuzz.com)
Phishing & Email Based Attacks
New Qbot campaign delivers malware by hijacking business emails | CSO Online
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Phishing FAQ: How to Spot Scams and Stop Them in Their Tracks - CNET
UK government employees receive average of 2,246 malicious emails per year - IT Security Guru
BEC – Business Email Compromise
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
US charges three men with six million dollar business email compromise plot | Tripwire
2FA/MFA
Malware
Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor (securityintelligence.com)
US, UK warn of govt hackers using custom malware on Cisco routers (bleepingcomputer.com)
New QBot campaign delivered hijacking business correspondenceSecurity Affairs
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Raspberry Robin Adopts Unique Evasion Techniques - Infosecurity Magazine (infosecurity-magazine.com)
'AuKill' Malware Hunts & Kills EDR Processes (darkreading.com)
What Are Computer Worms And How To Prevent Them (informationsecuritybuzz.com)
Mobile
Android malware infiltrates 60 Google Play apps with 100M installs (bleepingcomputer.com)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
Botnets
Internet of Things – IoT
Military helicopter crash blamed on missing software patch • The Register
Why xIoT Devices Are Cyberattackers' Gateway Drug for Lateral Movement (darkreading.com)
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
The Car Thieves Using Tech Disguised Inside Old Nokia Phones and Bluetooth Speakers (vice.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Five Eye nations release new guidance on smart city cyber security | CSO Online
Data Breaches/Leaks
Kodi Confirms Data Breach: 400K User Records and Private Messages Stolen (thehackernews.com)
Rheinmetall suffers cyber attack, military business unaffected, spokesperson says | Reuters
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Online Gaming Chats Have Long Been Spy Risk for US Military - SecurityWeek
Air Force Unit in Document Leaks Case Loses Intel Mission - SecurityWeek
Organised Crime & Criminal Actors
Inside look at cyber criminal organisations: Why size matters | SC Media (scmagazine.com)
Standardized data collection methods can help fight cyber crime | TechTarget
Why Cyber criminals Love The Rust Programming Language (informationsecuritybuzz.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Insider Risk and Insider Threats
Human-Centered Approach Can Reduce Cyber security Failures, Gartner Predicts - MSSP Alert
HR Magazine - UK government plans to make businesses liable for employee fraud
Top risks and best practices for securely offboarding employees | CSO Online
How to Strengthen your Insider Threat Security - IT Security Guru
Fraud, Scams & Financial Crime
Pre-pandemic techniques are fueling record fraud rates - Help Net Security
HR Magazine - UK government plans to make businesses liable for employee fraud
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Crypto phishing attacks up by 40% in one year: Kaspersky (cointelegraph.com)
Three charged over banking fraud for hire website | Computer Weekly
On the hunt for the businessmen behind a billion-dollar scam - BBC News
Hundred Finance loses $7 million in Optimism hack (cointelegraph.com)
Dennis Kozlowski and the Infamous $6,000 Shower Curtain | Entrepreneur
FTC orders payments firm to pay $650k over tech support scam • The Register
Scammers using social media to dupe people into becoming money mules - Help Net Security
AML/CFT/Sanctions
Insurance
Bank of America warns Lloyd’s over state-backed cyber attack exclusion | Financial Times (ft.com)
Cyber insurance Backstop: Can the Industry Survive Without One? - SecurityWeek
Cyber insurer launches InsurSec solution to help SMBs improve security, risk management | CSO Online
Dark Web
Supply Chain and Third Parties
Capita PLC falls on reports cyber attack was worse than admitted (proactiveinvestors.co.uk)
Lazarus APT group employed Linux Malware in recent attacks-Security Affairs
Hackers start abusing Action1 RMM in ransomware attacks (bleepingcomputer.com)
Software Supply Chain
Cloud/SaaS
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
Linux kernel logic allowed Spectre attack on major cloud • The Register
Western Digital Hackers Demand 8-Figure Ransom Payment for Data (darkreading.com)
Is there really a march from the public cloud back on-prem? | TechCrunch
Uncovering (and Understanding) the Hidden Risks of SaaS Apps (thehackernews.com)
Hackers Storing Malware in Google Drive as Encrypted ZIP Files (gbhackers.com)
Microsoft 365 outage blocks access to web apps and services (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services Security Affairs
Attack Surface Management
Shadow IT
Identity and Access Management
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
The Attacks that can Target your Windows Active Directory (bleepingcomputer.com)
The biggest data security blind spot: Authorization - Help Net Security
Encryption
API
Open Source
Linux kernel logic allowed Spectre attack on major cloud • The Register
Security beyond software: The open source hardware security evolution - Help Net Security
Report: Most IT Teams Can't Fix Open Source Software Security - DevOps.com
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
LinkedIn deploys new secure identity verification for all members | SC Media (scmagazine.com)
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Crime agencies condemn Facebook and Instagram encryption plans | Meta | The Guardian
Scammers using social media to dupe people into becoming money mules - Help Net Security
Regulations, Fines and Legislation
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
What Business Needs to Know About the New U.S. Cybersecurity Strategy (hbr.org)
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Brit cops rapped over app that recorded 200k phone calls • The Register
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Governance, Risk and Compliance
Security Is a Revenue Booster, Not a Cost Centre (darkreading.com)
Tight budgets and burnout push enterprises to outsource cyber security - Help Net Security
'One in three firms faced cyber attacks last year' (aol.co.uk)
Skills shortage puts Europe’s cyber resilience to the test – EURACTIV.com
Quantifying cyber risk vital for business survival - Help Net Security
Wargaming an effective data breach playbook - Help Net Security
Outdated cyber security practices leave door open for criminals - Help Net Security
CISOs struggling to protect sensitive data records - Help Net Security
Why Your Anti-Fraud, Identity & Cyber security Efforts Should Be Merged (darkreading.com)
3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022 (darkreading.com)
Lack of Breach Info on Notices Surges in Q1 - Infosecurity Magazine (infosecurity-magazine.com)
Ex-CIO must pay £81k over Total Shambles Bank migration • The Register
Economic uncertainty drives upskilling as a key strategy for organisations - Help Net Security
Top risks and best practices for securely offboarding employees | CSO Online
How companies are struggling to build and run effective cyber security programs - Help Net Security
Three Effective Ways For Boards To Prepare For Imminent SEC Cyber Rules (forbes.com)
Small Business Interest in Cyber-Hygiene Wanes - Infosecurity Magazine (infosecurity-magazine.com)
Secure Disposal
Backup and Recovery
Data Protection
Government reprimanded for serious breaches of data protection law - Jersey Evening Post
Marketing biz sent 107M spam emails in a year, says watchdog • The Register
Brit cops rapped over app that recorded 200k phone calls • The Register
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Police disrupts $98M online fraud ring with 33,000 victims (bleepingcomputer.com)
US extradites Nigerian charged in $6m email fraud scam • The Register
Three charged over banking fraud for hire website | Computer Weekly
US citizens charged with pushing pro-Kremlin disinformation • The Register
Privacy, Surveillance and Mass Monitoring
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
What the Recent Collapse of SVB Means for Privacy (darkreading.com)
As Consumer Privacy Evolves, Here's How You Can Stay Ahead of Regulations (darkreading.com)
Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones (darkreading.com)
Artificial Intelligence
AI tools like ChatGPT expected to fuel BEC attacks - Help Net Security
Stolen ChatGPT premium accounts up for sale on the dark web | CSO Online
Pen testing amid the rise of AI-powered threat actors | TechTarget
EU privacy regulators to create task force to investigate ChatGPT | Computerworld
Cyber crims hop geofences, clamor for stolen ChatGPT accounts • The Register
AI-created malware sends shockwaves through cybersecurity world | Fox News
Hard-to-detect malware loader distributed via AI-generated YouTube videos | CSO Online
Tech Insight: Dangers of Using Large Language Models Before They Are Baked (darkreading.com)
ChatGPT-Related Malicious URLs on the Rise - Infosecurity Magazine (infosecurity-magazine.com)
ChatGPT's Data Protection Blind Spots and How Security Teams Can Solve Them (thehackernews.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian hackers targeting UK more frequently (thetimes.co.uk)
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
Jack Teixeira's charges in full: 'Top secret' access, leak searches and the Espionage Act - BBC News
Russian SolarWinds Culprits Launch Fresh Barrage of Espionage Cyberattacks (darkreading.com)
Meet the hacker armies on Ukraine's cyber front line - BBC News
Offensive cyber company QuaDream shutting down amidst spyware accusations | Ctech (calcalistech.com)
Genius hackers help Russia’s neighbors thwart cyber incursions | Cybernews
NSO Group is Back in Business With 3 New iOS Zero-Click Exploits (darkreading.com)
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
US citizens charged with pushing pro-Kremlin disinformation • The Register
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
How cyber support to Ukraine can build its democratic future | CyberScoop
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (thehackernews.com)
Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered (thehackernews.com)
Britain sounds alarm on spyware, mercenary hacking market | Reuters
Global Spyware Attacks Spotted Against Both New & Old iPhones (darkreading.com)
The UK will need more than words in this cyber war | Financial Times (ft.com)
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023 (bleepingcomputer.com)
Nation State Actors
BT holds China-Taiwan war game to stress test supply chains | Financial Times (ft.com)
3CX Supply Chain Attack Tied to Financial Trading App Breach (darkreading.com)
UK security chief’s alert over threat from China (thetimes.co.uk)
Russia accuses NATO of launching 5,000 cyberattacks since 2022 (bleepingcomputer.com)
Human rights groups raise alarm over UN Cyber crime Treaty • The Register
CISA warns of Android bug exploited by Chinese app to spy on users (bleepingcomputer.com)
APT41 Taps Google Red Teaming Tool in Targeted Info-Stealing Attacks (darkreading.com)
US charges 44 members of alleged Chinese troll army • The Register
Hikvision: Chinese surveillance tech giant denies leaked Pentagon spy claim - BBC News
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access (thehackernews.com)
Microsoft: Iranian hackers behind retaliatory cyber attacks on US orgs (bleepingcomputer.com)
Heightened threat of state-aligned groups against western... - NCSC.GOV.UK
Microsoft shifts to a new threat actor naming taxonomy - Microsoft Security Blog
Killnet Boss Exposes Rival Leader in Kremlin Hacktivist Beef (darkreading.com)
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems (thehackernews.com)
Lazarus Group Adds Linux Malware to Arsenal in Operation Dream Job (thehackernews.com)
US imposes $300m penalty over hard disk drive exports to Huawei - BBC News
Vulnerability Management
Military helicopter crash blamed on missing software patch • The Register
Google Outlines Initiatives to Fortify Vulnerability Management - MSSP Alert
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Vulnerabilities
UK, US sound the alarm on Russians exploiting Cisco flaws • The Register
Thousands at risk from critical RCE bug in legacy MS service | Computer Weekly
Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution (thehackernews.com)
Hackers actively exploit critical RCE bug in PaperCut servers (bleepingcomputer.com)
Google patches another actively exploited Chrome zero-day (bleepingcomputer.com)
Experts disclosed 2 critical flaws in Alibaba cloud database services - Security Affairs
VMware Patches Pre-Auth Code Execution Flaw in Logging Product - SecurityWeek
Microsoft Defender update causes Windows Hardware Stack Protection mess (bleepingcomputer.com)
Tools and Controls
Pen testing amid the rise of AI-powered threat actors | TechTarget
7 countries unite to push for secure-by-design development | CSO Online
Wargaming an effective data breach playbook - Help Net Security
Cloud Security Alerts Take Six Days to Resolve - Infosecurity Magazine (infosecurity-magazine.com)
DFIR via XDR: How to expedite your investigations with a DFIRent approach (thehackernews.com)
Microsoft opens up Defender with file hash, URL search • The Register
Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (darkreading.com)
Enterprises Exposed to Hacker Attacks Due to Failure to Wipe Discarded Routers - SecurityWeek
CISOs struggling to protect sensitive data records - Help Net Security
AI defenders ready to foil AI-armed attackers • The Register
Newer Authentication Tech a Priority for 2023 (darkreading.com)
Other News
Misconfiguration leaves thousands of servers vulnerable to attack, researchers find | CyberScoop
Fortra shares findings on GoAnywhere MFT zero-day attacks (bleepingcomputer.com)
How to defend against TCP port 445 and other SMB exploits | TechTarget
Criminal Records Service still disrupted 4 weeks after hack - BBC News
Attackers use abandoned WordPress plugin to backdoor websites (bleepingcomputer.com)
EU launches Cyber Solidarity Act to respond to large-scale attacks – EURACTIV.com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 07 April 2023
Black Arrow Cyber Threat Briefing 07 April 2023:
-15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities
-New Research Highlights Increased Security Risks Posed by Remote Working and BYOD
-Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks
-IT and Security Pros Pressured to Keep Quiet About Data Breaches
-Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard"
-Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks
-MSPs a Favoured Target of Supply Chain and Infrastructure Attacks
-Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats
-GCHQ Updates Security Guidance for Boards
-More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis
-For Cyber Crime Gangs, Professionnalisation Comes With “Corporate” Headaches
-UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups
-Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change
-Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.
Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD
New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.
Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks
Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.
54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.
A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.
https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/
IT and Security Pros Pressured to Keep Quiet About Data Breaches
It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.
At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.
52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.
Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.
https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/
Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard
Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.
https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard
Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks
New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.
https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/
MSPs a Favoured Target of Supply Chain and Infrastructure Attacks
With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.
When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.
ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.
Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.
Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats
Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.
GCHQ Updates Security Guidance for Boards
The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.
Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.
https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/
More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis
A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.
For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches
Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.
UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups
Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.
Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change
A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.
Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites
Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress. Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware attacks up sharply in February (techrepublic.com)
Fake ransomware gang targets U.S. orgs with empty data leak threats (bleepingcomputer.com)
New Money Message ransomware demands million dollar ransoms (bleepingcomputer.com)
Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research
ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (bleepingcomputer.com)
LockBit leaks data stolen from South Korean National Tax Service-Security Affairs
UK outsourcing services provider Capita suffered a cyber incident-Security Affairs
March ransomware disclosures spike behind Clop attacks | TechTarget
Protect Your Company: Ransomware Prevention Made Easy (thehackernews.com)
Dish Faces Investor Lawsuit Over Ransomware Attack, Downgrades From Equity Analysts | Next TV
Phishing & Email Based Attacks
Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)
Phishing emails are seeing a huge rise, so stay on your guard | TechRadar
YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News
BEC – Business Email Compromise
2FA/MFA
Malware
WinRAR SFX archives can run PowerShell without being detected (bleepingcomputer.com)
Malware and machine learning: A match made in hell - Help Net Security
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks (thehackernews.com)
Flood of malicious packages results in NPM registry DoS - Help Net Security
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (thehackernews.com)
Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)
Typhon info-stealing malware devs upgrade evasion capabilities (bleepingcomputer.com)
Tax preparation and e-file service eFile.com compromised to serve malware-Security Affairs
The hidden picture of malware attack trends - Help Net Security
Mobile
BYOD
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru
Internet of Things – IoT
Hackers can open Nexx garage doors remotely, and there's no fix (bleepingcomputer.com)
HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)
Data Breaches/Leaks
Splunk Details Increase in Data Breaches, Downtime Due to Cyber security Issues - MSSP Alert
Uber driver info stolen in yet another third-party breach • The Register
ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)
Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach (darkreading.com)
Marketplace 600K Records Leaked By Database Snafu (informationsecuritybuzz.com)
Organised Crime & Criminal Actors
For Cyber Crime Gangs, Professionalization & ‘Corporate’ Headaches (darkreading.com)
Fight Mercenaries with these Cyber security Principles (trendmicro.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
DoJ Recovers $112M in Crypto Stolen With Romance Scams (darkreading.com)
Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online
Insider Risk and Insider Threats
Re-evaluating immature and ineffective insider risk management programs - Help Net Security
Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent
Fraud, Scams & Financial Crime
The staggering cost of identity fraud for financial services - Help Net Security
New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)
What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse (darkreading.com)
Feds seize $112m in currency tied to 'pig-butchering scams • The Register
Stop online counterfeiters dead in their tracks - Help Net Security
Deepfakes
Insurance
Dark Web
Supply Chain and Third Parties
MSPs a Favoured Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports - MSSP Alert
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online
Risk & Repeat: Inside the 3CX supply chain attack | TechTarget
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)
Automation, Cyber security, Integration Top the List of Priorities for MSPs in 2023 - MSSP Alert
Capita: Cyber attack caused pre-weekend outage • The Register
Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Cloud/SaaS
Google Drive does a surprise rollout of file limits, locking out some users | Ars Technica
Capita: Cyber attack caused pre-weekend outage • The Register
Shadow data slipping past security teams - Help Net Security
Think Before You Share the Link: SaaS in the Real World (thehackernews.com)
Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)
Hybrid/Remote Working
New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru
Unapproved Apps Used By 32% of Remote Workers - Infosecurity Magazine (infosecurity-magazine.com)
Shadow IT
Identity and Access Management
The high cost of insecure authentication methods - Help Net Security
3 Fronts in the Battle for Digital Identity (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Takedown of notorious hacker marketplace selling your identity to criminals | Europol (europa.eu)
Stolen credential warehouse Genesis Market seized by FBI • The Register
Social Media
TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian
TikTok bans explained: Everything you need to know (techtarget.com)
YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News
Parental Controls and Child Safety
Regulations, Fines and Legislation
TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian
UK data regulator issues warning over generative AI data protection concerns | CSO Online
Governance, Risk and Compliance
42% of IT leaders told to maintain breach confidentiality | TechTarget
GCHQ Updates Security Guidance for Boards - Infosecurity Magazine (infosecurity-magazine.com)
Splunk Details Increase in Data Breaches, Downtime Due to Issues - MSSP Alert
5 strategies to manage risks in mergers and acquisitions | CSO Online
Models, Frameworks and Standards
Careers, Working in Cyber and Information Security
Law Enforcement Action and Take Downs
Stolen credential warehouse Genesis Market seized by FBI • The Register
Spain's most dangerous and elusive hacker now in police custody (bleepingcomputer.com)
Genesis Market: Popular cyber crime website shut down by police - BBC News
Privacy, Surveillance and Mass Monitoring
Artificial Intelligence
Welcome to the era of viral AI generated 'news' images | CNN Business
Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)
ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications - SecurityWeek
Malware and machine learning: A match made in hell - Help Net Security
ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)
UK data regulator issues warning over generative AI data protection concerns | CSO Online
Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian
China opens national security probe into Micron products • The Register
Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)
Britain’s cyberwarfare chief reveals his identity | The Economist
Nation State Actors
APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online
Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian
China opens national security probe into Micron products • The Register
Report: Chinese State-Sponsored Hacking Group Highly Active - SecurityWeek
Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)
The other Chinese apps taking the US and UK by storm - BBC News
Google TAG Alerts Of ARCHIPELAGO Cyber attacks Linked To North Korea (informationsecuritybuzz.com)
Vulnerability Management
15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)
Millions still exposed despite available fixes - Help Net Security
Microsoft to admins: Auto-review your Autopatch alerts • The Register
Vulnerabilities
Tools and Controls
How can organisations bridge the gap between DR and cyber security? - Help Net Security
Let’s pump the brakes on the rush to incorporate AI into cyber security | CSO Online
The high cost of insecure authentication methods - Help Net Security
How AI is transforming cyber security for better and worse - Help Net Security
3 Fronts in the Battle for Digital Identity (darkreading.com)
Reports Published in the Last Week
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links