Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats

Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.

Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.

https://www.securityweek.com/triple-threat-insecure-economy-cybercrime-recruitment-and-insider-threats/

• Ensuring Security Remains/Becomes Everyone’s Responsibility

In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.

Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.

https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/

• Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.

According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.

https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html

• Software Supply Chain Attacks Hit 61% of Firms

More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.

Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.

https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees

In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.  

Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.

https://www.msspalert.com/cybersecurity-research/more-than-2-25-million-exposed-assets-on-the-dark-web-tied-to-fortune-1000-employees/

• Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot

Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.

https://www.csoonline.com/article/3696748/law-enforcement-crackdowns-and-new-techniques-are-forcing-cybercriminals-to-pivot.html

• Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table

Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.

https://www.darkreading.com/vulnerabilities-threats/talking-security-strategy-cybersecurity-has-a-seat-at-the-boardroom-table

• How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response

Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.

The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.

Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.

https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response 

• Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information

The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.

Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.

https://www.msspalert.com/cybersecurity-research/ransomwares-real-goals-are-exploit-internet-facing-apps-mine-intellectual-property-grab-sensitive-info/

• Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats

A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.

Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.

https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/

• Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.

Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.

https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/

• Capita Warns Customers They Should Assume Data was Stolen

Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.

https://www.bleepingcomputer.com/news/security/capita-warns-customers-they-should-assume-data-was-stolen/

Governance, Risk and Compliance

• Cyber security Often Overlooked as Key Factor for Business Success, New Study Says - MSSP Alert

• Cyber Risk Management in 2023: The People Element (trendmicro.com)

• Is Your Cyber security “Too” Good? (securityintelligence.com)

• Cyber risk: Can banks win the arms race? | Financial Times (ft.com)

• Security breaches push digital trust to the fore | CSO Online

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Keeping a competitive edge in the cyber security ‘game’ | CyberScoop

• UK NCSC, ICO debunk 6 cyber attack reporting myths | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Accelerating Security Risk Management (trendmicro.com)

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• 20 Ways to Ensure Security Remains/Becomes Everyone’s Responsibility (cisoseries.com)

• Talking Security Strategy: Cyber security Has a Seat at the Boardroom Table (darkreading.com)

• ‘Attackers only have to get it right once’: how cyber security burst into the boardroom | Financial Times (ft.com)

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

• Ransomware payments nearly double in one year | Cyber crime | The Guardian

• Ransomware’s Real Goals are Exploit Internet Facing Apps, Mine Intellectual Property, Grab Sensitive Info - MSSP Alert

• The Week in Ransomware - May 12th 2023 - New Gangs Emerge (bleepingcomputer.com)

• New trends in ransomware attacks shape the future of cyber security - Help Net Security

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability (thehackernews.com)

• ABB 'suffers cyber attack' by ransomware gang Black Basta (techmonitor.ai)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Experts question San Bernardino's $1.1M ransom payment | TechTarget

• Manufacturers Targeted as Ransomware Victim Numbers Spike 27% - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware corrupts data, making restoration harder • The Register

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• VPN vulnerability linked to ransomware attack on Law Society: PDPC - CNA (channelnewsasia.com)

• New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems (thehackernews.com)

• Philadelphia Inquirer operations disrupted after cyber attack (bleepingcomputer.com)

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• New RA Group ransomware targets US orgs in double-extortion attacks (bleepingcomputer.com)

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• US Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator (thehackernews.com)

• Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyber attacks (darkreading.com)

• Qilin's Dark Web Ransomware Targets Critical Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware-as-a-service groups pay affiliates top dollar • The Register

• Russian ransomware affiliate charged with attacks on critical infrastructure (bleepingcomputer.com)

• This new ransomware group is targeting big businesses - here's what you need to know | TechRadar

• Warning Issued About BianLian Ransomware Attacks By CISA & FBI (informationsecuritybuzz.com)

• FBI confirms BianLian ransomware switch to extortion only attacks (bleepingcomputer.com)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• MalasLocker ransomware targets Zimbra servers, demands charity donation (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

• A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Phishing & Email Based Attacks

• What the Email Security Landscape Looks Like in 2023-Security Affairs

• New Phishing-as-a-Service Platform Lets Cyber criminals Generate Convincing Phishing Pages (thehackernews.com)

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Microsoft Teams Features Amp Up Orgs' Cyber attack Exposure (darkreading.com)

• Social Engineering Risks Found in Microsoft Teams - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

Artificial Intelligence

• 10 Types of AI Attacks CISOs Should Track (darkreading.com)

• New Google search tool will distinguish real images from AI-generated phonies | ZDNET

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

• Generative AI Empowers Users but Challenges Security (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Security Vulnerabilities of ChatGPT-Generated Code (trendmicro.com)

• 3 Ways Hackers Use ChatGPT to Cause Security Headaches (darkreading.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

2FA/MFA

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

Malware

• Microsoft is scanning the inside of password-protected zip files for malware | Ars Technica

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market - Infosecurity Magazine (infosecurity-magazine.com)

• The new info-stealing malware operations to watch out for (bleepingcomputer.com)

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Stealthy MerDoor malware uncovered after five years of attacks (bleepingcomputer.com)

• Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (thehackernews.com)

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Once Again, Malware Discovered Hidden in npm (darkreading.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Mobile

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Converso walks back E2EE claims, yanks app from stores • The Register

• OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users (thehackernews.com)

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware - SecurityWeek

Botnets

• Beware Bots: Human Internet Traffic Dives to Lowest Level in Eight Years, New Report Finds - MSSP Alert

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• Bad bots are coming for APIs - Help Net Security

• Spanish cops arrest 69 in immigration bot scheme • The Register

Denial of Service/DoS/DDOS

• Polish news websites hit by DDoS attacks | Reuters

• Europe: The DDoS battlefield - Help Net Security

Internet of Things – IoT

• Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance (thehackernews.com)

• Why 2.4GHz Wi-Fi is both the savior and the scourge of the smart home - The Verge

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyber attacks (darkreading.com)

• Government Publishes Playbook to Enhance Smart City Security - Infosecurity Magazine (infosecurity-magazine.com)

• Is your car safe from a cyber attack? | E&T Magazine (theiet.org)

Data Breaches/Leaks

• UK's largest private pension scheme hit by Capita attack • The Register

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees - MSSP Alert

• MP’s laptop stolen from Welcome Break spot 'not covered by CCTV' | UK News | Metro News

• Discord discloses data breach after support agent got hacked (bleepingcomputer.com)

• Data of 237,000 US government employees breached - CNA (channelnewsasia.com)

• Toyota: Car location data of 2 million customers exposed for ten years (bleepingcomputer.com)

• Toyota's bungling of customer privacy is becoming a pattern • The Register

• Making Sure Lost Data Stays Lost (darkreading.com)

• WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers - SecurityWeek

• Personal info of 90k hikers leaked by French tourism company La Malle Postale-Security Affairs

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• Airline exposes passenger info to others due to a 'technical error' (bleepingcomputer.com)

• University admission platform exposed student passports-Security Affairs

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Organised Crime & Criminal Actors

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case (thehackernews.com)

• How Cyber criminals Adapted to Microsoft Blocking Macros by Default (darkreading.com)

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• Hacker admits he was connected to 'tens of thousands’ laptops to mine crypto (finbold.com)

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Landmark crypto rules make exchanges liable for customer losses in EU | Ars Technica

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

• Avoiding Reputational Damage By Conquering Insider Threats (informationsecuritybuzz.com)

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Ex-Apple engineer accused of stealing self-driving car secrets - BBC News

• Identity crimes: Too many victims, limited resources - Help Net Security

Fraud, Scams & Financial Crime

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Edinburgh coffee shop owner devastated after losing £100,000 life savings to cyber criminals in internet scam | Edinburgh News (scotsman.com)

• How To Avoid Mother's Day Scams By Protecting Your Purse And Heart (informationsecuritybuzz.com)

• US Says VoIP Firm Delivered Billions of Scam Robocalls - Infosecurity Magazine (infosecurity-magazine.com)

• Spanish cops arrest 69 in immigration bot scheme • The Register

• This Is Catfishing on an Industrial Scale | WIRED

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

AML/CFT/Sanctions

• How China came to dominate the black market for money laundering (telegraph.co.uk)

Insurance

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

Dark Web

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

Supply Chain and Third Parties

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Another security calamity for Capita: Unsecured AWS bucket • The Register

• UK's largest private pension scheme hit by Capita attack • The Register

• Discord Informs Users of Data Breach Involving Customer Support Provider - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Software Supply Chain

• Software Supply Chain Attacks Hit 61% of Firms - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Security experts share cloud auditing best practices | TechTarget

• Stop worrying about cloud-lock-in, and outages: Gartner • The Register

• Microsoft Azure VMs Hijacked in Cloud Cyber attack (darkreading.com)

• Why High Tech Companies Struggle with SaaS Security (thehackernews.com)

• Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP (techrepublic.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Microsoft lets Azure AD choose authentication method • The Register

Encryption

• Converso walks back E2EE claims, yanks app from stores • The Register

• Protect against current and future threats with encryption | TechTarget

API

• Bad bots are coming for APIs - Help Net Security

• Attack automation becomes a prevalent threat against APIs - Help Net Security

Open Source

• EU attempts to secure software could hurt open source • The Register

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• Malicious open-source components threatening digital infrastructure - Help Net Security

• Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop

• Enhancing open source security: Insights from the OpenSSF on addressing key challenges - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Time Taken For Hackers to Crack Passwords Revealed - IT Security Guru

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• KeePass 2.X Master Password Dumper allows retrieving the KeePass master password-Security Affairs

Social Media

• Former TikTok official says China had access to app data | Al Arabiya English

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

• Twitter sued over Saudi spying that allegedly landed popular user in prison [Updated] | Ars Technica

Training, Education and Awareness

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

Parental Controls and Child Safety

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

Regulations, Fines and Legislation

• EU attempts to secure software could hurt open source • The Register

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Secure Disposal

• Making Sure Lost Data Stays Lost (darkreading.com)

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Careers, Working in Cyber and Information Security

• How I Got Started: Offensive Security

• Open source and Linux skills are still in demand in a dark economy | ZDNET

• Top 10 Ideas for Addressing the Cyber security Skills Gap in 2023 (analyticsinsight.net)

• Google Cloud CISO on why the Google Cyber security Certificate matters - Help Net Security

• Improving cyber mindfulness - IT Security Guru

• The Future is (Cyber) Mindful - IT Security Guru

Law Enforcement Action and Take Downs

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Spanish cops arrest 69 in immigration bot scheme • The Register

• Identity crimes: Too many victims, limited resources - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

Privacy, Surveillance and Mass Monitoring

• The UK’s Secretive Web Surveillance Program Is Ramping Up | WIRED

• WhatsApp allows users to lock sensitive chats - Help Net Security

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Google details its next steps for wiping out Chrome tracking cookies | Engadget

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

Misinformation, Disinformation and Propaganda

• Pakistan shut down the internet - but that didn't stop the protests - BBC News

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• President Zelensky imposes sanctions against the Russian IT sector-Security Affairs

• 4 Countries Join NATO Cyber Defence Center - SecurityWeek

Nation State Actors

• Former TikTok official says China had access to app data | Al Arabiya English

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Gatewatcher unveils research into advanced persistent threats | Data Centre Solutions

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• How China came to dominate the black market for money laundering (telegraph.co.uk)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign (thehackernews.com)

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Cyble — Cisco Routers Exploited by Russian State-Sponsored Attackers

• DOJ links Iran, China and Russia to five IP theft-related cases | SC Media (scmagazine.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Vulnerability Management

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Remote updates on motherboards could lead to bricked servers • The Register

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Microsoft Advisories Are Getting Worse (darkreading.com)

• How to build a better vulnerability management program | TechTarget

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• How to Protect Your Organisation From Vulnerabilities (darkreading.com)

Vulnerabilities

• Hackers target Wordpress plugin flaw after PoC exploit released (bleepingcomputer.com)

• Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (thehackernews.com)

• KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security

• Apple fixes three new zero-days exploited to hack iPhones, Macs (bleepingcomputer.com)

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers - SecurityWeek

• CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface (paloaltonetworks.com)

• Arm confident Cortex-M is secure after side-channel attack • The Register

• Microsoft Follina Bug Is Back in Meme-Themed Cyber attacks Against Travel Orgs (darkreading.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Remote updates on motherboards could lead to bricked servers • The Register

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Microsoft pulls Defender update fixing Windows LSA Protection bug (bleepingcomputer.com)

• WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities – WP Tavern

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

• Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities - SecurityWeek

Tools and Controls

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Making Sure Lost Data Stays Lost (darkreading.com)

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• Protect against current and future threats with encryption | TechTarget

• Can AI Decision-Making Be Trusted for Cyber security? (analyticsinsight.net)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• Millions of deleted files recovered in hard drives purchased online | TechRadar

• Key Metrics In Evaluating DevOps Threat Matrix (informationsecuritybuzz.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• A Requirements-Driven Approach to Cyber Threat Intelligence | Mandiant

• Embedding Security by Design: A Shared Responsibility (darkreading.com)

Reports Published in the Last Week

• UK Cyber security Landscape: challenges and opportunities | Expel

• Kaspersky Incident Response report 2022 | Securelist

• The State of Pentesting 2023 Report | Cobalt

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Other News

• Heightened cyber attacks threat before Council of Europe summit in Reykjavik – EURACTIV.com

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• 12 common network protocols and their functions explained | TechTarget

• Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT (newsweek.com)

• Ukraine, Ireland, Japan and Iceland join NATO CCDCOE-Security Affairs

• Web entity activity reveals insights into internet security - Help Net Security

• Microsoft Security highlights from RSAC 2023 - Microsoft Security Blog

• Top 5 Cyber security Predictions and Statistics for 2023 (analyticsinsight.net)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

• Rebinding Attacks Persist With Spotty Browser Defences (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Businesses Urged Not to Give In To Ransomware Cyber Criminals As Authorities See Increase In Payouts

While there have been arguments made for criminalising the payment of ransoms, it poses a number of additional risks such as providing the criminals with an additional factor they could use to extort their victims.

Businesses are being urged not to pay cyber extortionists as authorities say they are seeing evidence of a rise in ransomware payments.

In a joint letter to the Law Society, the National Cyber Security Centre (NCSC) and the Information Commissioner's Office are warning solicitors who may have been advising their clients to pay.

It follows warnings earlier this year by cyber security experts from the UK, US, and Australia of a "growing wave of increasingly sophisticated ransomware attacks" which could have "devastating consequences".

The joint letter states that while ransomware payments are "not unusually unlawful" those who pay them "should be mindful of how relevant sanctions regimes (particularly those related to Russia)" when considering making the payment.

The US sanctioned in December 2019 any financial dealings with a Russian cyber crime group that was accused of working with Russian intelligence to steal classified government documents.

Despite the spillover from the Russian war in Ukraine - in one case knocking 5,800 wind turbines in Germany offline - the NCSC says it has not detected any increase in hostile activity targeting Britain during the conflict.

Businesses however had been warned that there is a heightened threat level when it comes to cyber attacks due to the conflict which is likely to be here "for the long-haul".

https://news.sky.com/story/businesses-urged-not-to-give-in-to-ransomware-cyber-criminals-as-authorities-see-increase-in-payouts-12648253

• People Are the Primary Attack Vector Around the World

With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.

People have become the primary attack vector for cyber-attackers around the world. Humans, rather than technology, represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.

Awareness programs enable security teams to effectively manage their human risk by changing how people think about cyber security and help them exhibit secure behaviours, from the Board of Directors on down.

Effective and mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework. Organisations can no longer justify an annual training to tick the compliance box, and it remains critical for organisations to dedicate enough personnel, resources, and tools to manage their human risk effectively.

https://www.helpnetsecurity.com/2022/07/05/people-primary-attack-vector/

• Early Detection Crucial in Stopping Business Email Compromise (BEC) Scams

Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails.

Avoiding a costly social engineering attack often requires employees to spot suspicious emails before threat actors request sensitive information or access.

Cofense Intelligence published new research Thursday that showed most business email compromise (BEC) scams can be thwarted in their initial stages when the attackers are not asking for money or a transfer of funds. The cyber security vendor analysed hundreds of BEC emails sent to customers during March and April, and engaged with the threat actors in approximately half the cases.

The company found that only 36% of attackers looking to conduct fraud attacks opened with a cordial greeting and request for cash, gift cards or confidential payment information. Most BEC scams, Cofense found, attempt to slowly build up trust over the course of multiple email exchanges with the target and ingratiate them with common phrases like "sorry to bother you."

Once they realise they can get money out of you, they will do everything they can to drain you dry. For many of the scammers, this becomes a literal hustle, where they will quickly pivot to other cash-out methods. Just because something starts as a wire transfer doesn't mean they won't ask you to send cryptocurrency, gift cards, a cheque, or use your personal Venmo or PayPal to wire them money.

https://www.techtarget.com/searchsecurity/news/252522493/Early-detection-crucial-in-stopping-BEC-scams

• 54% of SMBs Do Not Implement Multi-Factor Authentication (MFA)

SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication (MFA) Study released by the Cyber Readiness Institute (CRI).

Services that enforce MFA require users to present more than one piece of evidence whenever they log in to a business account (e.g., company email, payroll, human resources, etc.).

MFA has been in use for decades and is widely recommended by cyber security experts, yet 55% of SMBs surveyed are not “very aware” of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn’t understand MFA or didn’t see its value. In addition, nearly 60% of small business and medium-sized owners have not discussed MFA with their employees.

Nearly all account compromise attacks can be stopped outright, just by using MFA. It’s a proven, effective way to thwart bad actors.

Of the companies that have implemented some form of MFA, many still seem to have done so haphazardly. Only 39% of those who offer MFA have a process for prioritising critical hardware, software, and data, with 49% merely “encouraging the use of MFA when it is available.”

https://www.helpnetsecurity.com/2022/07/08/smb-implement-mfa/

• New Cyber Threat Emerges from the Inside, Research Report Finds

In its 2022 Insider Risk Intelligence & Research Report, DTEX Systems, a workforce cyber intelligence and security company, identifies a new cyber threat: the “Super Malicious Insider.”

Just what is a Super Malicious Insider and where does it come from? Well, it comes from inside your own organisation or someone who recently worked for you — a threat actor who may be truly of your own making.

“It was the year (2021) we all came to realise the Work-from-Anywhere (WFA) movement was here to stay,” DTEX reports. “For security and risk professionals, this hastened the end of corporate perimeter-centric security, and a requirement to protect hundreds of thousands of ‘remote offices’ outside of traditional corporate controls. To make matters worse, a measurable increase in employee attrition toward the end of 2021 created the perfect storm for insider threats.”

So, if your organisation didn’t observe a proportional increase in attempted or actual data loss, then you were likely not looking, DTEX asserts.

Critically your insiders know your vulnerabilities and can exploit them, for example, when an employee quits to join a competitor, it is often tempting to take proprietary information with them. This can include customer lists, product plans, financial data and other intellectual property.

The Super Malicious Insider is better able to hide their activities, obfuscate data and exfiltrate sensitive information without detection. Importantly, in numerous insider incidents reviewed in 2021, the Super Malicious Insider had made significant efforts to appear normal by not straying outside of their day-to-day routine, DTEX reports.

Here are some key statistics from the report:

• Industrial espionage is at an all-time high. In 2021, 72% of respondents saw an increase in actionable insider threat incidents. IP or data theft led the list at 42% of incidents, followed by unauthorised or accidental disclosure (23%), sabotage (19%), fraud (%) and other (7%). In fact, 42% of all DTEX i3 investigations involved theft of IP or customer data.

• The technology industry (38%), followed by pharma/life sciences (21%), accounted for the most IP theft incidents. In addition, technology (33%) had the most super malicious incidents, followed by critical infrastructure (24%) and government (11%).

• Investigations that led to criminal prosecution occurred within someone’s home 75% of the time. More telling, 32% of malicious incident incidents included sophisticated insider techniques.

https://www.msspalert.com/cybersecurity-research/new-cyberthreat-emerges-from-the-inside-research-report-finds/

• Ransomware: Why It's Still A Big Threat, And Where The Gangs Are Going Next

Ransomware attacks are still lucrative for cyber criminals because victims pay ransoms - and the threat is still evolving.

Ransomware has been a cyber security issue for a long time, but last year it went mainstream. Security threats like malware, ransomware and hacking gangs are always evolving.

Major ransomware attacks like those on Colonial Pipeline, the Irish Healthcare Executive and many others demonstrated how significant the problem had become as cyber attacks disrupted people's lives.

What was once a small cyber-criminal industry based around encrypting files on personal computers and demanding a ransom of a few hundred dollars for a decryption key had evolved into a massive ecosystem designed around holding critical services and infrastructure to ransom - and making extortion demands of millions of dollars.

No wonder Lindy Cameron, head of the UK's National Cyber Security Centre (NCSC), has described ransomware as "the biggest global cyber threat".

Ransomware is continually evolving, with new variants appearing, new ransomware groups emerging, and new techniques and tactics designed to make the most money from attacks.

And as the recent Conti ransomware leaks showed, the most successful ransomware gangs are organised as if they were any other group of software developers.

They are really acting like a business. Aside from the fact they're not legitimately registered, they really are. They're functioning like a real business and sometimes the number of people within these organisations is bigger than some startups. They have shown a lot of resilience and a lot of agility in adapting to what's new.

https://www.zdnet.com/article/ransomware-why-its-still-a-big-threat-and-where-the-gangs-are-going-next/

• NCSC: Prepare for Protracted Period of Heightened Cyber Risk

The UK’s leading cyber security agency has urged organisations to follow best practices and take care of their infosecurity staff in order to weather an extended period of elevated cyber risk due to the ongoing war in Ukraine.

The National Cyber Security Centre (NCSC) guide, Maintaining A Sustainable Strengthened Cyber Security Posture, comes on the back of warnings that organisations must “prepare for the long haul” as the conflict enters its fifth month.

Alongside basic hygiene controls, the strengthening of cyber-resilience and revisiting of risk-based decisions made in the earlier acute phase of the war, organisations should pay special attention to their security staff, the NCSC said.

“Increased workloads for cyber security staff over an extended period can harm their wellbeing and lead to lower productivity, with a potential rise in unsafe behaviours or errors,” it said.

With this in mind, the guide highlighted several steps IT security managers should consider:

• Empower staff to make decisions in order to improve agility and free-up leaders to focus on medium-term priorities

• Spread workloads evenly across a wider pool of staff to reduce the risk of burnout and enable less experienced employees to benefit from development opportunities

• Provide opportunities for staff to recharge through more frequent breaks and time away from the office, as well as work on less pressured tasks

• Look after each other by watching for signs that colleagues are struggling and ensuring they always have the right resources to hand

• Engage the entire workforce with the right internal communications processes, and support so that all staff are able to identify and report suspicious behaviour

https://www.infosecurity-magazine.com/news/ncsc-prepare-cyber-risk/

• 69% Of Employees Need to Deal with More Security Measures In A Hybrid Work Environment

Security firm Ivanti worked with global digital transformation experts and surveyed 10,000 office workers, IT professionals, and the C-Suite to evaluate the level of prioritisation and adoption of digital employee experience in organisations and how it shapes the daily working experiences for employees. The report revealed that 49% of employees are frustrated by the tech and tools their organisation provides and 64% believe that the way they interact with technology directly impacts morale.

One of the biggest challenges facing IT leaders today is the need to enable a seamless end user experience while maintaining robust security. The challenge becomes more complex when there is pressure from the top to bypass security measures, with 49% of C-level executives reporting they have requested to bypass one or more security measures in the last year.

Maintaining a secure environment and focusing on the digital employee experience are two inseparable elements of any digital transformation. In the war for talent a key differentiator for organisations is providing an exceptional and secure digital experience. Ivanti, a cyber security software provider, says “We believe that organisations not prioritising how their employees experience technology is a contributing factor for the Great Resignation”.

https://www.helpnetsecurity.com/2022/07/04/security-measures-hybrid-work-environment/

• FBI and MI5 Leaders Give Unprecedented Joint Warning on Chinese Spying

The head of the FBI and the leader of Britain’s domestic intelligence agency have delivered an unprecedented joint address, raising fresh alarm about the Chinese government, warning business leaders that Beijing is determined to steal their technology for competitive gain.

In a speech at MI5’s London headquarters intended as a show of western solidarity, Christopher Wray, the FBI director, stood alongside the MI5 director general, Ken McCallum. Wray reaffirmed longstanding concerns about economic espionage and hacking operations by China, as well as the Chinese government’s efforts to stifle dissent abroad.

“We consistently see that it’s the Chinese government that poses the biggest long-term threat to our economic and national security, and by ‘our’, I mean both of our nations, along with our allies in Europe and elsewhere,” Wray said.

He told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.

Ken McCallum said MI5 was running seven times as many investigations into China as it had been four years ago and planned to “grow as much again” to tackle the widespread attempts at inference which pervade “so many aspects of our national life”.

https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks-business-economy

• As Cyber Criminals Recycle Ransomware, They're Getting Faster

Like history, ransomware repeats itself. Researchers recently encountered a new variant of a ransomware campaign and observed that it has been improving itself by reusing code from publicly available sources.

Nokoyawa is a new ransomware for Windows that first appeared at the beginning of this year. The first samples found by researchers were gathered in February 2022 and contain significant coding similarities with other older ransomware strains, some going back to 2019.

These new variants had been improving themselves by reusing code from publicly available sources. The April 2022 samples include three new features that increase the number of files that Nokoyawa can encrypt. These features already existed in recent ransomware families, and their addition just indicates that Nokoyawa developers are trying to match pace with other operators in terms of technological capability.

https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster

• UK Military Investigates Hacks on Army Social Media Accounts

British military authorities are trying to find out who hacked the army’s social media accounts over the weekend, flooding them with cryptocurrency videos and posts related to collectible electronic art.

The investigation was launched after authorised content on the army’s YouTube account was replaced with a video feed promoting cryptocurrencies that included images of billionaire Elon Musk. The Army’s Twitter account retweeted a number of posts about non-fungible tokens, unique digital images that can be bought and sold but have no physical counterpart.

“Apologies for the temporary interruption to our feed,” the Army said in a tweet posted after the Twitter account was restored on Sunday. “We will conduct a full investigation and learn from this incident. Thanks for following us, and normal service will now resume.”

The Ministry of Defence said late Sunday that both breaches had been “resolved.”

While internet users were unable to access the Army’s YouTube site on Monday, a spokesperson said the site was down for standard maintenance. The Twitter feed was operating normally.

Although U.K. officials have previously raised concerns about state-sponsored Russian hacking, the military did not speculate on who was responsible for Sunday’s breaches.

“The Army takes information security extremely seriously, and until their investigation is complete it would be inappropriate to comment further,” the Ministry of Defence said.

https://www.securityweek.com/uk-military-investigates-hacks-army-social-media-accounts

Campaign Targeting SOHO Routers Highlights Risks to Remote Workers

A targeted attack campaign has been compromising small office/home office (SOHO) routers since late 2020, with the goal of hijacking network communications and infecting local computers with stealthy and sophisticated backdoors. Attacks against home routers are not new, but the implants used by attackers in this case were designed for local network reconnaissance and lateral movement instead of just abusing the router itself.

"The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defence-in-depth protections by targeting the weakest points of the new network perimeter - devices that are routinely purchased by consumers but rarely monitored or patched - small office/home office (SOHO) routers," researchers from Black Lotus Labs, the threat intelligence arm of telecommunications company Lumen Technologies said in a recent report.

https://www.csoonline.com/article/3665912/apt-campaign-targeting-soho-routers-highlights-risks-to-remote-workers.html#tk.rss_news

Threats

Ransomware

• Lawyers Urged to Stop Advising Clients to Pay Ransomware Demands - Infosecurity Magazine

• Ransomware in 2022: Evolving threats, slow progress (techtarget.com)

• AstraLocker ransomware closes doors to pursue cryptojacking • The Register

• Ransomware gangs are feeling the crypto winter's impact | TechSpot

• LockBit explained: How it has become the most popular ransomware | CSO Online

• Hive ransomware gang turns to Rust, more complex encryption • The Register

• New RedAlert Ransomware targets Windows, Linux VMware ESXi servers (bleepingcomputer.com)

• Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)

• North Korean ransomware dubbed Maui active since May 2021 • The Register

• Hive Ransomware Upgrades to Rust for More Sophisticated Encryption Method (thehackernews.com)

• Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (bleepingcomputer.com)

• New 'HavanaCrypt' Ransomware Distributed as Fake Google Software Update | SecurityWeek.Com

• As New Clues Emerges, Experts Wonder: Is REvil Back? (thehackernews.com)

• Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)

• New 0mega ransomware targets businesses in double-extortion attacks (bleepingcomputer.com)

• Feds wave red flag over Maui ransomware | CSO Online

• Evolution of the LockBit Ransomware operation relies on new techniques - Security Affairs

• AstraLocker ransomware shuts down and releases decryptors (bleepingcomputer.com)

• QNAP warns of new Checkmate ransomware targeting NAS devices (bleepingcomputer.com)

• Quantum ransomware attack affects 657 healthcare orgs (bleepingcomputer.com)

• How Conti ransomware group crippled Costa Rica — then fell apart | Financial Times (ft.com)

• Researchers Detail Techniques LockBit Ransomware Using to Infect its Targets (thehackernews.com)

• EternalBlue 5 years after WannaCry and NotPetya - SANS Internet Storm Center

Phishing & Email Based Attacks

• Fake copyright complaints push IcedID malware using Yandex Forms (bleepingcomputer.com)

• Spear Phishing Fake Job Offer Likely Behind Axie Infinity's Lazarus $600m Hack - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Hackers Exploiting Follina Bug to Deploy Rozena Backdoor (thehackernews.com)

• Dangerous new malware dances past more than 50 antivirus services | TechRadar

• Raspberry Robin campaign leverages compromised QNAP devicesSecurity Affairs

• Malware knocks IT services vendor SHI offline • The Register

• Near-undetectable malware linked to Russia's Cozy Bear • The Register

• New stealthy OrBit malware steals data from Linux devices (bleepingcomputer.com)

• Hackers are using YouTube videos to trick people into installing malware | TechRadar

Mobile

• This WhatsApp scam promises big, but just sends you into a spiral | ZDNet

• Android malware subscribes you to premium services without you knowing - GSMArena.com news

• Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)

• Four more apps that infected thousands of Android devices with malware removed from Google Play store | ZDNet

• Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)

Internet of Things – IoT

• Vulnerability allows hackers to unlock and start Honda cars remotely | TechSpot

Data Breaches/Leaks

• Marriott Data Breach Exposes PII, Credit Cards (darkreading.com)

• Aon Hack Exposed Sensitive Information of 146,000 Customers - Infosecurity Magazine

• Hackers Claim to Have Stolen Police Data in China’s Largest Cyber Security Breach - Bloomberg

• Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Ransomware gangs are feeling the crypto winter's impact | TechSpot

• AstraLocker ransomware closes doors to pursue cryptojacking • The Register

• Hackers are using YouTube videos to trick people into installing malware | TechRadar

• PennyWise crypto-stealing malware spreads through YouTube (cointelegraph.com)

• US urges Japan to step up pressure on crypto miners with links to Russia | Financial Times (ft.com)

• Large-scale cryptomining campaign is targeting the NPM repositorySecurity Affairs

• ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)

• Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru

Insider Risk and Insider Threats

• Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens | Threatpost

• HackerOne incident raises concerns for insider threats (techtarget.com)

Fraud, Scams & Financial Crime

• Ukrainian police takes down phishing gang behind payments scam | ZDNet

Supply Chain and Third Parties

• Applying Shift Left principles to third party risk management - Help Net Security

Software Supply Chain

• NPM supply-chain attack impacts hundreds of websites and apps (bleepingcomputer.com)

Cloud/SaaS

• Microsoft Issue Updated Warning Against Known Cloud Threat Actor Group - IT Security Guru

• Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake' (darkreading.com)

• What Do All of Those Cloud Cyber Security Acronyms Mean? (darkreading.com)

Identity and Access Management

• 6 signs your IAM strategy is failing, and how to fix it | CSO Online

Asset Management

• How a cyber asset management strategy can help enterprises detect threats - Help Net Security

Encryption

• Encryption is high up on corporate priority lists - Help Net Security

• Quantum-resistant encryption recommended for standardization • The Register

• The threat of quantum computing to sensitive data - Help Net Security

• Inside NIST's 4 Crypto Algorithms for a Post-Quantum World (darkreading.com)

• End-to-end encryption’s central role in modern self-defence | Ars Technica

API

• Why your API gateway is not enough for API security? - Help Net Security

Open Source

• Researchers Warn of New OrBit Linux Malware That Hijacks Execution Flow (thehackernews.com)

Social Media

• British Army Cyber Attack Reminds Businesses That Social Media Accounts Are Prime Targets (informationsecuritybuzz.com)

• Limp Facebook Policies – Do They Ignore Suffering And Crime! (informationsecuritybuzz.com)

Digital Transformation

• Cyber security is driving digital transformation in alternative investment institutions - Help Net Security

Travel

• Marriott suffered a new data breach, attackers stole 20GB of data - Security Affairs

Cyber Bullying and Cyber Stalking

• Free smartphone stalkerware detection tool gets dedicated hub (bleepingcomputer.com)

Regulations, Fines and Legislation

• ICO Set to Scale Back Public Sector Fines - Infosecurity Magazine

• ECB to warn eurozone countries over crypto regulation | Financial Times (ft.com)

• Wegmans hit with $400,000 data-breach penalty (democratandchronicle.com)

Models, Frameworks and Standards

• PCI DSS 4.0 released, addresses emerging threats and technologies - Help Net Security

Law Enforcement Action and Take Downs

• Ukrainian police takes down phishing gang behind payments scam | ZDNet

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Apple's New "Lockdown Mode" Protects iPhone, iPad, and Mac Against Spyware (thehackernews.com)

• Pro-Kremlin hackers Killnet hit Latvia with biggest cyber attack in its history | World | The Times

• TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine (thehackernews.com)

• UK to combat Russia’s ‘hostile online warfare’ by forcing internet firms to remove disinformation | TechCrunch

• NATO Announce Plans to Develop Cyber Rapid Response Capabilities - IT Security Guru

• FBI and MI5 bosses: China cheats and steals at massive scale • The Register

• Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop

• In Switch, Trickbot Group Now Attacking Ukrainian Targets (darkreading.com)

• Apple Debuts Spyware Protection for State-Sponsored Cyber Attacks (darkreading.com)

Nation State Actors

Nation State Actors – Russia

• Russian Info Ops Ramp Up Effort to Divide West on Ukraine - Infosecurity Magazine

• Near-undetectable malware linked to Russia's Cozy Bear • The Register

Nation State Actors – China

• US and UK intelligence chiefs call for vigilance on China’s industrial spies | Financial Times (ft.com)

• China Censors What Could Be Biggest Data Hack in History (gizmodo.com)

• Hackers linked to the Chinese government increasingly target Russia, analysis suggests - CyberScoop

• China’s Cabinet Stresses Cyber Security After Data Leak - Bloomberg

• Security warning after sale of stolen Chinese data - BBC News

• Five accused of trying to silence China critics in US • The Register

• 50 Chinese students leave UK in three years after spy chiefs’ warning | Espionage | The Guardian

• More UK calls for ban of CCTV makers Hikvision, Dahua • The Register

Nation State Actors – North Korea

• Russian information operations focus on dividing Western coalition supporting Ukraine - CyberScoop

• North Korean ransomware dubbed Maui active since May 2021 • The Register

• Feds wave red flag over Maui ransomware | CSO Online

• Spear Phishing Fake Job Offer Likely Behind Axie Infinity's Lazarus $600m Hack - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – Iran

• Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' - CyberScoop

• Latest Cyber Attack Against Iran Part of Ongoing Campaign | Threatpost

Vulnerability Management

• Google: Half of zero-day exploits linked to poor software fixes | ZDNet

• Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)

Vulnerabilities

• Cisco and Fortinet Release Security Patches for Multiple Products (thehackernews.com)

• Google Patches Actively Exploited Chrome Bug | Threatpost

• OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE - Security Affairs

• Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know – Naked Security (sophos.com)

• Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions - Security Affairs

• Cisco Releases 10 Security Patches For Expressway Series and TelePresence VCS Products - Infosecurity Magazine

• Django fixes SQL Injection vulnerability in new releases (bleepingcomputer.com)

• Google fixes the fourth Chrome zero-day in 2022 - Security Affairs - Security Affairs

• Tens of Jenkins plugins are affected by zero-day vulnerabilities - Security Affairs

• OpenSSL fixes two “one-liner” crypto bugs – what you need to know – Naked Security (sophos.com)

• Fortinet addressed multiple vulnerabilities in several products - Security Affairs

• There’s a Nasty Security Hole in the Apache Webserver – The New Stack

Sector Specific

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

We currently provide tailored threat intelligence based on the following sectors, additional sectors by arrangement:

• Automotive

• Construction

• Critical National Infrastructure (CNI)

• Defence & Space

• Education & Academia

• Energy & Utilities

• Estate Agencies

• Financial Services

• FinTech

• Food & Agriculture

• Gaming & Gambling

• Government & Public Sector (including Law Enforcement)

• Health/Medical/Pharma

• Hotels & Hospitality

• Insurance

• Legal

• Manufacturing

• Maritime

• Oil, Gas & Mining

• OT, ICS, IIoT, SCADA & Cyber-Physical Systems

• Retail & eCommerce

• Small and Medium Sized Businesses (SMBs)

• Startups

• Telecoms

• Third Sector & Charities

• Transport & Aviation

• Web3

Other News

• These are the cyber security threats of tomorrow that you should be thinking about today | ZDNet

• Rising threats spark scramble for cyber workers | The Hill

• Why Browser Vulnerabilities Are a Serious Threat — and How to Minimize Your Risk (darkreading.com)

• Microsoft rolls back plan to block macros by default • Graham Cluley

• Attacker groups adopt new penetration testing tool Brute Ratel | CSO Online

• Security tester says he broke into datacenter via toilets • The Register

• SQL injection, XSS vulnerabilities continue to plague organisations | CSO Online

• Endless cyber-threat pressure could leave security staff burnt out. Here's what you need to change | ZDNet

• Top 7 types of data security technology (techtarget.com)

• Imagination is key to effective data loss prevention - Help Net Security

• The Age of Collaborative Security: What Tens of Thousands of Machines Witness (thehackernews.com)

• Maintaining a sustainable strengthened cyber security posture - NCSC.GOV.UK

• Hacking the Crypto-Monetized Web (trendmicro.com)

• Reflections Of A Former Hacker: How Leaders Can Protect Their Business From Cyber Threats (forbes.com)

• Zero Trust Bolsters Our National Defence Against Rising Cyber Threats (darkreading.com)

• Security advisory accidentally exposes vulnerable systems (bleepingcomputer.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.