Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 November 2023

Black Arrow Cyber Threat Intelligence Briefing 17 November 2023:

-Cyber Resilience Requires Maturity, Persistence & Board Engagement

-Security is a Process, Not a Tool

-46% of SMBs and Enterprises Have Experienced a Ransomware Attack

-Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

-67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

-The Persistent Menace: Understanding And Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

-Financial Services still Stubbornly Vulnerable to Cyber Disruption

-Worlds Biggest Bank Hit by Ransomware, Workers Forced to Trade With USB Sticks

-NCSC Warns UK Over Significant Threat to Critical Infrastructure

-Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

-Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

-Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]


Top Cyber Stories of the Last Week

Governance, Risk and Compliance


Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs


Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence


Vulnerabilities


Tools and Controls


Reports Published in the Last Week



Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3


As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More