Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Social Engineering is the Biggest Cyber Threat, as Study Finds Most Workers Have Clicked on a Suspicious Email Link

According to a recent report, half of office workers have clicked on a link or attachment within a suspicious email sent to their work address within the last 12 months, and of those that interacted with the email, half of them claimed to be confident in their ability to identify phishing emails.

With 68% of breaches involving the human element, your organisation must be cognisant of its employees. Hackers know that no matter what your tech stack is, you will always have employees and where there is an employee, there is a way into your organisation. It is far cheaper to exploit an employee who already has the access you require, than to develop a new exploit. It only takes one human to make a mistake by granting access to an attacker.  

When it came to training, only 41% of respondents said their employer had provided formal cyber security awareness training and 79% said their previous training is not sufficient to keep pace with modern cyber threats.

Source: [HackerNoon] [BusinessPlus]

Business Leaders are Stressing Out Over Pace of Technological Change, as Cyber Security Incidents Seen as Main Business Disruptor

A recent report commissioned by BT reveals that 86% of UK business leaders suffer from 'tech-related stress,' particularly concerning AI and cyber security, a phenomenon they have termed as 'Bytmares.' The report found that 59% of business leaders worry about the rapid and relentless pace of tech advancement, and whether appropriate controls are in place to protect it.

According to a different survey, 74% of business leaders view cyber security incidents as the main disruptive threat to their organisations either currently or over the next twelve months. This was followed by cloud computing, internet of things and artificial intelligence.

These findings highlight the critical importance of robust cyber security measures in today’s interconnected world. As organisations increasingly rely on digital infrastructure, safeguarding sensitive data and systems becomes paramount. Cyber threats can disrupt operations, compromise customer trust, and result in financial losses. Remember, cyber security is not just an IT concern; it is a strategic imperative for every organisation.

Sources: [Beta News] [Telecoms] [Verdict]

ICO Warns That Many UK Businesses Neglect Basic Cyber Security: More Ransomware and Cyber Attacks Last Year Than Ever Before

A recent update from the UK’s Information Commissioner’s Office (ICO) has revealed that ransomware attacks in the UK have surpassed all previous years, up 52% from the previous year. The report found that finance, retail and education sectors are suffering the most incidents.

The leading causes of breaches include phishing, brute force attacks, errors and supply chain attacks. The ICO noted that many organisations still neglect basic cyber security measures and has called for enhanced efforts to combat the escalating threat, emphasising the importance of foundational controls.

Sources: [Tech Monitor] [Government Business] [The Record Media] [Tech Monitor]

Data Breaches are Getting Worse, Many are Employee Errors or Social Engineering Attacks

The latest Verizon Business Data Breach Investigations Report (DBIR) highlights that employee error is the leading cause of cyber security incidents in the EMEA region, accounting for 49% of cases. The top reasons for these incidents are “miscellaneous errors, system intrusion, and social engineering,” making up 87% of all breaches. Hackers primarily target personal information (64%), internal data (33%), and login credentials (20%). Despite zero-day vulnerabilities being a significant threat, with exploitation rising to 14% of breaches, the report emphasises the critical need for ongoing employee training and awareness to mitigate these risks.

Source: [TechRadar]

Why Cyber Insurance isn’t a Substitute for Cyber Risk Management

While cyber insurance can be beneficial in mitigating financial loss from cyber attacks, it is not a substitute for comprehensive cyber risk management. Many firms with cyber insurance have still fallen victim to attacks, highlighting that cyber insurance primarily transfers residual risk. Effective cyber risk management includes conducting proper risk assessments and implementing robust cyber security controls. Cyber insurance cannot resolve issues like business disruption, breach of client confidentiality, and compliance with legal obligations; this stresses the need for proactive measures and independent assurance to protect against cyber threats.

Source: [ Law Society of Scotland]

China Presents Defining Challenge to Global Cyber Security, Says GCHQ

A recent speech by the new director of the UK’s GCHQ highlighted China's growing cyber threat, describing it as an "epoch-defining challenge." She warned that China's destabilising actions undermine global internet security. The current head of the UKs’ NCSC echoed these concerns, pointing to the Chinese state-sponsored hacking group Volt Typhoon which has infiltrated critical sectors like energy and transportation. The National Cyber Director at the White House added that China’s cyber capabilities pose a significant threat to global infrastructure, particularly in crisis scenarios, as Chinese hackers increasingly use sophisticated techniques to pre-position within networks.

Source: [Infosecurity Magazine]

Botnet Sent Millions of Emails in LockBit Black Ransomware Campaign

Since April, millions of phishing emails have been sent through a botnet known as “Phorpiex” to conduct a large-scale LockBit Black ransomware campaign. In a warning from New Jersey’s Cybersecurity and Communications Integration Cell, it was explained that the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients' systems if launched. The emails are sent from 1,500 unique IP addresses worldwide.

Sources: [Bleeping Computer]

Global Financial Stability at Risk Due to Cyber Threats, IMF warns

A new International Monetary Fund (IMF) report highlights the severe threat cyber attacks pose to global financial stability, revealing that nearly 20% of reported cyber incidents in the past two decades targeted the financial sector, causing $12 billion in direct losses. Since 2020, these attacks have led to an estimated $2.5 billion in direct losses. The report underscores that cyber incidents threaten financial institutions' operational resilience, potentially leading to funding challenges and reputational damage. The IMF calls for bolstered cyber security measures, including stress testing, information-sharing arrangements, and enhanced national cyber security strategies to mitigate these growing risks.

Source: [World Economic Forum]

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

An ongoing social engineering campaign that is bombarding enterprises with spam calls and emails has been uncovered. The campaign involves a threat actor overwhelming a user’s email with junk, followed by a call offering to assist in removing the junk. From here, the threat actor aims to convince the victim to download remote monitoring and management software such as AnyDesk or Microsoft’s built in Quick Assist feature to allow the attacker remote access to the victim’s machine.

Source: [The Hacker News]

Santander Data Breach via Third-Party Provider Impacted Customers and Employees

A recent disclosure by the Spanish bank Santander revealed a data breach at a third-party provider affecting customers in Chile, Spain, and Uruguay. Unauthorised access to a database hosted by the provider compromised information on all current and some former employees, but did not include transactional data, online banking details, or passwords. Santander said they swiftly implemented measures to contain the incident, blocking access to the compromised database and enhancing fraud prevention controls. The bank assured that its operations and systems remain unaffected, allowing customers to continue transacting securely. The number of impacted individuals remains unspecified.

There is a continued trend in third party providers being used as the soft underbelly to attack larger and better defended organisations, requiring all organisations to consider the security controls of their third parties.

Source: [securityaffairs.com]

40% of Cyber Teams Have Held Back from Reporting Cyber Attacks Over Fear of Losing Jobs

Recent research has revealed that 40% of cyber teams have not reported a cyber attack due to the fear of losing their job. Unfortunately, this leaves businesses at risk of being non-compliant, without even knowing so. When it came to challenges faced by organisations, it was found that nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyber attacks and 32% did not have the resources to hire new staff. This is not to say however, they are unable to outsource some of their cyber function to cyber specialists. This lack of allocated resources prevents the organisation from being confident that any incidents have been appropriately remediated.

Source: [Business Wire]

Digital Resilience – a Step Up from Cyber Security

In an increasingly digital world, many organisations are unaware of how truly reliant they are on digital technology, and the accompanying risks. As we move toward an even more digitally dependent future, the need for digital resilience is more critical than ever. Digital resilience refers to the ability to maintain, change, or recover technology-dependent operations. Organisations should begin with an internal audit to assess their digital resilience, involving all departments and ensuring senior management oversight, as board involvement is essential for effective cyber security programmes.

Digital resilience goes beyond cyber security to encompass change management, business resilience, and operational risk. Implementing digital resilience strategies requires continuous adaptation, cross-functional collaboration, and embedding resilience thinking throughout the organisation. Businesses must integrate digital resilience into their strategic planning to ensure ongoing competitiveness and adaptability in an ever-evolving digital landscape.

Sources: [CSO Online] [CSO Online]

UK Lags Europe on Exploited Vulnerability Remediation

A new report by Bitsight reveals that UK organisations lag behind their European counterparts in remediating software flaws listed in the US ‘Known Exploited Vulnerability’ (KEV) catalogue. UK organisations take an average of 225 days to address KEVs, compared to 220 days for European entities and just 21 days for German organisations. Non-KEV vulnerabilities are patched at an even slower rate, with UK entities taking over two years (736 days) to patch. Globally, the average time to resolve KEVs is around six months (180 days). Despite fewer KEVs detected in UK environments (30% versus 43% in Europe), the slow remediation poses significant risks, emphasising the need for faster and more proactive cyber security measures, specifically robust vulnerability scanning and patching.

Source: [Infosecurity Magazine]

Cyber Threats Demand More Focus Says Zurich, as UK Insurance And NCSC Join Forces to Fight Ransomware Payments

A recent discussion at the British Insurance Brokers' Association (BIBA) conference highlighted the increasing importance of cyber security for businesses, driven by the surge in cyber attacks and the use of AI by criminal gangs. Zurich Resilience Solutions UK noted that businesses face greater scrutiny from underwriters over their cyber exposures.

BIBA, together with the Association of British Insurers (ABI), and the International Underwriting Association (IUA), have united with the UK’s National Cyber Security Centre (NCSC) in a joint effort to tackle ransom payments. As a result of their collaboration, they have published new best practice guidance, which aims to reduce the number of payments being made by UK victims as well as the disruption businesses face.

Source: [Emerging Risks] [NCSC] [Infosecurity Magazine]

Governance, Risk and Compliance

• ICO calls on all organisations to boost their cyber security amid growing threat of cyber attacks | Practical Law (thomsonreuters.com)

• Firms neglecting cyber security basics - ICO - CIR Magazine

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Business leaders consider cyber security main disruptor – Q1 2024 survey - Verdict

• 40% of Cyber Teams Have Not Reported Cyber Attacks Over Fear of Losing Jobs, According to New VikingCloud Research | Business Wire

• The Growing Cyber Security Disconnect Leaves Enterprises Exposed (forbes.com)

• Cyber Security Is a Top Investor Concern | HackerNoon

• Cyber threats demand more focus – Zurich (emergingrisks.co.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Keep it secret, keep it safe: the essential role of cyber security in document management | CSO Online

• Cyber anxiety on the rise in the UK (betanews.com)

• UK business leaders are stressing out over pace of technological change (telecoms.com)

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• 44% of Cyber Security Professionals Struggle with Regulatory Compliance - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber attacks threaten global financial stability, IMF warns | World Economic Forum (weforum.org)

• BISO: Enhancing cyber security in modern enterprises - SiliconANGLE

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• What Is Cyber Risk Quantification? | HackerNoon

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• A Third of CISOs Have Been Dismissed “Out of Hand” By the Board - Infosecurity Magazine (infosecurity-magazine.com)

• Maximizing cyber security ROI: A strategic approach | TechRadar

• Many CISOs don't feel they get the right respect from their board | TechRadar

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Lloyd’s updates cyber war wordings - Reinsurance News

• Are you meeting your cyber insurance requirements? - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• UK hit by more ransomware and cyber attacks last year than ever before (therecord.media)

• The ups and downs (and ups again) of the ransomware risk - Digital Journal

• Hackers Target Children of Corporate Executives in Ransomware Attacks (businessinsider.com)

• CISA: Black Basta ransomware breached over 500 orgs worldwide (bleepingcomputer.com)

• Cyber attacks leave significant financial impact on hacked organisations (kwch.com)

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• The UK may not have a choice on a ransomware payment ban | Computer Weekly

• 64% Jump in Ransomware Claims on Remote Access Tools, Report Shows (claimsjournal.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Organisations struggle to defend against ransomware - Help Net Security

• Ransomware statistics that reveal alarming rate of cyber extortion - Help Net Security

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Ransomware negotiator weighs in on the payment debate • The Register

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

• INC ransomware source code selling on hacking forums for $300,000 (bleepingcomputer.com)

• What is ransomware recovery? | Definition from TechTarget

• Ransomware Defence Strategies: Never Trust a Criminal (inforisktoday.com)

Ransomware Victims

• More than 470 legal actions against HSE over cyber attack (rte.ie)

• It's been a bad week for public cyber security | TechRadar

• Christie's Just Postponed the Rare Watches Auction Due to Cyber Attack (robbreport.com)

• Singing River Health System: Data of 895,000 stolen in ransomware attack (bleepingcomputer.com)

• Repeat Offenders: Black Basta’s Latest Healthcare Cyber Attack (informationweek.com)

• E-prescription provider MediSecure impacted by a ransomware attack (securityaffairs.com)

Phishing & Email Based Attacks

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Most Workers Have Clicked on a Suspicious Email Link (businessplus.ie)

• Botnet sent millions of emails in LockBit Black ransomware campaign (bleepingcomputer.com)

• Stay In The Loop On Emerging And Evolving Email Threat Trends (informationsecuritybuzz.com)

• Collaboration tools are now at the frontline in the battle against phishing (securitybrief.co.nz)

• 5 Common Phishing Vectors and Examples - 2024 (cybersecuritynews.com)

BEC

• Visualizing Global Losses from Financial Scams (visualcapitalist.com)

Other Social Engineering

• Social Engineering is the Biggest Cyber Threat | HackerNoon

• Low-tech tactics still top the IT security risk chart | CSO Online

• Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls (thehackernews.com)

• What is vishing and quishing, and how do you protect yourself? | PCWorld

• Beware of fake calls, ward off cyber criminals: Govt - The Statesman

• OODA Loop - The Social Engineering Tactics of Ransomware-as-a-Service Operator Black Basta

Artificial Intelligence

• UK Government Unveils New AI Cyber Security Measures as ICO Details Importance of Data Protection | The Fintech Times

• UK agency releases tools to test AI model safety | TechCrunch

• Security industry struggles to consolidate against AI threats - SiliconANGLE

• Cyber Security Races to Unmask New Wave of AI Deepfakes (darkreading.com)

• Only one-third of firms deploy safeguards against generative AI threats, report finds | CIO Dive

• CISOs Reconsider Their Roles in Response to GenAI Integration - Security Boulevard

• AI's rapid growth puts pressure on CISOs to adapt to new security risks - Help Net Security

• Insider Risk in the Generative AI Era - InfoRiskToday

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Concern over AI cyber threats among UK infrastructure organisations | Security News (sourcesecurity.com)

• The Cyber Security Survival Guide For Generative AI (forbes.com)

2FA/MFA

• How to Prevent Attacks that Bypass MFA - InfoRiskToday

Malware

• Malware was almost 50% of threat detections in Q1 2024 | Security Magazine

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Man destroys his laptop after downloading 1,000 viruses to see which anti-virus software works the best (unilad.com)

Mobile

• Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials (thehackernews.com)

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com)

• Apple warns of increased iPhone security risks – Computerworld

• Apple and Google agree on standard to alert people when unknown Bluetooth devices may be tracking them | TechCrunch

• Protect against iPhone trojan GoldPickaxe: How-to - 9to5Mac

• Unwanted Tracking Alerts Rolling Out to iOS, Android - Security Week

• Apple blocked $7 billion in fraudulent App Store purchases in 4 years (bleepingcomputer.com)

• Android boosting security with Theft Detection Lock, factory reset protection  (9to5google.com)

• Data Privacy: All the Ways Your Cellphone Carrier Tracks You and How to Stop It

• Your Android phone could have stalkerware — here’s how to remove it | TechCrunch

Internet of Things – IoT

• Attack makes autonomous vehicle tech ignore road signs • The Register

• Millions of IoT Devices at Risk From Integrated Modem (darkreading.com)

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• IoT Vulnerabilities and BotNet Infections: A Risk for Executives - Security Boulevard

Data Breaches/Leaks

• Over 5.3 billion data records exposed in April 2024 | Computer Weekly

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Notorious threat actor IntelBroker claims the hack of the Europol (securityaffairs.com)

• Hacker claims another breach into Dell systems | SC Media (scmagazine.com)

• Dell Data Breach Underscores Cost of Cyber Security Complacency (pymnts.com)

• Hacker claims to have stolen Dell customer data, twice. Here's how to protect yourself | ZDNET

• Santander Data Breach Impacts Customers, Employees - Security Week

• Employee data breaches up 41% - Personnel Today

• The legal sector's data breach conundrum: insights from ICO's latest report - Solicitors Journal

• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers - The Daily Hodl

• JPMorgan Fixes Security Flaw, Affects 450K Retirement Plans | Entrepreneur

• Europol confirms incident after data break-in claims • The Register

• Largest non-bank lender in Australia warns of a data breach (bleepingcomputer.com)

• Guernsey data breaches: More than 1,000 people affected - BBC News

• Up to 120,000 affected by data breach at City of Helsinki (helsinkitimes.fi)

• Billion-Dollar Bank Sued After Revealing Massive Data Breach Affecting Thousands of Customers, Exposing Account Details, Social Security Numbers and Medical Information: Report - The Daily Hodl

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

• Camden Council cyber attack warning after NRS Healthcare cyber attack | Ham & High (hamhigh.co.uk)

• Lessons learned from high-profile data breaches | TechTarget

• Zscaler Confirms Only Isolated Test Server Was Hacked - Security Week

• Nissan North America data breach impacts over 53,000 employees (bleepingcomputer.com)

Organised Crime & Criminal Actors

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Cyber and Financial Crime, Through the FBI Lens (govinfosecurity.com)

• FBI working towards nabbing Scattered Spider hackers, official says | Reuters

• Low-tech tactics still top the IT security risk chart | CSO Online

• The Growing Cyber Threat Landscape: Insights into State-Sponsored and Criminal Cyber Activities | HackerNoon

• Top 5 Most Dangerous Cyber Threats in 2024 (darkreading.com)

• Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Insider Risk and Insider Threats

• Low-tech tactics still top the IT security risk chart | CSO Online

• Data breaches are getting worse - and many are coming from a familiar source | TechRadar

• Insider Risk in the Generative AI Era - InfoRiskToday

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• CISOs call to ditch the 'stigma of blame' in cyber security (computing.co.uk)

Insurance

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• NCSC guide to help businesses facing ransomware demands (biba.org.uk)

• UK insurance industry begins to acknowledge role in tackling ransomware (therecord.media)

• UK Insurance and NCSC Join Forces to Fight Ransomware Payments - Infosecurity Magazine (infosecurity-magazine.com)

• Lloyd’s provides tighter guidance on cyber war wordings | Insurance Insider

• Cyber high on agenda at BIBA amid concerns over threats (emergingrisks.co.uk)

• Are you meeting your cyber insurance requirements? - Help Net Security

Supply Chain and Third Parties

• Most Companies Affected by Software Supply Chain Attacks in the Last Year, Struggling to Detect and React Effectively - IT Security Guru

• Santander: a data breach at a third-party provider impacted customers and employees (securityaffairs.com)

• MoD contractor hacked by China failed to report breach for months | Hacking | The Guardian

• Okta’s security chief on the company’s own cyber attack and how the ‘battleground’ has shifted (therecord.media)

Cloud/SaaS

• How to create a cloud security policy, step by step | TechTarget

• AI-driven attacks seen as chief cloud security threat | TechTarget

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Secrecy Concerns Mount Over Spy Powers Targeting US Data Centres | WIRED

Encryption

• You want us to think of the children? Couldn't agree more • The Register

Linux and Open Source

• Ebury botnet malware infected 400,000 Linux servers since 2009 (bleepingcomputer.com)

• Kimsuky hackers deploy new Linux backdoor via trojanized installers (bleepingcomputer.com)

• Establishing a security baseline for open source projects - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• The 10 most common 4-digit PIN numbers — are you at risk of a cyber attack? (nypost.com)

Social Media

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

Training, Education and Awareness

• The Future of Security Awareness - GovInfoSecurity

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

Regulations, Fines and Legislation

• Singapore Cyber Security Update Puts Cloud Providers on Notice (darkreading.com)

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

• Nigeria Halts Cyber Security Tax After Public Outrage (darkreading.com)

Models, Frameworks and Standards

• Clock is ticking for companies to prepare for EU NIS2 Directive | CSO Online

Careers, Working in Cyber and Information Security

• The cyber security skills shortage: A CISO perspective | CSO Online

• Why cyber security staff burn out, and what to do about it (computing.co.uk)

Law Enforcement Action and Take Downs

• As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs (darkreading.com)

• FBI, DoJ Shut Down BreachForums, Launch Investigation (darkreading.com)

• Most ransomware-hit enterprises report to authorities, but level of support varies | ZDNET

• Prison for cyber security expert selling private videos from inside 400,000 homes (bitdefender.com)

• Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion (bleepingcomputer.com)

• US brothers arrested for stealing $25m in crypto in just 12 seconds - BBC News

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Lloyd’s updates cyber war wordings - Reinsurance News

• Civil society under increasing threats from ‘malicious’ state cyber actors, US (therecord.media)

Nation State Actors

China

• Cyber threat landscape permanently altered by Chinese operations, US officials say (therecord.media)

• GCHQ boss says China's 'genuine' cyber threat 'weakens security of internet for all' | Science & Tech News | Sky News

• Tracking the Progression of Earth Hundun's Cyber espionage Campaign in 2024 | Trend Micro (US)

• When Chinese Nationalist Hackers Go Rogue (globelynews.com)

• Can't blame all Chinese cyber attacks on the government - Asia Times

• How the West has struggled to keep up with China’s spy threat - BBC News

• Stifling Beijing in cyber space big focus for UK operatives • The Register

• China focuses on non-military ways to take Taiwan, reports warn - Washington Times

• It’s time to ban TikTok for the sake of our democracy and security (politicshome.com)

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• Chinese Crime Ring Uses Franchise Model to Grow Fake Online Shops (businessinsider.com)

• Three men charged with aiding Hong Kong intelligence service, says Met | UK news | The Guardian

Russia

• Russia is ramping up sabotage across Europe (economist.com)

• File Not Found: Russia Is Hacking Evidence of Its War Crimes - War on the Rocks

• NATO Draws a Cyber Red Line in Tensions With Russia - Security Week

• Pro-Russia hackers targeted Kosovo government websites (securityaffairs.com)

• Russian Actors Weaponize Legitimate Services in Multi-Malware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• UK 'increasingly concerned' about Russian intelligence links to hacktivists (therecord.media)

• To the Moon and back(doors): Lunar landing in diplomatic missions (welivesecurity.com)

• New backdoors on a European government's network appear to be Russian (therecord.media)

• 'Russian' hackers deface potentially hundreds of local British news sites (therecord.media)

• Investigation: How Russia's Warplanes Get Their 'Brain Power' From The West, Despite Sanctions

• The Three Seas Initiative: A Vanguard in Digitization and Cyber Security | Warsaw Institute

Iran

• Iran most likely to launch destructive cyber attack on US • The Register

North Korea

• Asian Threat Actors Use New Techniques to Attack Familiar Targets (darkreading.com)

• North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (thehackernews.com)

Vulnerability Management

• Not Just MOVEit: 2023 Was a Banner Year for Zero-Days (inforisktoday.com)

• (Cyber) Risk = Probability of Occurrence x Damage (thehackernews.com)

• Critical vulnerabilities take 4.5 months on average to remediate - Help Net Security

• The Fall of the National Vulnerability Database (darkreading.com)

• Backlogs at National Vulnerability Database prompt action from NIST and CISA | CSO Online

• UK Lags Europe on Exploited Vulnerability Remediation - Infosecurity Magazine (infosecurity-magazine.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stopped - Infosecurity Magazine (infosecurity-magazine.com)

• Heartbleed: When Is It Good to Name a Vulnerability? (darkreading.com)

Vulnerabilities

• Google Chrome emergency update fixes 6th zero-day exploited in 2024 (bleepingcomputer.com)

• Google patches third exploited Chrome zero-day in a week (bleepingcomputer.com)

• Threat actors may have exploited a zero-day in older iPhones, Apple warns (securityaffairs.com) 

• Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days (thehackernews.com)

• Cyber Criminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks (thehackernews.com)

• Microsoft fixes Windows zero-day exploited in QakBot malware attacks (bleepingcomputer.com)

• Log4J shows no sign of fading, spotted in 30% of CVE exploits - Help Net Security

• D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day (darkreading.com)

• New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks (thehackernews.com)

• Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities  - Security Week

• Google Issues Critical Update For Millions Of Pixel Users (forbes.com)

• Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS - Security Week

• CISA and FBI Issue Alert on Path Traversal Vulnerabilities - Security Boulevard

• VMware Patches Severe Security Flaws in Workstation and Fusion Products (thehackernews.com)

• Firefox 126: Telemetry, privacy feature, and security fixes - gHacks Tech News

• SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver - Security Week

• Adobe Patches Critical Flaws in Reader, Acrobat - Security Week

• Cisco Releases Security Updates for Multiple Products | CISA

• Microsoft shares temp fix for Outlook encrypted email reply issues (bleepingcomputer.com)

Tools and Controls

• Why cyber insurance isn’t a substitute for cyber risk management. | Law Society of Scotland (lawscot.org.uk)

• Digital resilience – a step up from cyber security | CSO Online

• Dancing on the Head of a Pin: Corporate Boards, Committees and Cyber Security Risk Management | The Volkov Law Group - JDSupra

• How To Implement Threat Modeling To Protect Your Business - Minutehack

• How to create a cloud security policy, step by step | TechTarget

• Hackers use DNS tunneling for network scanning, tracking victims (bleepingcomputer.com)

• AWS CISO: In AI gold rush, folks forget application security • The Register

• What Is Cyber Risk Quantification? | HackerNoon

• Best Practices for Preparing for a Cyber Breach | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Ridding your network of NTLM | CSO Online

• Maximizing cyber security ROI: A strategic approach | TechRadar

• What is ransomware recovery? | Definition from TechTarget

• The Human Element in Cyber Security: Safeguarding your organisation (thebusinessmagazine.co.uk)

• Addressing the Cyber Security Vendor Ecosystem Disconnect (darkreading.com)

• The Future of Security Awareness - GovInfoSecurity

• Microsoft Deploys Generative AI for US Spies | WIRED

• How to Think About Foundation Models for Cyber Security | Andreessen Horowitz (a16z.com)

Reports Published in the Last Week

• Learning from the mistakes of others – A retrospective review | ICO

• 2024 Browser Security Report (layerxsecurity.com)

• At-Bay's 2024 InsurSec Report [Download Now]

• Kaspersky’s Incident Response Analyst report 2023 (kasperskycontenthub.com)

Other News

• Microsoft president summoned to House over security blunders • The Register

• National Cyber Security Centre: Tech market not working - The Business Magazine

• Critical infrastructure security needs everyone's help • The Register

• Your Hospital Is Under Cyber Attack. Now What? (newsweek.com)

• BT, TalkTalk, Virgin Media and Vodafone on UK Router Security and Upgrades - ISPreview UK

• Hackers use DNS tunnelling for network scanning, tracking victims (bleepingcomputer.com)

• NCSC CTO: Broken market must be fixed to usher in new tech • The Register

• Public Sector IT is Broken: Turning the System Back On - IT Security Guru

• The Cyber Security Implications Of Gen Z’s Tech-Savvy Lifestyle (forbes.com)

• Fortify Your Digital Defences: Top Home Cyber Security Strategies for Personal Protection | HackerNoon

• Classes cancelled as 'sinister' school cyber attacks rise - BBC News

• Irony abounds as UK NCSC’s simple door codes revealed • The Register

• Candidates to get cyber security support amid general election interference fears (nation.cymru)

• NCSC launches Share and Defend capability | UKAuthority

• Too many ICS assets are exposed to the public internet - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

Cisco has published a security advisory warning regarding an active attack campaign labelled as “ArcaneDoor”. The campaign involves threat actors exploiting vulnerabilities in Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) to implant previously unknown malware, execute commands and exfiltrate data. Activity is thought to have begun in early January 2024.

What’s the risk to me or my business?

There is a risk that organisations running vulnerable software versions of Cisco ASA or FTD are leaving themselves at risk of allowing an attacker to implant malware, execute commands and exfiltrate data, impacting the confidentiality, integrity and availability of data. There is no current workaround, and Cisco advises to upgrade to a fixed software release immediately.

What can I do?

Black Arrow recommends following Cisco’s advice, and applying patches immediately. Additionally, organisations can also open a case with Cisco Technical Assistance Center, referencing the keyword “ArcaneDoor” to verify the integrity of their Cisco ASA or FTD devices. Further information on this can be found in the advisory provided by Cisco.

Technical Summary

CVE-2024-20353-  a denial of service vulnerability impacting Cisco ASA and FTD software.

CVE-2024-20359- A privilege escalation vulnerability, which could allow an authenticated local attacker to execute code with the highest level of privilege. Administrator level privileges are required to exploit this vulnerability.

Further information can be found below.

The advisories provided by Cisco can be found here:

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Cyber Breaches Survey Finds Business Falling Short on Cyber, as Half Suffer Breach and Many Fail to Report

Half of UK businesses experienced a cyber breach last year, according to a survey by the UK Government. The figure could be much higher however, as the survey found only 34% report breaches externally.

It is said that a cyber incident is a matter of when, not if. Nonetheless, 78% of organisations lack a dedicated response plan outlining actions to be taken in the event of a cyber incident and only 11% review their immediate suppliers for risks. To improve cyber resilience, there needs to be a paradigm shift.

Sources: [Computer Weekly] [Computing] [Infosecurity Magazine] [Info Risk Today]

Cyber Attacks Cost Financial Firms $12bn Says IMF

A recent International Monetary Fund (IMF) report has highlighted significant financial losses in the financial services sector, totalling $12 billion over the last two decades due to cyber attacks, with losses accelerating post-pandemic. The number of incidents and the scale of extreme losses have sharply increased, prompting the IMF to urge enhanced cross-border cooperation to uphold the stability of the global financial system.

The report underscores the critical threat that cyber attacks pose to financial stability, particularly for banks in advanced economies which are more exposed to such risks. With major institutions like JP Morgan facing up to 45 billion cyber threats daily, the IMF emphasises the need for international collaboration to effectively manage and mitigate these risks.

Source: [Finextra]

The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realise

A critical security breach was narrowly avoided when a Microsoft developer detected suspicious activity in XZ Utils, an open-source library crucial to internet infrastructure. This discovery revealed that a new developer had implanted a sophisticated backdoor in the software, potentially giving unauthorised access to millions of servers worldwide. This incident has intensified scrutiny on the vulnerabilities of open-source software, which is largely maintained by unpaid or underfunded volunteers and serves as a backbone for the internet economy. The situation has prompted discussions among government officials and cyber security experts about enhancing the protection of open-source environments. This close call, described by some as a moment of "unreasonable luck," underscores the pressing need for sustainable support and rigorous security measures in the open-source community.

Source: [Inc.com]

UK Government Urged to Get on ‘Front Foot’ with Ransomware Instead of ‘Absorbing the Punches’

Amidst a rising tide of ransomware attacks affecting wide range of UK services, officials in Westminster are being pressured to enhance funding for operations aimed at disrupting ransomware gangs. The current strategy focuses on bolstering organisational cyber security and recovery preparedness, a stance under the second pillar of the UK's National Cyber Strategy known as resilience. However, this approach has not curbed the frequency of incidents, which have steadily increased over the past five years, impacting sectors including the NHS and local governments. In contrast to the proactive disruption efforts seen in the US, the UK has yet to allocate new funds for such measures, despite successful disruptions like the recent takedown of the LockBit gang by the US National Crime Agency, which underscored the potential benefits of increased resources for cyber crime disruption.

Source: [The Record Media]

74% of Employees Falling Victim to Phishing Attacks Hit with Disciplinary Actions

The Egress 'Email Threat Landscape 2024' report reveals a surge in phishing attacks, with 94% of companies falling victim to this type of crime in this past year alone, leading to increasingly complex cyber security challenges. According to the report, 96% of these companies suffered significant repercussions, including operational disruption and data breaches, with common attack vectors being malicious URLs, and malware or ransomware attachments.

The human cost is also notable, with 74 per cent of employees involved in attacks having faced disciplinary actions, dismissals, or voluntary departures, underscoring the severity of the issue and the heightened vigilance among companies in addressing the phishing threat. Financial losses primarily stem from customer churn, which accounts for nearly half of the total impact. Amidst rising attacks through compromised third-party accounts, Egress advocates for stronger monitoring and defence strategies to protect critical data and reduce organisational and individual hardships.

Source: [The Fintech Times]

Why Are Many Businesses Turning to Third-Party Security Partners?

In 2023, 71% of organisations reported being impacted by a cyber security skills shortage, leading many to scale back their cyber security initiatives amid escalating threats. To bridge the gap, businesses are increasingly turning to third-party security partnerships, reflecting a shift towards outsourcing crucial cyber security operations to handle complex challenges more efficiently. This approach is driven by the need to fill technical and resource gaps in the face of a severe workforce shortfall, with an estimated 600,000 unfilled security positions in the US alone. Moreover, these strategic partnerships allow organisations to leverage external expertise for scalable and effective security solutions, alleviating the burden of staying updated with the rapidly evolving threat landscape.

Source: [Help Net Security]

74% of Businesses with up to 500 Employees are Concerned About Cyber Security as Attacks Rise

According to a recent poll by the US Chamber of Commerce, 60% of small businesses expressed concerns about threats, with 58% concerned about a supply chain breakdown. The highest concern came from businesses with 20-500 employees (74%). Despite such concern, only 49% had trained staff on cyber security. When it came to the impact of a cyber event, 27% of respondents say they are one disaster or threat away from shutting down their business.

Sources: [Malwcv arebytes][Marketplace] [US Chamber]

LastPass: Hackers Targeted Employee in Failed Deepfake CEO Call

LastPass recently reported a thwarted voice phishing attack targeting one of its employees using deepfake audio technology to impersonate CEO Karim Toubba. The attack, conducted via WhatsApp, was identified by the employee as suspicious due to the unusual communication channel and clear signs of social engineering, such as forced urgency. Despite the failure of this particular attempt, LastPass has shared the incident publicly to highlight the growing use of AI-generated deepfakes in executive impersonation schemes. This incident underscores a broader trend, as indicated by alerts from both the US Department of Health and Human Services and the FBI, pointing to an increase in sophisticated cyber attacks employing deepfake technology for fraud, social engineering, and potential influence operations.

Source: [Bleepingcomputer]

Most Cyber Criminal Threats are Concentrated in Just a Few Countries

Oxford researchers have developed the world's first cyber crime index to identify global hotspots of cyber criminal activity, ranking countries based on the prevalence and sophistication of cyber threats. The index reveals that a significant portion of cyber threats is concentrated in a few countries, with Russia and Ukraine positioned at the top, with the USA and the UK also ranking prominently. The results indicate that countries like China, Russia, Ukraine, the US, Romania, and Nigeria are among the top hubs for activities ranging from technical services to money laundering. This tool aims to refine the focus for cyber crime research and prevention efforts, although the study acknowledges the need for a broader and more representative sample of expert opinions to enhance the accuracy and applicability of the findings. The index underscores that while cyber crime may appear globally fluid, it has pronounced local concentrations.

Sources: [ThisisOxfordshire] [Phys Org]

Why Incident Response is the Best Cyber Security ROI

The Microsoft Incident Response Reference Guide predicts that most organisations will encounter one or more major security incidents where attackers gain administrative control over crucial IT systems and data. While complete prevention of cyber attacks may not be feasible, prompt and effective incident response is essential to mitigate damage and protect reputations. However, many organisations may not be adequately budgeting for incident response, and the recent UK Government report found that 78% of organisations do not have formalised incident response plans, risking prolonged recovery and increased costs. Cyber crime damages hit $23b in 2023, but the true costs of incidents includes non-financial damage such as reputational harm. If a cyber incident is a matter of when, not if, then a prepared incident response plan is the best cyber security ROI.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [CSO Online]

Ransomware Attacks are the Canaries in the Cyber Coal Mine

A recent report has found that ransomware attacks were up 110% compared to the prior month, stating that unreported attacks were up to 6 times higher. The report found that tactics are increasingly using data extortion, with 92% of attacks utilising this method.

Sources: [Silicon Republic] [The Hill]

Cyber Security is Crucial, but What is Risk and How do You Assess it?

Cyber security is an increasingly sophisticated game of cat and mouse, where the landscape is constantly shifting. Your cyber risk is the probability of negative impacts stemming from a cyber incident, but how do you assess risk?

One thing to understand is that there are a multitude of risks: risks from phishing, risks from insiders, risks from network attacks, risks of supply chain compromise, and of course, nation states. To understand risk, an organisation must first identify the information that it needs to protect, to avoid only learning of the information asset’s existence from a successful attacker. Once all assets are identified, then organisations should conduct risk assessments to identify threats and an evaluation the potential damage that can be done.

Sources: [Security Boulevard] [International Banker]

Governance, Risk and Compliance

• Cyber attacks cost financial firms $12bn says IMF (finextra.com)

• UK business falling short on cybersecurity warns government report (computing.co.uk)

• Half of UK Businesses Hit by Cyber Incident in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• 60% of small businesses are concerned about cyber security threats | Malwarebytes

• Cyber attacks on small businesses are on the rise - Marketplace

• What is cyber security risk & how to assess - Security Boulevard

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Why Cyber Security Is More Crucial Today Than Ever Before (internationalbanker.com)

• Large cyber attack could cause 'cyber run' or market sell-offs, warns IMF - FStech Financial Sector Technology

• Why are many businesses turning to third-party security partners? - Help Net Security

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Privacy Versus Cyber – What is the Bigger Risk? | Jackson Lewis P.C. - JDSupra

• Large businesses struggle to tackle cyber threats (betanews.com)

• Resilience And Antifragility Are The Best Strategies For 2024 (forbes.com)

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• Board Oversight and Cyber Breach Response: What Involvement Strikes the Right Balance? | Alston & Bird - JDSupra

• Compliance & Cyber Security – Working and Worrying Together About the Intersection of People and Technology | NAVEX - JDSupra

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Why cyberpsychology is such an important part of effective cyber security | CSO Online

• Cyber Security in the Evolving Threat Landscape (securityaffairs.com)

• How CISOs can make themselves ready to serve on the board | CSO Online

• CISOs Need A Data-Driven Approach To Offensive Security (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware surged 110pc last month, report claims (siliconrepublic.com)

• UK government urged to get on ‘forward foot’ with ransomware instead of ‘absorbing the punches’ (therecord.media)

• Ransomware attacks are the canaries in the cyber coal mine | The Hill

• Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch

• Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware (darkreading.com)

• Ransomware group maturity should influence ransom payment decision - Help Net Security

• Proactive and Reactive Ransomware Protection Strategies - Security Boulevard

• How can the energy sector bolster its resilience to ransomware attacks? - Help Net Security

• CL0P's Ransomware Rampage - Security Measures for 2024 (thehackernews.com)

• Should You Pay a Ransomware Attacker? - Security Boulevard

• LockBit struggles to maintain relevance amid rise of impersonators and new ransomware groups - SiliconANGLE

• DragonForce Ransomware - What You Need To Know | Tripwire

• LockBit copycat DarkVault spurs rebranding rumour | SC Media (scmagazine.com)

• Ransomware payouts hit all-time high, but that’s not the whole story (securityintelligence.com)

Ransomware Victims

• Vet chain CVS hit by cyber attack | Evening Standard

• Second ransomware gang says it’s extorting Change Healthcare • The Register

• Targus says it is facing major cyber attack, global operations hit | TechRadar

• Optics giant Hoya hit with $10 million ransomware demand (bleepingcomputer.com)

• Panera Bread week-long IT outage caused by ransomware attack (bleepingcomputer.com)

Phishing & Email Based Attacks

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How malicious email campaigns continue to slip through the cracks - Help Net Security

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

• Cyber Criminals Invade Inboxes: What Small Businesses Can Do (pymnts.com)

• Phishing Detection and Response: What You Need to Know - Security Boulevard

Other Social Engineering

• Cyber Criminals Target Victims Using Social Engineering Techniques (ic3.gov)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

Artificial Intelligence

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• China is using generative AI to carry out influence operations (securityaffairs.com)

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• AI risks under the auditor's lens more than ever - Help Net Security

• Speed of AI development is outpacing risk assessment | Ars Technica

• AI and GDPR: How is AI being regulated? | TechTarget

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• LastPass: Hackers targeted employee in failed deepfake CEO call (bleepingcomputer.com)

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• How Artificial Intelligence Is Fuelling Incel Communities (yahoo.com)

2FA/MFA

• How Hackers Can Hijack 2FA Calls with Sneaky Call Forwarding (404media.co)

Malware

• Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing (thehackernews.com)

• From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (thehackernews.com)

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Sophisticated Latrodectus Malware Linked to 2017 Strain (inforisktoday.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

• Bing ad posing as NordVPN aims to spread SecTopRAT malware | SC Media (scmagazine.com)

• ScrubCrypt used to drop VenomRAT along with many malicious plugins (securityaffairs.com)

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

• Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (thehackernews.com)

• Malicious PowerShell script pushing malware looks AI-written (bleepingcomputer.com)

• TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (thehackernews.com)

Mobile

• Our phones are under threat more than ever — but many of us still don't have mobile security protection | TechRadar

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

• The next wave of mobile threats - Help Net Security

Denial of Service/DoS/DDOS

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• DDoS Protection Needs Detective and Preventive Controls (darkreading.com)

• French cities knocked offline by 'large-scale cyber attack' • The Register

Internet of Things – IoT

• Amazon Removes a Feature From Fire TVs Over Security Concerns | Cord Cutters News

• Over 90,000 LG Smart TVs may be exposed to remote attacks (bleepingcomputer.com)

• EV Charging Stations Still Riddled With Cyber Security Vulnerabilities (darkreading.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• Hotel check-in terminal leaks rafts of guests' room codes • The Register

Data Breaches/Leaks

• Many of the world's biggest companies reported data breaches last year | TechRadar

• US Data Breach Reports Surge 90% Annually in Q1 - Infosecurity Magazine (infosecurity-magazine.com)

• 37% of publicly shared files expose personal information - Help Net Security

• Acuity confirms hackers stole non-sensitive govt data from GitHub repos (bleepingcomputer.com)

• Home Depot confirms third-party data breach exposed employee info (bleepingcomputer.com)

• AT&T now says data breach impacted 51 million customers (bleepingcomputer.com)

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Taxi software vendor exposes personal details of nearly 300K • The Register

• Employee credentials leaked in Microsoft security lapse (techmonitor.ai)

Organised Crime & Criminal Actors

• Russia ranked biggest cyber crime threat to rest of the world | Tech News | Metro News

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Cyber crooks poison GitHub search to fool developers | Computer Weekly

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Google sues crypto investment app makers over alleged massive "pig butchering" scam (bitdefender.com)

• Fugitive CEO at the center of 2022 crypto crash found liable for fraud | Cryptocurrencies | The Guardian

• Hackers deploy crypto drainers on thousands of WordPress sites (bleepingcomputer.com)

• RUBYCARP hackers linked to 10-year-old cryptomining botnet (bleepingcomputer.com)

Insider Risk and Insider Threats

• 74% of Employees Falling Victim to Phishing Attacks Hit With Disciplinary Actions; Egress Reveals | The Fintech Times

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• Insider Threats Surge Amid Growing Foreign Interference - Security Boulevard

Insurance

• US insurers using drones to deny home insurance policies • The Register

• Cyber Insurance: Sexy? No. Important? Critically yes. - Security Boulevard

Supply Chain and Third Parties

• Why a near-miss cyber attack put US officials and the tech industry on edge - The Japan Times

• DOJ data on 340,000 individuals stolen in consulting firm hack | SC Media (scmagazine.com)

• Combatting Supply Chain Cyber Threats: Safeguarding Data and Protecting Digital Supply Chains | Foley & Lardner LLP - JDSupra

Encryption

• How cryptographers finally cracked one of the Zodiac Killer’s hardest codes | Popular Science (popsci.com)

Linux and Open Source

• The Cyber Attack Stopped by a Microsoft Engineer Was Scarier Than We Realize | Inc.com

• Supply chain attack sends shockwaves through open-source community | CyberScoop

• German state ditches Microsoft for Linux and LibreOffice | ZDNET

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Who’s the bigger cyber security risk – Microsoft or open source? (reason.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Reusing passwords: The hidden cost of convenience (bleepingcomputer.com)

• Microsoft employees exposed internal passwords in security lapse | TechCrunch

• CISA says Sisense hack impacts critical infrastructure orgs (bleepingcomputer.com)

Social Media

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• 1.2 million people fooled by fake MidJourney Facebook page used to spread malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Famous YouTube Channels Hacked to Distribute Infostealers - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Cyber Security Regulations Aren’t Static—Your Practices Can’t Be Either (forbes.com)

• Open source foundations unite on common standards for EU’s Cyber Resilience Act | TechCrunch

• Understanding CISA’s New Draft Rules for Cyber Attack Reporting | Morgan Lewis - Tech & Sourcing - JDSupra

• Spy Law Needs Fixing Now to Stop Overreach—Not a Backdoor Boost (bloomberglaw.com)

• AI and GDPR: How is AI being regulated? | TechTarget

• CISA: 300,000+ Small Entities Covered By Proposed Cyber Reporting Regs | MSSP Alert

• CISO Perspectives on Complying with Cyber Security Regulations (thehackernews.com)

Models, Frameworks and Standards

• HIPAA Fundamentals for Providers | Tucker Arensberg, P.C. - JDSupra

• Process and Control Today | NIS2 – cyber security directive from the EU. Get ready! (pandct.com)

• DORA Compliance Checklist | UpGuard

Backup and Recovery

• Seven ways to be sure you can restore from backup | Computer Weekly

Data Protection

• 37% of publicly shared files expose personal information - Help Net Security

Careers, Working in Cyber and Information Security

• Want to make cyber security much stronger? Become a mentor | CSO Online

Law Enforcement Action and Take Downs

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

Misinformation, Disinformation and Propaganda

• UK Warned Of AI Misinformation Targeting 2024 Polls, Nation-State Hackers Raise Stakes - Microsoft (NASDAQ:MSFT) - Benzinga

• State-backed cyber attacks, AI deepfakes: Top UK election cyber risks (cnbc.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

• How Nation-State DDoS Attacks Impact Us All (darkreading.com)

• Foreign Interference Drives Record Surge in IP Theft - Infosecurity Magazine (infosecurity-magazine.com)

China

• A TikTok Whistleblower Got DC’s Attention. Do His Claims Add Up? | WIRED

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• China is using generative AI to carry out influence operations (securityaffairs.com)

• Zambia Busts 77 People in China-Backed Cyber Crime Op (darkreading.com)

• Honeytrap sext scandal MP William Wragg will keep Tory whip (thetimes.co.uk)

• How China is Hacking America (newsweek.com)

• UK town halls given green light to use Chinese CCTV — despite Westminster ban – POLITICO

• China flooding Britain with fake stamps in act of 'economic warfare' (telegraph.co.uk)

Russia

• Germany to launch cyber military branch to combat Russian threats (therecord.media)

• US says Russian hackers stole federal government emails during Microsoft cyber attack | TechCrunch

• Macron: Russia will target Paris Olympics (insidethegames.biz)

• Cyber attack on TV channel BabyTV: Toddlers suddenly exposed to Russian propaganda | NL Times

• Czechia explains how Russia is trying to arrange sabotage on European railways | European Pravda (eurointegration.com.ua)

• Cyber security in 2023: Estonia's year of advanced threats (e-estonia.com)

• Oxford research uncovers world cyber crime hotspots | thisisoxfordshire

• Most cyber criminal threats are concentrated in just a few countries, new index shows (phys.org)

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian

• Extensive Russian criminal record leak conducted by hacktivist group | SC Media (scmagazine.com)

• Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (thehackernews.com)

• Apple mercenary spyware attack: Exclusive: Apple warns users of "mercenary spyware" attack; India, 91 other countries impacted - The Economic Times (indiatimes.com)

• Apple Warns of iPhone "Mercenary Attack" Across 92 Countries (cnet.com)

Vulnerability Management

• Zero-Day Attacks on the Rise: Google Reports 50% Increase in 2023 - Security Boulevard

• How exposure management elevates cyber resilience - Help Net Security

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Hackers Use Malware to Hunt Software Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Unit 42: Malware-initiated scanning attacks on the rise | TechTarget

Vulnerabilities

• Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (thehackernews.com)

• Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products -  Security Week

• Chinese Groups Deploy New TTPs to Exploit Ivanti Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• SAP's April 2024 Updates Patch High-Severity Vulnerabilities -  Security Week

• Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers -  Security Week

• Two new bugs can bypass detection and steal SharePoint data | SC Media (scmagazine.com)

• New SharePoint flaws help hackers evade detection when stealing files (bleepingcomputer.com)

• Hackers Claiming of Working Windows 0-Day LPE Exploit (cybersecuritynews.com)

• Microsoft fixes five security vulnerabilities in Edge 123 - Neowin

• Cisco Warns of Vulnerability in Discontinued Small Business Routers -  Security Week

• Urgent Security Alert! Hackers Hijacked Notepad++ Plugin (gbhackers.com)

• +16K Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894 (securityaffairs.com)

• Over 92,000 exposed D-Link NAS devices have a backdoor account (bleepingcomputer.com)

• Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits -  Security Week

• Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (thehackernews.com)

• Intel and Lenovo servers impacted by 6-year-old BMC flaw (bleepingcomputer.com)

• Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (thehackernews.com)

• Fortinet Patches Critical RCE Vulnerability in FortiClientLinux -  Security Week

• Researchers Resurrect Spectre v2 Attack Against Intel CPUs -  Security Week

• AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks (thehackernews.com)

• Severe Vulnerabilities Discovered in Software to Protect Internet Routing (prleap.com)

Tools and Controls

• Seven ways to be sure you can restore from backup | Computer Weekly

• Why incident response is the best cyber security ROI | CSO Online

• Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defence Program -  Security Week

• Improving Dark Web Investigations with Threat Intelligence | Recorded Future

• What Lies Ahead for Cyber Security in the Era of Generative AI? - IT Security Guru

• What is cyber security risk & how to assess - Security Boulevard

• Your Guide to Threat Detection and Response - Security Boulevard

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• How exposure management elevates cyber resilience - Help Net Security

• Phishing Detection and Response: What You Need to Know - Security Boulevard

• The state of secrets security: 7 action items for better managing risk - Security Boulevard

• How Red Team Exercises Increases Your Cyber Health | Trend Micro (US)

• How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security

Reports Published in the Last Week

• Cyber security breaches survey 2024 - GOV.UK (www.gov.uk)

Other News

• Third of charities experienced a cyber breach last year, government reports (civilsociety.co.uk)

• Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (thehackernews.com)

• OODA Loop - The Water Sector Is Being Threatened.  That Should Worry Everyone

• Anticipated Cyber Threats During the 2024 Olympics & How to Proactively Secure Your Business - Security Boulevard

• France Bracing for Cyber Attacks During Summer Olympics - The New York Times (nytimes.com)

• Risk & Repeat: Cyber Safety Review Board takes Microsoft to task | TechTarget

• The Baltimore Bridge Collapse Is a Warning | Proceedings - April 2024 Vol. 150/4/1,454 (usni.org)

• Report finds 90% of cyber attacks in 2023 exploited RDP (securitybrief.co.nz)

• Scandal and cyber security in Westminster | Crooked Media

• Financial sector cyber security at the helm of investor protection | Mint (livemint.com)

• US Health Dept warns hospitals of hackers targeting IT help desks (bleepingcomputer.com)

• Only 1% Singapore companies are “mature” in cyber threat readiness but 99% plan to increase their cyber security budget in the next 12 months - Singapore News (theindependent.sg)

• Former Uber CSO Joe Sullivan and lessons learned from the infamous 2016 Uber breach | CSO Online

• Software-Defined Vehicle Fleets Face a Twisty Road on Cyber Security (darkreading.com)

• Independent Pharmacies Must Prioritize Cyber Security (drugtopics.com)

• Devious 'man in the middle' hacks on the rise: How to stay safe | PCWorld

• Top 10 Attacker Techniques: What do They Mean for MSSPs? | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Half of British SMEs Have Lost Data in Past Five Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Security teams are ‘overconfident’ about handling next-gen threats | CSO Online

• Banks told to expand risk management to cover AI (finextra.com)

• Corporations With Cyber Governance Create 4X More Value (darkreading.com)

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• 73% brace for cyber security impact on business in the next year or two - Help Net Security

• Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)

• Why your data isn’t as safe as you think and what it could cost you - IT Security Guru

• Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)

• The Increasing Role Of Cyber Security Experts In Complex Legal Disputes | IMS Legal Strategies - JDSupra

• Businesses must prioritise prevention to lock out online threats (yahoo.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• As Cyber Regulators Rush Toward New Rules, Shifting Foundations May Complicate Compliance | Wiley Rein LLP - JDSupra

• Lessons from the World's Costliest Corporate Cyber Attacks - Management Today

• Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)

• Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)

• Instilling the Hacker Mindset Organisationwide (darkreading.com)

• How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Cyber security incidences surge in the UK financial services sector - Digital Journal

• Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)

• To Stay Ahead Of Ransomware Attacks, Businesses Need To Adopt An Offensive Security Mindset | IBTimes

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Lessons From the LockBit Takedown (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption | Trend Micro (US)

• Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Collaboration Needed to Fight Ransomware (darkreading.com)

Ransomware Victims

• Ransomware attacks ravaged municipal governments in March | TechTarget

• NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security

• Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

• Ransomware gang leaks UK city council’s confidential files • The Register

• Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)

• World’s second-largest lens-maker blinded by cyber incident • The Register

Phishing & Email Based Attacks

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

• Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)

• A phish by any other name should still not be clicked – Computerworld

• Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)

• New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)

• Microsoft Teams phishing attacks and how to prevent them | TechTarget

Artificial Intelligence

• Banks told to expand risk management to cover AI (finextra.com)

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• 22% of employees admit to breaching company rules with GenAI - Help Net Security

• The Danger Of Unmanaged AI In The Enterprise (forbes.com)

• 6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)

• Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan

• Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)

• Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• Why AI forensics matters now - Help Net Security

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• More Than Half of Organisations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud (darkreading.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• ‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed | Artificial intelligence (AI) | The Guardian

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Security and AI occupy SME thoughts | Microscope (computerweekly.com)

Malware

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)

• Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)

• Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Detecting Windows-based Malware Through Better Visibility (thehackernews.com)

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors (thehackernews.com)

• Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

• The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)

• Thousands of Australian Businesses Targeted With RAT (darkreading.com)

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

Mobile

• This new phishing attack targets iPhone and Android alike via RCS | TechRadar

• 2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW

• This notorious Android banking trojan now lets hackers remotely control your phone — how to stay safe | Tom's Guide (tomsguide.com)

• Location tracking and the battle for digital privacy - Help Net Security

• How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

Denial of Service/DoS/DDOS

• New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (thehackernews.com)

Internet of Things – IoT

• Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution

• UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times

Data Breaches/Leaks

• Researchers Report Sevenfold Increase in Data Theft Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)

• Threat Actor Claims Classified Five Eyes Data Theft - Infosecurity Magazine (infosecurity-magazine.com)

• 17 Billion Personal Records Exposed in Data Breaches in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)

• Hot Topic confirms multiple new cyber attacks — customer details and payment info exposed online | TechRadar

• Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop

• Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)

• OWASP discloses a data breach (securityaffairs.com)

• Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week

• Nearly 1M medical records feared stolen from City of Hope • The Register

• SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)

• Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR

• PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)

• OWASP discloses breach due to a Wiki web server misconfig • The Register

• US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Escalating malware tactics drive global cyber crime epidemic - Help Net Security

• Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week

• Calls to Incident Response Helpline Double in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters

• Cyber criminal adoption of browser fingerprinting - Help Net Security

• With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)

• $1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)

Insider Risk and Insider Threats

• Is the Human Factor Overlooked in Cyber Security? - Infosecurity Magazine (infosecurity-magazine.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Insurance

• Can cyber insurance help secure business? | Mint (livemint.com)

• How will the Merck settlement affect the insurance industry? (securityintelligence.com)

Supply Chain and Third Parties

• Thwarted supply-chain hack sets off alarm bells across DC - POLITICO

Cloud/SaaS

• How much does cloud-based identity expand your attack surface? - Help Net Security

• Who owns your data? SaaS contract security, privacy red flags | CSO Online

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

Identity and Access Management

• How much does cloud-based identity expand your attack surface? - Help Net Security

Linux and Open Source

• "We got lucky": What the XZ Utils backdoor says about the strength and insecurities of open source | ITPro

• New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)

• Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)

• A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)

• What we know about the xz Utils backdoor that almost infected the world | Ars Technica

• Malicious xz backdoor reveals fragility of open source • The Register

• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)

• German state switches to LibreOffice, promises Windows move • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)

Social Media

• Cyber criminals are spreading malware through Facebook pages impersonating AI brands (therecord.media)

• WhatsApp was down in Meta’s second big outage this year | TechCrunch

• YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar

• New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)

Training, Education and Awareness

• Human risk is the top cyber threat for IT teams - Help Net Security

• Instilling the Hacker Mindset Organisation wide (darkreading.com)

Regulations, Fines and Legislation

• Ransomware incidents reported to UK financial regulator have doubled - Digital Journal

• Financial cyber defence: gearing up for DORA (finextra.com)

• EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• NIS2 Requires Major Changes in EU SaaS Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)

Models, Frameworks and Standards

• Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra

• NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)

• Are businesses prepared for the CSF 2.0 challenge? - Digital Journal

Backup and Recovery

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Data protection vs. data backup: How are they different? | TechTarget

Data Protection

• 3 Strategies to Future-Proof Data Privacy (darkreading.com)

• Navigating Cyber Security and Data Privacy Regulations in the Insurance Industry | McGuireWoods LLP - JDSupra

• 6 business benefits of data protection and GDPR compliance | TechTarget

• How to conduct a data privacy audit, step by step | TechTarget

• Data protection vs. data backup: How are they different? | TechTarget

Careers, Working in Cyber and Information Security

• The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week

• Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ

• Hardest Cyber Security Jobs to Fill in 2024 Techopedia

• Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Are you okay? Understanding the world of a CISO | CSO Online

Misinformation, Disinformation and Propaganda

• AI abuse and misinformation campaigns threaten financial institutions - Help Net Security

• Microsoft GM on AI and elections: 'There will be fakes' • The Register

• How to Counter Disinformation Campaigns in Global Elections (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update

• UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)

Nation State Actors

China

• Chinese Spy Ops Attack 7 MSPs, Feds Allege | MSSP Alert

• UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO

• Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)

• MPs challenge government claims China cyber attack was unsuccessful (ft.com)

• Chinese hackers turn to AI to meddle in elections | CyberScoop

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• OODA Loop - Government Agencies are in the Fight Against Chinese Human Targeting and Cyber Espionage. Will it be Enough?

• UK, Czech ministers among China’s hacking targets – POLITICO

• Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)

• Ministry of State Security releases bilingual report, urging Western forces to stop slandering and attacking China - China Military

Russia

• Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News

• STA: Russian hackers take responsibility for cyber attack on Slovenia

• Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics

• Russian network that 'paid European politicians' busted, authorities claim - BBC News

• Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)

Iran

• Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)

• Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor

North Korea

• Microsoft and OpenAI collaborated to counter North Korean cyber threats, China in the game as well - MSPoweruser

• A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED

Vulnerability Management

• Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (therecord.media)

• CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

Vulnerabilities

• Are You Affected by the Backdoor in XZ Utils? (darkreading.com)

• Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)

• Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)

• Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)

• Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)

• Ivanti commits to secure-by-design overhaul • The Register

• Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)

• Apple GoFetch was caused by an obsession with speed • The Register

• Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week

• Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)

• WiFi WPS vulnerability: disable it, or else | Cybernews

• Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week

• Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)

• Splunk Patches Vulnerabilities in Enterprise Product - Security Week

• JetBrains fixes 26 'security problems,' offering no details • The Register

Tools and Controls

• RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)

• The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)

• How much does cloud-based identity expand your attack surface? - Help Net Security

• How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)

• Building a cyber security risk assessment template - Security Boulevard

• Microsoft unveils safety and security tools for generative AI | InfoWorld

• The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)

• World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)

• Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)

• Can cyber insurance help secure business? | Mint (livemint.com)

• 71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard

• Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)

• Cyber Risk Management: A Beginner's Guide - Security Boulevard

• Microsoft Entra Recommendations adds several more for better user security - Neowin

• A CISO's Guide to Materiality and Risk Determination (darkreading.com)

• Ransomware attackers are increasingly targeting backups — so make sure yours are protected | TechRadar

• Attack Surface Management vs. Vulnerability Management (thehackernews.com)

• Why a Cloud Security Platform Approach is Critical | Trend Micro (US)

• The Importance Of Physical Cyber Security Testing (forbes.com)

• CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)

• Human risk is the top cyber threat for IT teams - Help Net Security

• Data protection vs. data backup: How are they different? | TechTarget

• What is Threat Management? - Security Boulevard

• SIEM Implementation: Strategies and Best Practices | MSSP Alert

• Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)

Other News

• Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)

• Cyber attacks on critical infrastructure show advanced tactics and new capabilities - Help Net Security

• Is your pension protected from cyber attacks? - CityAM

• Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)

• Microsoft slammed for lax infosec that led to Exchange crack • The Register

• Infosec professionals praise CSRB report on Microsoft breach | TechTarget

• 76% of consumers don't see themselves as cyber crime targets - Help Net Security

• Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)

• Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law

• Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)

• Australia Doubles Down On Cyber Security After Attacks (darkreading.com)

• Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)

• Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)

• Healthcare's cyber resilience under siege as attacks multiply - Help Net Security

• Rise of non-tech hackers: new era of cyber threats - VnExpress International

• Why Cultural Institutions Are Rich Targets for Cyber Attackers  (informationweek.com)

• 5 top OT threats and security challenges | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive Summary

Apple, Cisco and VMware have addressed multiple vulnerabilities across their product range this week, including two actively exploited zero-days affecting Apple products. These vulnerabilities are reportedly being exploited in the wild and have been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerability (KEV) catalog. The seriousness of the VMware vulnerabilities has led to Vmware releasing patches for end-of-life products.

In addition, CISA has issued a warning about a flaw (CVE-2023-21237) impacting Google Pixel phones. Although Google addressed this vulnerability in June 2023, CISA reports that it is still being actively exploited in the wild and has added it to the KEV catalog.

Apple

Apple have released security updates to address several security flaws including two zero-day vulnerabilities that are being actively exploited in the wild and have been added to the (KEV) catalog. This is the third actively exploited zero-day in its software since the start of the year.

What can I do?

Apple have released security patches to address the vulnerabilities and it is advised to update immediately since it has been reported that the vulnerabilities are being exploited in the wild. The vulnerabilities have been addressed in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6.

Technical Summary

CVE-2024-23225 – This is a memory corruption issues in the kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections.

CVE-2024-23296 – This is a memory corruption issue in the RTKit real-time operating system (RTOS) that an attacker with arbitrary kernel read and write can exploit to bypass kernel memory protections.

Cisco

Cisco have addressed two high-severity vulnerabilities in it’s VPN application Secure Client, that could lead to remote exploitation without authentication and execution of code with the highest level of privilege.

What can I do?

Organisations using Secure Client should check if they are running vulnerable versions and apply patches immediately. Where a patch is not available, organisations should follow CISCO’s guidance linked below.

Technical Summary

CVE-2024-20337 - A carriage return line feed injection attack that could be caused remotely, by tricking a user in to clicking a maliciously crafted link. According to CISCO, this only impacts Secure Client instances where the VPN headend is configured with the SAML external browser.

CVE-2024-20338 - A vulnerability that can allow an attacker to execute code with root privileges. This vulnerability only Secure Client for Linux and requires authentication prior to exploitation.

The following versions of Secure Client have been impacted:

CVE-2024-20337

versions 4.10.04065 and later - upgrade to version 4.10.08025

version 5.0 - no patch available and users should migrate to a fixed release

Version 5.1 - should apply the patches in version 5.1.2.42

Versions earlier than Earlier than 4.10.04065 are not vulnerable.

CVE-2024-20338

This impacts Linux versions earlier than 5.1.2.42 and requires authentication for successful exploitation. The first fixed release is version 5.1.2.42.

VMware

VMware have released security patches to address four security flaws impacting ESXi, Workstation and Fusing, two of which are critical flaws (CVE-2024-22252 and CVE-2024-22253) which if exploited could lead to code execution.

What can I do?

VMware have released patches for the impacted products and it is recommended to patch immediately, given the severity of the vulnerabilities. Organisations should also check any end-of-life products they may be using as these have also had patches released.

The following versions have been impacted:

ESXi 6.5 – fixed in 6.5U3v

ESXi 6.7 - fixed in 6.7U3u

ESXi 7.0 - fixed in ESXi70U3p-23307199

ESXi 8.0 - fixed in ESXi80U2sb-23305545 and ESXi80U1d-23299997

VMware Cloud Foundation (VCF) 5.x/4.x – fixed in version KB88287

Workstation 17.x - fixed in 17.5.1

Fusion 13.x (macOS) - fixed in 13.5.1

Technical Summary

CVE-2024-22254 – This is an out-of-bounds write vulnerability in ESXi that a malicious actor with privileges within VMX process could exploit to trigger a sandbox escape.

CVE-2024-22255 – This is an information disclosure vulnerability in the UHCI USB controller that a malicious actor with administrative access to a virtual machine may exploit to leak memory from the VMX process.

Further Information

Apple

Further details on the Apple vulnerabilities can be found here:

https://support.apple.com/en-us/HT214081

Cisco

Further details on the Cisco vulnerabilities can be found here:

CVE-2024-20337 - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7

CVE-2024-20338 - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds

CISA KEV catalog

Further details of CISA’s KEV catalog can be found here:
 https://www.cisa.gov/known-exploited-vulnerabilities-catalog

VMware

Further details on the VMware vulnerabilities can be found here:

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity 

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security