Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 10 May 2024
Black Arrow Cyber Threat Intelligence Briefing 10 May 2024:
-China Suspected of Hacking MoD, Through Its Payroll Provider
-Security Tools Fail to Translate Risks for Executives
-Gang Accused of MGM Hack Shifts Attacks to Finance Sector
-Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
-Misconfigurations Drive 80% of Security Exposure, Report Finds
-Only 45% of Organisations Employ MFA Protections
-You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
-The Rise and Stealth of The Socially Engineered Insider
-Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
-Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
-Ransomware Activity Thrives, Despite Law enforcement Efforts
-NATO Warns of Russian Hybrid Warfare
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider
UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.
Sources: [LBC] [The Register] [Sky News]
Security Tools Fail to Translate Risks for Executives
Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.
The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.
Source: [Help Net Security]
Gang Accused of MGM Hack Shifts Attacks to Finance Sector
The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.
Sources: [Bloomberg Law] [Claims Journal]
Are SMEs Paving the Way for Cyber Attacks on Larger Companies?
A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.
Sources: [Insurance Times] [Dark Reading]
Misconfigurations Drive 80% of Security Exposure, Report Finds
A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.
Sources: [Security Magazine]
Only 45% of Organisations Employ MFA Protections
A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.
Source: [Help Net Security]
You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever
For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.
Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.
Sources: [Security Brief] [Help Net Security] [IT Security Guru]
The Rise and Stealth of The Socially Engineered Insider
Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.
Source: [Forbes]
Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training
An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.
Sources: [Help Net Security] [IT Security Guru]
Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security
Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.
Source: [JDSupra]
Ransomware Activity Thrives, Despite Law enforcement Efforts
Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.
Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]
NATO Warns of Russian Hybrid Warfare
NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”. The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.
Sources: [EU Reporter] [Financial Times]
Governance, Risk and Compliance
You cannot protect what you do not understand (securitybrief.co.nz)
Security tools fail to translate risks for executives - Help Net Security
It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)
Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)
Why SMBs are facing significant security, business risks - Help Net Security
Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)
CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)
92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire
Three strategies for winning the cyber security arms race | Fintech Nexus
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
CIOs and CFOs, two parts of the same whole - IT Security Guru
Threats
Ransomware, Extortion and Destructive Attacks
Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)
Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)
Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
Ransomware evolves from extortion to 'psychological attacks' • The Register
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)
Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security
An overwhelming majority of organisations paid ransomware last year - eCampus News
The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)
Law enforcement seized Lockbit group's website again (securityaffairs.com)
Consultant charged with $1.5M extortion of IT giant • The Register
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
Ransomware crooks SIM swap kids to pressure parents • The Register
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
CISA boss: Secure software needed to stop ransomware • The Register
Shields Up: How to Minimize Ransomware Exposure - Security Week
Ransomware Victims
UnitedHealth’s 'egregious negligence' led to that ransomware • The Register
Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)
London Drugs president tight-lipped over recent cyber attack | CBC News
Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop
Cyber attack disrupts operations at major US health care network | CNN Business
City of Wichita Shuts Down Network Following Ransomware Attack - Security Week
Patient appointments imperilled by cyber attack on French radiologist (therecord.media)
Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)
Phishing & Email Based Attacks
Other Social Engineering
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
What is social engineering penetration testing? | Definition from TechTarget
Artificial Intelligence
Organisations go ahead with AI despite security risks - Help Net Security
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Strategies for preventing AI misuse in cyber security - Help Net Security
AI is changing the game when it comes to cyber security | ITPro
Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET
LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)
Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)
Criminal Use of AI Growing, But Lags Behind Defenders - Security Week
2FA/MFA
Only 45% of organisations use MFA to protect against fraud - Help Net Security
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Malware
ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Mobile
Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Ransomware crooks SIM swap kids to pressure parents • The Register
Denial of Service/DoS/DDOS
Data Breaches/Leaks
How does a data breach affect you and why should you care? | TechRadar
Dell customer order database stolen, for sale on dark web • The Register
The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED
Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)
Security breach affects 6,000 German military VC meetings (avinteractive.com)
Security company exposes 1.2M guard and suspect records • The Register
Children's mental health records published after cyber attack - BBC News
Georgia education agency's MOVEit data theft impacted 800K • The Register
Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru
Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week
UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)
'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News
Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)
Dating apps kiss'n'tell all sorts of sensitive user info • The Register
Organised Crime & Criminal Actors
Hackers of all kinds are attacking routers across the world | TechRadar
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED
Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)
Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Insider Risk and Insider Threats
The Rise And Stealth Of The Socially Engineered Insider (forbes.com)
Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra
Supply Chain and Third Parties
UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)
Details of UK military personnel exposed in huge payroll data breach | AP News
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)
The complexities of third-party risk management - Help Net Security
Cloud/SaaS
Encryption
Cop complaints won't stop E2EE, says encryption advocate • The Register
European Threat To End-To-End Encryption Would Invade Phones (forbes.com)
Linux and Open Source
Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)
Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News
Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)
UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert
Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)
How secure is the “Password Protection” on your files and drives? - Help Net Security
Social Media
Training, Education and Awareness
Regulations, Fines and Legislation
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard
Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
How workforce reductions affect cyber security postures - Help Net Security
One in Four Tech CISOs Unhappy with Compensation - Security Boulevard
Law Enforcement Action and Take Downs
Ransomware activity is back on track despite law enforcement efforts - Help Net Security
LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)
LockBit leader unmasked and sanctioned - National Crime Agency
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
German police bust Europe's 'largest' scam call centre – DW – 05/02/2024
Consultant charged with $1.5M extortion of IT giant • The Register
97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Israeli private investigator wanted for hacking in US is arrested in London | The Independent
Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs
'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)
Nation State Actors
China
Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)
Russia
Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter
Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)
How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)
EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)
Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK
Foreign Ministry: Czech institutions targeted by GRU cyber attacks | Radio Prague International
Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)
Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)
Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)
Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)
A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED
Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters
Poland says it too was targeted by Russian hackers – POLITICO
Kaspersky denies claims it helped Russia with drones • The Register
Iran
Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)
Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
Patch management vs. vulnerability management: Key differences | TechTarget
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
CISA’s KEV list improving private and public-sector patching • The Register
CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week
Vulnerabilities
Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security
LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)
New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)
Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)
Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)
Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)
Tools and Controls
Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)
Security tools fail to translate risks for executives - Help Net Security
Misconfigurations drive 80% of security exposures | Security Magazine
NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)
Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica
Strategies for preventing AI misuse in cyber security - Help Net Security
Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)
What is social engineering penetration testing? | Definition from TechTarget
How workforce reductions affect cyber security postures - Help Net Security
What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)
Top 10 physical security considerations for CISOs | CSO Online
IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar
A SaaS Security Challenge: Getting Permissions All in One Place (thehackernews.com)
Tips for Controlling the Costs of Security Tools - The New Stack
Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)
Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)
Reports Published in the Last Week
Other News
Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge
The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard
Complexity leads to trade-off between risk and innovation (betanews.com)
When has the UK faced cyber attacks in the past? | The Independent
Man-in-the-middle attack: The new cyber security threat | YourStory
Paris 2024 gearing up to face unprecedented cyber security threat | Reuters
38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)
Why undersea cables need high-priority protection • The Register
GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)
Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar
Fujitsu sets aside £200m as calls mount for Post Office scandal payout
FE News | Why the education sector needs to do the homework on cyber security as attacks soar
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 September 2023
Black Arrow Cyber Threat Intelligence Briefing 01 September 2023:
-66 Percent of Businesses Don't Understand Their Cyber Risks
-Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked
-Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up
-Survey Finds In-house Counsel Cyber Anxiety Skyrocketing
-58% of Malicious Emails Contained Spoofed Content
-Cyber Attacks Remain a Top Concern for Organisations Across All Industries
-BYOD Security Gap: Survey Finds 49% of European Firms Unprotected
-13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend
-Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report
-Kroll’s Breach Highlights SIM-Swapping Risk
-Reducing The Risk of AI, What Can You Do?
-Debunking Popular Cyber Security Myths
-3 Malware Loaders Responsible for 80% of Intrusions
-MOVEit Hack Shows Attackers Still Use Old Tricks
-Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
66 Percent of Businesses Don't Understand Their Cyber Risks
A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.
83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.
Source: [Beta News]
Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked
All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.
The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.
Sources [Data Breaches] [UKAuthority]
Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up
Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.
As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.
Sources [Dark Reading] [The Record] [Security Magazine]
Survey Finds In-house Counsel Cyber Anxiety Skyrocketing
In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.
There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.
Source: [Law.com]
58% of Malicious Emails Contained Spoofed Content
According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.
The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.
Source: [Security Magazine]
Cyber Attacks Remain a Top Concern for Organisations Across All Industries
Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.
With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.
Source: [Business Wire]
BYOD Security Gap: Survey Finds 49% of European Firms Unprotected
A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.
The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.
Source: [Infosecurity Magazine]
13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend
In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.
It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.
Source: [Security Magazine]
Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report
In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.
Source: [The Hacker News]
Kroll’s Breach Highlights SIM-Swapping Risk
A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.
In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.
Source [Dark Reading]
Reducing The Risk of AI, What Can You Do?
Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.
Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.
Sources: [CSO Online] [UKTech News]
Debunking Popular Cyber Security Myths
At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?
When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.
So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.
Sources: [Forbes] [Trend Micro]
3 Malware Loaders Responsible for 80% of Intrusions
Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.
Sources: [The Register] [Infosecurity Magazine]
MOVEit Hack Shows Attackers Still Use Old Tricks
SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.
The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?
Source: [Dark Reading]
Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.
In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.
Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.
Source: [Ars Technica]
Governance, Risk and Compliance
66 percent of businesses don't understand their cyber risks (betanews.com)
Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com
Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)
Cyber Security Enters Conversation About Executive Pay - WSJ
Cyber defence makes up majority of cyber security budgets | Security Magazine
How international cyber security frameworks can help CISOs | CSO Online
Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online
SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget
Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
80% of organisations expect ransomware spending to increase | Security Magazine
Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)
MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)
Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek
Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)
Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)
Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)
LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)
Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar
Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)
Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)
Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)
Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)
How Ransomware Groups Respond to External Pressure (inforisktoday.com)
Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)
Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)
8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)
Black Basta Besting Your Network? (securityintelligence.com)
Ransomware Victims
Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)
Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)
St Helens Council still dealing with suspected cyber-attack - BBC News
Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)
University of Michigan shuts down network after cyber attack (bleepingcomputer.com)
Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)
Phishing & Email Based Attacks
Phishing as a service continues to plague business users - SiliconANGLE
58% of malicious emails contained spoof content | Security Magazine
13% of employees admit to falling for phishing attacks working at home | Security Magazine
New phishing attacks target FTX users following Kroll data breach – Cryptopolitan
Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)
Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)
US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)
Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)
Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)
How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US
Other Social Engineering; Smishing, Vishing, etc
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)
New phishing attacks target FTX users following Kroll data breach – Cryptopolitan
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek
Artificial Intelligence
Cyber security agency gives AI chatbot warning (uktech.news)
Why generative AI is a double-edged sword for the cyber security sector | VentureBeat
IT leaders alarmed by generative AI's SaaS security implications - Help Net Security
Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)
Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)
Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)
Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)
Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online
How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat
Google launches tool to identify AI-generated images - Help Net Security
2FA/MFA
AITM/MITM
Malware
These 3 loaders were behind 80% of intrusions this year • The Register
20+ Malware Statistics You Need to Know in 2023 (techreport.com)
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)
Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)
Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)
Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)
DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)
Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)
SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)
Mobile
Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)
Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)
New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)
What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)
New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)
China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week
Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)
8 Ways To Boost Your Android Phone's Security (slashgear.com)
Botnets
Denial of Service/DoS/DDOS
BYOD
Internet of Things – IoT
Data Breaches/Leaks
Metropolitan Police reports supplier cyber breach | UKAuthority
Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)
American Express admits APAC employees' data leak, blames a third-party payroll service
Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)
French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs
Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)
3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week
Paramount discloses data breach following security incident (bleepingcomputer.com)
Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)
Organised Crime & Criminal Actors
Moscow helping cyber criminals operate with 'near impunity': report | The Province
Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)
Microsoft weighs in on Russian-led UN cyber crime treaty • The Register
‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)
Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)
Cyber Criminals use research contests to create new attack methods - Help Net Security
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Fraud, Scams & Financial Crime
Impersonation Attacks
Deepfakes
Insurance
Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK
Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)
Understand the fine print of your cyber insurance policies - Help Net Security
Supply Chain and Third Parties
American Express admits APAC employees' data leak, blames a third-party payroll service
Met should thoroughly investigate cyber security practices, say experts | Evening Standard
Cloud/SaaS
CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget
Better SaaS Security Goes Beyond Procurement (darkreading.com)
Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)
Hybrid/Remote Working
Identity and Access Management
Encryption
Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat
How Quantum Computing Will Impact Cyber Security - Security Week
Passwords, Credential Stuffing & Brute Force Attacks
Four common password mistakes hackers love to exploit (bleepingcomputer.com)
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)
LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)
Biometrics
Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update
Elon Musk's X to collect biometric data, work and school history - The Japan Times
Home Office and MoD seeking new facial-recognition tech | Computer Weekly
Social Media
ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)
EU safety laws start to bite for TikTok, Instagram and others - BBC News
Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)
X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News
Training, Education and Awareness
Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)
Cyber awareness education is a change-management initiative | CSO Online
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)
New law could turn UK into a hacker's playground | Computerworld
Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)
EU safety laws start to bite for TikTok, Instagram and others - BBC News
Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra
Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online
Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)
Models, Frameworks and Standards
What are the Cyber Security Standards of Basel III? | UpGuard
Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)
Is the new OWASP API Top 10 helpful to defenders? - Help Net Security
How international cyber security frameworks can help CISOs | CSO Online
Data Protection
ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)
Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra
Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra
Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra
Careers, Working in Cyber and Information Security
Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)
Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com
How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update
Expert shares stark safety warning over Twitter updates | Tech News | Metro News
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop
New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)
NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro
Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times
Microsoft weighs in on Russian-led UN cyber crime treaty • The Register
Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News
China
Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica
China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)
China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)
Barracuda flaw: FBI warns customers over ineffective patch | ITPro
Almost a third of compromised Barracuda ESGs were govt owned • The Register
James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)
Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)
China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)
APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)
Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)
North Korea
North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online
Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)
Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review
North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)
North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)
Vulnerability Management
New law could turn UK into a hacker's playground | Computerworld
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
How did Clop get its hands on the MOVEit zero day? (therecord.media)
Vulnerabilities
Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)
Microsoft Teams attack exposes collab platform security gaps | TechTarget
Barracuda flaw: FBI warns customers over ineffective patch | ITPro
Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)
Google Chrome 116's second point update addresses a security issue - gHacks Tech News
Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)
Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)
Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)
Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week
This WordPress plugin with 5 million users could have a serious security flaw | TechRadar
Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)
Tools and Controls
Why generative AI is a double-edged sword for the cyber security sector | VentureBeat
Cyber defence makes up majority of cyber security budgets | Security Magazine
Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)
Think twice before accepting notifications on Chrome: threats on the rise | Cybernews
Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)
Enterprise dark web monitoring: Why it's worth the investment | TechTarget
Phishing Simulations Boost Cyber Awareness and Defences | Mimecast
Is the new OWASP API Top 10 helpful to defenders? - Help Net Security
Here's What Your Breach Response Plan Might Be Missing (darkreading.com)
Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)
Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)
Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)
Detecting the Undetected: The Risk to Your Info (securityintelligence.com)
National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)
Other News
Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)
Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt
When lives rely on equipment, cyber security is essential | Healthcare IT News
Think twice before accepting notifications on Chrome: threats on the rise | Cybernews
Rising cyber incidents challenge healthcare organisations - Help Net Security
Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)
Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)
Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)
69% of educational organisations suffered cyber attack in the past year - Netwrix survey
Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)
Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)
Cyber Attacks Targeting E-commerce Applications (thehackernews.com)
Industrial networks need better security as attacks gain scale | ZDNET
National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 26 August 2022
Black Arrow Cyber Threat Briefing 26 August 2022:
-Lloyd's to Exclude Certain Nation-State Attacks from Cyber Insurance Policies
-Cyber Security Top Risk for Enterprise C-Suite Leaders, PwC Study Says
-Apathy Is Your Company's Biggest Cyber Security Vulnerability — Here's How to Combat It
-The World’s Largest Sovereign Wealth Fund Warns Cyber Security Is Top Concern as Attacks on Banks and Financial Services Double
-Configuration Errors to Blame for 80% of Ransomware
-Ransomware Surges to 1.2 Million Attacks Per Month
-A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations
-This Company Paid a Ransom Demand. Hackers Leaked Its Data Anyway
-Sophisticated BEC Scammers Bypass Microsoft 365 Multi-Factor Authentication
-77% Of Security Leaders Fear We’re in Perpetual Cyber War from Now On
-Cyber Security Governance: A Path to Cyber Maturity
-The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Lloyd's to Exclude Certain Nation-State Attacks from Cyber Insurance Policies
Lloyd's of London insurance policies will stop covering losses from certain nation-state cyber attacks and those that happen during wars, beginning in seven months' time.
In a memo sent to the company's 76-plus insurance syndicates, underwriting director Tony Chaudhry said Lloyd's remains "strongly supportive" of cyber attack coverage. However, as these threats continue to grow, they may "expose the market to systemic risks that syndicates could struggle to manage," he added, noting that nation-state-sponsored attacks are particularly costly to cover.
Because of this, all standalone cyber attack policies must include "a suitable clause excluding liability for losses arising from any state-backed cyber attack," Chaudhry wrote. These changes will take effect beginning March 31, 2023 at the inception or renewal of each policy.
At a minimum (key word: minimum) these policies must exclude losses arising from a war, whether declared or not, if the policy doesn't already have a separate war exclusion. They must also at least exclude losses from nation-state cyber attacks that "significantly impair the ability of a state to function or that significantly impair the security capabilities of a state."
Policies must also "set out a robust basis" on which to attribute state-sponsored cyber attacks, according to Chaudhry – and therein lies the rub.
Attributing a cyber attack to a particular crime group or nation-state with 100 percent confidence "is absolutely hard," NSA director of cybersecurity Rob Joyce said at this year's RSA Conference.
Threat analysts typically attribute an attack to a nation-state from its level of sophistication, but as advanced persistent crime groups become more sophisticated – and have more resources at their disposal to buy zero-day exploits and employ specialists for each stage of an attack – differentiating between nation-states and cyber crime gangs becomes increasingly difficult, he explained.
There are times when nation-states will act like criminals, using their tools and infrastructure, and sometimes vice versa. The clear line of sophistication and stealth that many have used as a common sense delineation has blurred. Yet, If you are going to pay out money you are likely going to look for something that is more ironclad and likely related to forensic evidence.
https://www.theregister.com/2022/08/24/lloyds_cybersecurity_insurance/
Cyber Security Top Risk for Enterprise C-Suite Leaders, PwC Study Says
Cyber security is now firmly on the agenda of the entire C-suite, consultancy PricewaterhouseCoopers (PwC) reports in a new survey of more than 700 business leaders across a variety of industries.
Of key enterprise issues, cyber security ranks at the top of business risks, with nearly 80% of the respondents considering it a moderate to serious risk. The warning isn’t confined to just chief information security officers, but ranges from chief executives to chief financial officers, chief operating officers, chief technology officers, chief marketing officers and includes corporate board members. Virtually all roles ranked cyber attacks high on their list of risks, PwC said.
Overall, 40% of business leaders ranked cyber security as the top serious risk facing their companies, and 38% ranked it a moderate risk.
Here are six steps businesses can take to address cyber security concerns:
View cyber security as a broad business concern and not just an IT issue.
Build cyber security and data privacy into agendas across the C-suite and board.
Increase investment to improve security.
Educate employees on effective cyber security practices.
For each new business initiative or transformation, make sure there’s a cyber plan in place.
Use data and intelligence to regularly measure cyber risks. Proactively look for blind spots in third-party relationships and supply chains.
Apathy Is Your Company's Biggest Cyber Security Vulnerability — Here's How to Combat It
Human error continues to be the leading cause of a cyber security breach. Nearly 60% of organisations experienced a data loss due to an employee's mistake on email in the last year, while one in four employees fell for a phishing attack.
Employee apathy, while it may not seem like a major cyber security issue, can leave an organisation vulnerable to both malicious attacks and accidental data loss. Equipping employees with the tools and knowledge they need to prevent these risks has never been more important to keep organisations safe.
A new report from Tessian sheds light on the full extent of employee apathy and its impact on cyber security posture. The report found that a significant number of employees aren't engaged in their organisation's cyber security efforts and don't understand the role they play. One in three employees say they don't understand the importance of cyber security at work. What's more, only 39% say they're very likely to report a cyber security incident. Why? A quarter of employees say they don't care enough about cyber security to mention it.
This is a serious problem. IT and security teams can't investigate or remediate a threat they don't know about.
Employees play an important role in flagging incidents or suspicious activity early on to prevent them from escalating to a costly breach. Building a strong cyber security culture can mitigate apathy by engaging employees as part of the solution and providing the tools and training they need to work productively and securely.
The World’s Largest Sovereign Wealth Fund Warns Cyber Security Is Top Concern, as Attacks on Banks and Financial Service Double
Cyber security has eclipsed tumultuous financial markets as the biggest concern for the world’s largest sovereign wealth fund, as it faces an average of three “serious” cyber attacks each day.
The number of significant hacking attempts against Norway’s $1.2tn oil fund, Norges Bank Investment Management, has doubled in the past two to three years.
The fund, which reported its biggest half-year dollar loss last week after inflation and recession fears shook markets, suffers about 100,000 cyber attacks a year, of which it classifies more than 1,000 as serious, according to its top executives.
“I’m worried about cyber more than I am about markets,” their CEO told the Financial Times. “We’re seeing many more attempts, more attacks [that are] increasingly sophisticated.”
The fund’s top executives are even concerned that concerted cyber attacks are becoming a systemic financial risk as markets become increasingly digitised.
Their deputy CEO pointed to the 2020 attack on SolarWinds, a software provider, by Russian state-backed hackers that allowed them to breach several US government agencies, including the Treasury and Pentagon, and a number of Fortune 500 companies including Microsoft, Intel and Deloitte.
“They estimate there were 1,000 Russians [involved] in that one attack, working in a co-ordinated fashion. I mean, Jesus, that’s our whole building on one attack, so you’re up against some formidable forces there,” he said.
Cyber attacks targeting the financial industry have risen sharply in recent months. Malware attacks globally rose 11 per cent in the first half of 2022, but they doubled at banks and financial institutions, according to cyber security specialist SonicWall. Ransomware attacks dropped 23 per cent worldwide, but increased 243 per cent against financial targets in the same period.
https://www.ft.com/content/1aa6f92a-078b-4e1a-81ca-65298b8310b2
Configuration Errors to Blame for 80% of Ransomware
The vast majority (80%) of ransomware attacks can be traced back to common configuration errors in software and devices, according to Microsoft.
The tech giant’s latest Cyber Signals report focuses on the ransomware as a service (RaaS) model, which it claims has democratised the ability to launch attacks to groups “without sophistication or advanced skills.” Some RaaS programs now have over 50 affiliate groups on their books.
For defenders, a key challenge is ensuring they don’t leave systems misconfigured, it added.
“Ransomware attacks involve decisions based on configurations of networks and differ for each victim even if the ransomware payload is the same,” the report argued. “Ransomware culminates an attack that can include data exfiltration and other impacts. Because of the interconnected nature of the cyber-criminal economy, seemingly unrelated intrusions can build upon each other.”
Although each attack is different, Microsoft pointed to missing or misconfigured security products and legacy configurations in enterprise apps as two key areas of risk exposure.
“Like smoke alarms, security products must be installed in the correct spaces and tested frequently. Verify that security tools are operating in their most secure configuration, and that no part of a network is unprotected,” it urged. “Consider deleting duplicative or unused apps to eliminate risky, unused services. Be mindful of where you permit remote helpdesk apps like TeamViewer. These are notoriously targeted by threat actors to gain express access to laptops.”
Although not named in the report, another system regularly misconfigured and hijacked by ransomware actors is the remote desktop protocol (RDP), which often is not protected by a strong password or two-factor authentication. It’s widely believed to be one of the top three vectors for attack.
The bad news for network defenders is they don’t have much time after initial compromise to contain an attack. Microsoft claimed the median time for an attacker to begin moving laterally inside the network after device compromise is one hour, 42 minutes. The median time for an attacker to access private data following a phishing email is one hour, 12 minutes, the firm added.
https://www.infosecurity-magazine.com/news/configuration-errors-blame-80/
Ransomware Surges to 1.2 Million Attacks Per Month
Ransomware threat detections have risen to over one million per month this year, with a French hospital the latest to suffer a major outage.
The 1000-bed Center Hospitalier Sud Francilien (CHSF) near Paris revealed it was hit on Sunday morning, in an attack which has knocked out all the hospital's business software, storage systems including medical imaging, and patient admissions. This has led to all but the most urgent emergency patients being diverted to other facilities in the region.
France24 cited figures claiming cyber-attacks against French hospitals surged 70% year-on-year in 2021. "Each day we need to rewrite patients' medications, all the prescriptions, the discharge prescriptions," Valerie Caudwell, president of the medical commission at CHSF hospital, reportedly said. "For the nurses, instead of putting in all the patients' data on the computer, they now need to file it manually from scratch."
Reports suggest Lockbit 3.0 may be to blame for the $10m ransom demand, which the hospital is refusing to pay.
Barracuda Networks claimed in a new report out today that education, municipalities, healthcare, infrastructure and finance have remained the top five targets for ransomware over the past 12 months. However, while attacks on local government increased only slightly, those targeting educational institutions more than doubled, and attacks on the healthcare and financial verticals tripled. Overall, Barracuda claimed that ransomware detections between January and June of this year climbed to more than 1.2 million per month.
https://www.infosecurity-magazine.com/news/ransomware-surges-to-12-million/
A Massive Hacking Campaign Stole 10,000 Login Credentials From 130 Different Organisations
A phishing campaign targeted Okta users at multiple companies, successfully swiping passwords from staffers and then using them to steal company secrets.
Researchers say that a mysterious “threat actor” (a fancy term for a hacker or hacker group) has managed to steal nearly 10,000 login credentials from the employees of 130 organisations, in the latest far-reaching supply chain attack on corporate America. Many of the victims are prominent software companies, including firms like Twilio, MailChimp, and Cloudflare, among many others.
The news comes from research conducted by cyber security firm Group-IB, which began looking into the hacking campaign after a client was phished and reached out for help. The research shows that the threat actor behind the campaign, which researchers have dubbed “0ktapus,” used basic tactics to target staff from droves of well-known companies. The hacker(s) would use stolen login information to gain access to corporate networks before going on to steal data and then break into another company’s network.
“This case is of interest because despite using low-skill methods it was able to compromise a large number of well-known organisations,” researchers wrote in their blog. “Furthermore, once the attackers compromised an organisation they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance.”
https://gizmodo.com/oktapus-okta-hack-twilio-10000-logins-130-companies-1849457420
This Company Paid a Ransom Demand. Hackers Leaked Its Data Anyway
A victim of a ransomware attack paid to restore access to their network – but the cyber criminals didn't hold up their end of the deal.
The real-life incident, as detailed by cyber security researchers at Barracuda Networks, took place in August 2021, when hackers from BlackMatter ransomware group used a phishing email to compromise the account of a single victim at an undisclosed company.
From that initial entry point, the attackers were able to expand their access to the network by moving laterally around the infrastructure, ultimately leading to the point where they were able to install hacking tools and steal sensitive data. Stealing sensitive data has become a common part of ransomware attacks. Criminals leverage it as part of their extortion attempts, threatening to release it if a ransom isn't received.
The attackers appear to have had access to the network for at least a few weeks, seemingly going undetected before systems were encrypted and a ransom was demanded, to be paid in Bitcoin.
Cyber security agencies warn that despite networks being encrypted, victims shouldn't pay ransom demands for a decryption key because this only shows hackers that such attacks are effective.
https://www.zdnet.com/article/this-company-paid-a-ransom-demand-hackers-leaked-its-data-anyway/
Sophisticated BEC Scammers Bypass Microsoft 365 Multi-Factor Authentication
A Business Email Compromise (BEC) attack recently analysed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive's account, and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analysed is widespread and targets large transactions of up to several million dollars each.
The attack started with a well-crafted phishing email masquerading as a notification from DocuSign, a widely used cloud-based electronic document signing service. The email was crafted to the targeted business executive, suggesting that attackers have done reconnaissance work. The link in the phishing email led to an attacker-controlled website which then redirects to a Microsoft 365 single sign-on login page.
This fake login page uses an AitM technique, where the attackers run a reverse proxy to authentication requests back and forth between the victim and the real Microsoft 365 website. The victim has the same experience as they would have on the real Microsoft login page, complete with the legitimate MFA request that they must complete using their authenticator app. Once the authentication process is completed successfully, the Microsoft service creates a session token which gets flagged in its systems that it fulfilled MFA. The difference is that since the attackers acted as a proxy, they now have this session token too and can use it to access the account.
This reverse proxy technique is not new and has been used to bypass MFA for several years. In fact, easy-to-use open-source attack frameworks have been created for this purpose.
77% Of Security Leaders Fear We’re in Perpetual Cyber War from Now On
A survey of cyber security decision makers found 77 percent think the world is now in a perpetual state of cyber warfare.
In addition, 82 percent believe geopolitics and cyber security are "intrinsically linked," and two-thirds of polled organisations reported changing their security posture in response to the Russian invasion of Ukraine.
Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyber attack. Unfortunately, 63 percent of surveyed security leaders also believe that they'd never even know if a nation-state level actor pwned them.
The survey, organised by security shop Venafi, questioned 1,100 security leaders. They said the results show cyber warfare is here, and that it's completely different to many would have imagined. "Any business can be damaged by nation-states," they stated.
It's been common knowledge for some time that government-backed advanced persistent threat (APT) crews are being used to further online geopolitical goals. Unlike conventional warfare, everyone is a target and there's no military or government method for protecting everyone.
Nor is there going to be much financial redress available. Earlier this week Lloyd's of London announced it would no longer recompense policy holders for certain nation-state attacks.
https://www.theregister.com/2022/08/27/in-brief-security/
Cyber Security Governance: A Path to Cyber Maturity
Organisations need cyber security governance programs that make every employee aware of the cyber security mitigation efforts required to reduce cyber-risks.
In an increasingly challenging threat landscape, many organisations struggle with developing and implementing effective cyber security governance. The "Managing Cybersecurity Risk: A Crisis of Confidence" infographic by the CMMI Institute and ISACA stated: "While enterprise leaders recognise that mature cyber security is essential to thriving in today's digital economy, they often lack the insights and data to have peace of mind that their organisations are efficiently and effectively managing cyber risk."
Indeed, damages from cyber crime are projected to cost the world $7 trillion in 2022, according to the "Boardroom Cybersecurity 2022 Report" from Cybersecurity Ventures. As a result, "board members and chief executives are more interested in cyber security now than ever before," the report stated, adding that the time is ripe for turning awareness into action.
How, then, can board leaders have confidence that their organisations are prepared against cyber attacks? The first order of business for most organisations is to enable a strong cyber security governance program.
Cyber security governance refers to the component of governance that addresses an organisation's dependence on cyber space in the presence of adversaries. The ISO/IEC 27001 standard defines cyber security governance as the following: “The system by which an organisation directs and controls security governance, specifies the accountability framework and provides oversight to ensure that risks are adequately mitigated, while management ensures that controls are implemented to mitigate risks”.
Traditionally, cyber security is viewed through the lens of a technical or operational issue to be handled in the technology space. Cyber security planning needs to fully transition from a back-office operational function to its own area aligned with law, privacy and enterprise risk. The CISO should have a seat at the table alongside the CIO, COO, CFO and CEO. This helps the C-suite understand cyber security as an enterprise-wide risk management issue, along with the legal implications of cyber-risks, and not solely a technology issue.
https://www.techtarget.com/searchsecurity/post/Cybersecurity-governance-A-path-to-cyber-maturity
The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
Ransomware is the de facto threat organisations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation.
Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that multiple threat actors around the world perpetrate.
Something's changed, though. Crypto valuations have dropped, reducing the monetary appeal of ransomware attacks due to organisations mounting better defence against ransomware.
Threat actors have been searching for another opportunity – and found one. It's called data exfiltration, or exfil, a type of espionage causing headaches at organisations worldwide.
Information exfiltration is rapidly becoming more prevalent. Earlier this year, incidents at Nvidia, Microsoft, and several other companies have highlighted how big of a problem it's become – and how, for some organisations, it may be a threat that's even bigger than ransomware.
Nvidia, for example, became entangled in a complex tit-for-tat exchange with hacker group Lapsus$. One of the biggest chipmakers in the world was faced with the public exposure of the source code for invaluable technology, as Lapsus$ leaked the source code for the company's Deep Learning Super Sampling (DLSS) research.
When it comes to exfil extortion, attackers do not enter with the primary aim of encrypting a system and causing disruption the way that a ransomware attacker does. Though, yes, attackers may still use encryption to cover their tracks.
Instead, attackers on an information exfiltration mission will move vast amounts of proprietary data to systems that they control. And here's the game: attackers will proceed to extort the victim, threatening to release that confidential information into the wild or to sell it to unscrupulous third parties.
https://thehackernews.com/2022/08/the-rise-of-data-exfiltration-and-why.html
Threats
Ransomware
[Whoa] Ransomware Strains Almost Double in Six Months from 5,400 to 10,666 (knowbe4.com)
Ransomware dominates the threat landscape - Help Net Security
We need to think about ransomware differently - Help Net Security
NATO investigates hacker sale of missile firm data - BBC News
Cyber attackers disrupt services at French hospital, demand $10 million ransom (france24.com)
New 'Agenda' Ransomware Customized for Each Victim | SecurityWeek.Com
LockBit gang hit by DDoS attack after Entrust leaks • The Register
New ransomware HavanaCrypt poses as Google software update | CSO Online
LockBit Ransomware Site Hit by DDoS Attack as Hackers Start Leaking Entrust Data | SecurityWeek.Com
New Golang Ransomware Agenda Customizes Attacks (trendmicro.com)
New 'BianLian' Ransomware Variant on the Rise (darkreading.com)
New 'Donut Leaks' extortion gang linked to recent ransomware attacks (bleepingcomputer.com)
Quantum ransomware attack disrupts govt agency in Dominican Republic (bleepingcomputer.com)
Car Dealership Hit by Major Ransomware Attack - Infosecurity Magazine
Ransomware Gang Leaks Data Allegedly Stolen from Greek Gas Supplier | SecurityWeek.Com
BEC – Business Email Compromise
Phishing & Email Based Attacks
Phishing attacks abusing SaaS platforms see a massive 1,100% growth (bleepingcomputer.com)
Researchers Warn of AiTM Attack Targeting Google G-Suite Enterprise Users (thehackernews.com)
Hiding a phishing attack behind the AWS cloud • The Register
10 key facts about callback phishing attacks - CyberTalk 2022
Other Social Engineering; Smishing, Vishing, etc
Malware
Threat actor abuses Genshin Impact Anti-Cheat driver to disable antivirus - Security Affairs
Fake DDoS Protection Alerts Distribute Dangerous RAT (darkreading.com)
Meet Borat RAT, a New Unique Triple Threat (thehackernews.com)
Donot Team group updates its Windows malware framework - Security Affairs
How 'Kimsuky' hackers ensure their malware only reach valid targets (bleepingcomputer.com)
Grandoreiro banking malware targets Mexico and Spain - Security Affairs
Fake Chrome extension 'Internet Download Manager' has 200,000 installs (bleepingcomputer.com)
Threat actors are using the Tox P2P messenger as C2 server - Security Affairs
Mobile
Internet of Things – IoT
Cyber criminals Are Selling Access to Chinese Surveillance Cameras | Threatpost
IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals - Infosecurity Magazine
Thousands of Organisations Remain at Risk from Critical Zero-Click IP Camera Bug (darkreading.com)
Data Breaches/Leaks
LastPass data breach: threat actors stole portion of source code - Security Affairs
Plex discloses data breach and urges password reset - Security Affairs
Plex was compromised, exposing usernames, emails, and passwords - The Verge
DoorDash discloses new data breach tied to Twilio hackers (bleepingcomputer.com)
Data on California Prisons' Visitors, Staff, Inmates Exposed | SecurityWeek.Com
Expert Commentary On The Plex Data Breach (informationsecuritybuzz.com)
Textile Company Sferra Discloses Data Breach | SecurityWeek.Com
Novant Health: Oops, we leaked 1.3m patients' info to Meta • The Register
Organised Crime & Criminal Actors
RaaS Kits Are Hiding Who The Attackers Really Are – Expert Comments (informationsecuritybuzz.com)
Researchers warn of darkverse emerging from the metaverse | CSO Online
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
An anatomy of crypto-enabled cyber crime | Financial Times (ft.com)
Cryptojackers Spread Across Computers Globally- IT Security Guru
Hackers Are Breaking Into and Emptying Cash App Accounts (vice.com)
Threat actors are stealing funds from General Bytes Bitcoin ATMSecurity Affairs
How Economic Changes and Crypto's Rise Are Fuelling the use of "Cyber Mules" | SecurityWeek.Com
Fraud, Scams & Financial Crime
Scammers Create “AI Hologram” of C-Suite Crypto Exec - Infosecurity Magazine
Employee fraud: Beware of deepfake job applicants - Protocol
A closer look at identity crimes committed against individuals - Help Net Security
What type of fraud enables attackers to make a living? - Help Net Security
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
DDoS attacks jump 203%, patriotic hacktivism surges - Help Net Security
Threat Actor Deploys Raven Storm Tool to Perform DDoS Attacks - Infosecurity Magazine
LockBit gang hit by DDoS attack after Entrust leaks • The Register
Cloud/SaaS
Mitiga: Attackers evade Microsoft MFA to lurk inside M365 (techtarget.com)
Phishing attacks abusing SaaS platforms see a massive 1,100% growth (bleepingcomputer.com)
How complicated access management protocols have impacted cloud security - Help Net Security
Identity and Access Management
IT leaders struggling to address identity sprawl - Help Net Security
Identity Security Pain Points and What Can Be Done (darkreading.com)
Thoma Bravo: Securing digital identities has become a major priority - Help Net Security
Encryption
CISA: Action required now to prepare for quantum computing cyber threats | ZDNET
Encrypted Traffic Analysis: Mitigating Against The Risk Of Encryption (informationsecuritybuzz.com)
US Government: Stop Dickering and Prepare for Post-Quantum Encryption Now - CNET
API
Passwords, Credential Stuffing & Brute Force Attacks
Credential phishing attacks rise and represent a huge threat to businesses - Help Net Security
Twilio hackers breached over 130 organisations during months-long hacking spree | TechCrunch
FBI: Beware Residential IPs Hiding Credential Stuffing - Infosecurity Magazine
Social Media
Privacy
Travel
Hackers target hotel and travel companies with fake reservations (bleepingcomputer.com)
British Airways passengers targeted in baggage scam using Twitter | The Independent
Models, Frameworks and Standards
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Lloyd's of London Introduces New War Exclusion Insurance Clauses | SecurityWeek.Com
EU Outlines Critical Cyber Response to Ukraine War - Infosecurity Magazine
Unprecedented cyber attack hit State Infrastructure of Montenegro - Security Affairs
Suspected Iranian Hackers Targeted Several Israeli Organisations for Espionage (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass | ZDNET
Microsoft Attributes New Post-Compromise Capability to Nobelium - Infosecurity Magazine
Nation State Actors – Iran
Nation State Actors – Misc APT
Vulnerability Management
Up to 35% more CVEs published so far this year compared to 2021 | CSO Online
Why patching quality, vendor info on vulnerabilities are declining | CSO Online
How fast is the financial industry fixing its software security flaws? - Help Net Security
Highlighting What should be Patched First at the Endpoint (bleepingcomputer.com)
Vulnerabilities
Cisco Patches High-Severity Vulnerabilities in Business Switches | SecurityWeek.Com
CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability (thehackernews.com)
Critical flaw impacts Atlassian Bitbucket Server and Data Center - Security Affairs
VMware fixes privilege escalation vulnerabilities in VMware Tools - Infosecurity Magazine
VMware LPE Bug Allows Cyber attackers to Feast on Virtual Machine Data (darkreading.com)
Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884) - Help Net Security
Zoom patches root exploit, patches patch due to root exploit • The Register
US government really hopes you've patched your Zimbra server • The Register
Apple security flaw ‘actively exploited’ by hackers to fully control devices | Apple | The Guardian
Microsoft publicly discloses details on critical ChromeOS flaw - Security Affairs
Mozilla Patches High-Severity Vulnerabilities in Firefox, Thunderbird | SecurityWeek.Com
'DirtyCred' Vulnerability Haunting Linux Kernel for 8 Years | SecurityWeek.Com
Privilege Escalation Flaw Haunts VMware Tools | SecurityWeek.Com
Other News
How attackers use and abuse Microsoft MFA - Help Net Security
There is an urgent need to reduce systemic cyber risks | Financial Times (ft.com)
We Need to Talk About How Good A.I. Is Getting - The New York Times (nytimes.com)
A lack of endpoint security strategy is leaving enterprises open to attack - Help Net Security
Twitter whistleblower report holds security lessons (techtarget.com)
Nearly 3 Years Later, SolarWinds CISO Shares 3 Lessons From the Infamous Attack (darkreading.com)
Data governance: 5 tips for holistic data protection - Microsoft Security Blog
US Government Spending Billions on Cyber security (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.