Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 05 April 2024
Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:
-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
-Ransomware Incidents Reported to UK Financial Regulator Doubled
-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
-AI Abuse and Misinformation Campaigns Threaten Financial Institutions
-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
-AI Makes Phishing Attacks Accessible to Basic Users
-Cyber Attacks Wreaking Physical Disruption on the Rise
-73% Brace for Cyber Security Impact on Business in Next Two Years
-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
-Cyber Security Imperative for Protecting Executives
-The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns
According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.
Sources: [Help Net Security ] [Dark Reading]
Ransomware Incidents Reported to UK Financial Regulator Doubled
The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.
Sources: [Digital Journal] [Digital Journal]
Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023
According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.
A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.
To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.
Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]
Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023
According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.
The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.
Sources: [Infosecurity Magazine] [Infosecurity Magazine]
AI Abuse and Misinformation Campaigns Threaten Financial Institutions
According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.
Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”
Source: [Help Net Security]
Security Teams are ‘Overconfident’ About Handling Next-Gen Threats
In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.
Source: [CSO Online]
AI Makes Phishing Attacks Accessible to Basic Users
One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.
Source: [The Economic Times]
Cyber Attacks Wreaking Physical Disruption on the Rise
According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.
Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.
Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.
Source: [Dark Reading]
73% Brace for Cyber Security Impact on Business in Next Two Years
A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.
Source: [Help Net Security]
To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset
2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.
Source: [IBTimes]
Cyber Security Imperative for Protecting Executives
The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.
Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.
Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.
Source: [Forbes]
The Increasing Role of Cyber Security Experts in Complex Legal Disputes
Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.
Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.
Source: [JDSupra]
Governance, Risk and Compliance
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
The Big Question: Are SMEs now at the forefront of cyber risks? - Emerging Risks Media Ltd
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Security teams are ‘overconfident’ about handling next-gen threats | CSO Online
Banks told to expand risk management to cover AI (finextra.com)
Corporations With Cyber Governance Create 4X More Value (darkreading.com)
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
73% brace for cyber security impact on business in the next year or two - Help Net Security
Businesses overestimating their skills amid cyber security crisis, survey reveals (holyrood.com)
Why your data isn’t as safe as you think and what it could cost you - IT Security Guru
Unspoken Battle: Cyber Security Imperative For Protecting Executives (forbes.com)
Businesses must prioritise prevention to lock out online threats (yahoo.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Lessons from the World's Costliest Corporate Cyber Attacks - Management Today
Three trends set to drive cyber attacks in 2024 (networkingplus.co.uk)
Why Cyber Security Is a Whole-of-Society Issue (darkreading.com)
Instilling the Hacker Mindset Organisationwide (darkreading.com)
How CISOs Can Make Cyber Security a Long-Term Priority for Boards (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Cyber security incidences surge in the UK financial services sector - Digital Journal
Ransomware attacks rise by 46% in February 2024, finds NCC Group (securitybrief.co.nz)
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Trend Micro: LockBit ransomware gang's comeback is failing | TechTarget
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Ransomware Victims
Ransomware attacks ravaged municipal governments in March | TechTarget
NHS Scotland confirms ransomware attackers leaked patients' data - Help Net Security
Yacht retailer MarineMax discloses data breach after cyber attack (bleepingcomputer.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Ransomware gang leaks UK city council’s confidential files • The Register
Omni Hotels confirms cyber attack behind ongoing IT outage (bleepingcomputer.com)
World’s second-largest lens-maker blinded by cyber incident • The Register
Phishing & Email Based Attacks
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff – POLITICO
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Phishing Attacks Targeting Political Parties, Germany Warns (govinfosecurity.com)
A phish by any other name should still not be clicked – Computerworld
Google now blocks spoofed emails for better phishing protection (bleepingcomputer.com)
New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware (thehackernews.com)
Microsoft Teams phishing attacks and how to prevent them | TechTarget
Artificial Intelligence
Banks told to expand risk management to cover AI (finextra.com)
AI abuse and misinformation campaigns threaten financial institutions - Help Net Security
22% of employees admit to breaching company rules with GenAI - Help Net Security
6 Prompts You Don't Want Employees Putting in Microsoft Copilot (bleepingcomputer.com)
Microsoft Copilot Blocked on US Congress Devices Over Security Concerns | Cryptopolitan
Cyber security: Enabled by AI, phishing becomes quite simple - The Economic Times (indiatimes.com)
Microsoft Announces New Safety System to Filter Malicious AI Output | Extremetech
Microsoft GM on AI and elections: 'There will be fakes' • The Register
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
Security and AI occupy SME thoughts | Microscope (computerweekly.com)
Malware
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
TheMoon Malware Rises Again with Malicious Botnet for Hire (darkreading.com)
Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (thehackernews.com)
Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (thehackernews.com)
Botnets: The uninvited guests that just won’t leave | CSO Online
Detecting Windows-based Malware Through Better Visibility (thehackernews.com)
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
Europe subjected to Mispadu trojan attacks | SC Media (scmagazine.com)
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
The Biggest Takeaways from Recent Malware Attacks (bleepingcomputer.com)
Thousands of Australian Businesses Targeted With RAT (darkreading.com)
Mobile
This new phishing attack targets iPhone and Android alike via RCS | TechRadar
2 wireless protocols expose mobile users to spying — the FCC wants to fix that - Nextgov/FCW
Location tracking and the battle for digital privacy - Help Net Security
How and why to enable Stolen Device Protection on your iPhone (idownloadblog.com)
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Porsche Kills Two More Models Due to Cyber Security Regulations - autoevolution
UK Encouraged to Prioritise Cyber Security with Electric Vehicle Charging Points - Electrical Times
Data Breaches/Leaks
Highly sensitive files mysteriously disappeared from EUROPOL headquarters (securityaffairs.com)
Almost 2.9M impacted by Harvard Pilgrim Health Care breach | SC Media (scmagazine.com)
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals | CyberScoop
Prudential Insurance says data of 36,000 exposed during February cyber attack (therecord.media)
Hotel Self Check-In Kiosks Exposed Room Access Codes - Security Week
Nearly 1M medical records feared stolen from City of Hope • The Register
SurveyLama data breach exposes info of 4.4 million users (bleepingcomputer.com)
Cyber criminals steal data of around 700,000 Apotheka pharmacy customers | News | ERR
PandaBuy data breach allegedly impacted +1.3M customers (securityaffairs.com)
OWASP discloses breach due to a Wiki web server misconfig • The Register
US cancer center data breach exposes info of 827,000 patients (bleepingcomputer.com)
Organised Crime & Criminal Actors
Escalating malware tactics drive global cyber crime epidemic - Help Net Security
Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 - Security Week
Rise of non-tech hackers: new era of cyber threats - VnExpress International
India rescuing citizens forced into cyber fraud schemes in Cambodia | Reuters
Cyber criminal adoption of browser fingerprinting - Help Net Security
With just $700 and a Raspberry Pi — you too can become a cyber criminal | TechRadar
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
FTX founder Sam Bankman-Fried sentenced to 25 years for crypto fraud (cnbc.com)
$1.28 Million Lost From Crypto Phishing Attacks (coinpedia.org)
Insider Risk and Insider Threats
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Insurance
Can cyber insurance help secure business? | Mint (livemint.com)
How will the Merck settlement affect the insurance industry? (securityintelligence.com)
Supply Chain and Third Parties
Cloud/SaaS
How much does cloud-based identity expand your attack surface? - Help Net Security
Who owns your data? SaaS contract security, privacy red flags | CSO Online
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Identity and Access Management
Linux and Open Source
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking (thehackernews.com)
Red Hat warns of backdoor in XZ tools used by most Linux distros (bleepingcomputer.com)
A new XZ backdoor scanner will be able to safeguard any Linux binary from threats (msn.com)
What we know about the xz Utils backdoor that almost infected the world | Ars Technica
Malicious xz backdoor reveals fragility of open source • The Register
Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (thehackernews.com)
German state switches to LibreOffice, promises Windows move • The Register
Passwords, Credential Stuffing & Brute Force Attacks
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
American fast-fashion firm Hot Topic hit by credential stuffing attacks (securityaffairs.com)
Social Media
WhatsApp was down in Meta’s second big outage this year | TechCrunch
YouTube Video Game ‘Hacks’ Contain Malware Links - Infosecurity Magazine (infosecurity-magazine.com)
Malvertising
Apple macOS users targeted with more cyber attacks via dodgy ads and websites | TechRadar
New Chrome feature aims to stop hackers from using stolen cookies (bleepingcomputer.com)
Training, Education and Awareness
Human risk is the top cyber threat for IT teams - Help Net Security
Instilling the Hacker Mindset Organisation wide (darkreading.com)
Regulations, Fines and Legislation
Ransomware incidents reported to UK financial regulator have doubled - Digital Journal
EU's reimagined NIS 2 cyber security vision to go live (electronicspecifier.com)
6 business benefits of data protection and GDPR compliance | TechTarget
Treasury accuses banks of 'insufficient data sharing' on fraud | American Banker
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Models, Frameworks and Standards
Using the NIST CSF for Strong Cyber Security Compliance | NAVEX - JDSupra
NIST And CISA: 13 Must-Review Resources For SMBs (forbes.com)
Are businesses prepared for the CSF 2.0 challenge? - Digital Journal
Backup and Recovery
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Data protection vs. data backup: How are they different? | TechTarget
Data Protection
6 business benefits of data protection and GDPR compliance | TechTarget
How to conduct a data privacy audit, step by step | TechTarget
Data protection vs. data backup: How are they different? | TechTarget
Careers, Working in Cyber and Information Security
The Complexity and Need to Manage Mental Well-Being in the Security Team - Security Week
Cyber Leaders Struggle With Heightened Job Expectations, Communicating With Board - WSJ
Unlocking Cyber Security Success: The Importance of Certifications - ClearanceJobs
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Are you okay? Understanding the world of a CISO | CSO Online
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Wars prompt questions for facial recognition providers, and obscure the answers | Biometric Update
UN Peace Operations Under Fire from State-Sponsored Hackers (darkreading.com)
Nation State Actors
China
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal – POLITICO
Pulling the Curtain Back on China’s Cyberespionage (informationweek.com)
MPs challenge government claims China cyber attack was unsuccessful (ft.com)
Chinese hackers turn to AI to meddle in elections | CyberScoop
UK, Czech ministers among China’s hacking targets – POLITICO
Security fears over supercomputer deal with Chinese firm Lenovo (thetimes.co.uk)
Russia
Ukraine gives award to foreign vigilantes for hacks on Russia - BBC News
STA: Russian hackers take responsibility for cyber attack on Slovenia
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny | CNN Politics
Russian network that 'paid European politicians' busted, authorities claim - BBC News
Russia charges suspects behind theft of 160,000 credit cards (bleepingcomputer.com)
Iran
Iran's Evolving Cyber Enabled Influence Operations to Support Hamas (darkreading.com)
Satellite Cyber Security, Iran, and the Israel-Hamas War | Geopolitical Monitor
North Korea
Vulnerability Management
CVE and NVD - A Weak and Fractured Source of Vulnerability Truth - Security Week
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Vulnerabilities
Are You Affected by the Backdoor in XZ Utils? (darkreading.com)
Red Hat issues urgent alert for Fedora Linux users due to malicious code (betanews.com)
Hosting firm's VMware ESXi servers hit by new SEXi ransomware (bleepingcomputer.com)
Cisco warns of password-spraying attacks targeting VPN services (bleepingcomputer.com)
Cisco addressed high-severity flaws in IOS and IOS XE software (securityaffairs.com)
Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure (thehackernews.com)
Apple GoFetch was caused by an obsession with speed • The Register
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - Security Week
Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (thehackernews.com)
Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems - Security Week
Google fixed two actively exploited Pixel vulnerabilities (securityaffairs.com)
Splunk Patches Vulnerabilities in Enterprise Product - Security Week
JetBrains fixes 26 'security problems,' offering no details • The Register
Tools and Controls
RDP Abuse Present in 90% of Ransomware Breaches - Infosecurity Magazine (infosecurity-magazine.com)
New XZ backdoor scanner detects implant in any Linux binary (bleepingcomputer.com)
The ‘complicated relationship’ between AI and cyber security (siliconrepublic.com)
How much does cloud-based identity expand your attack surface? - Help Net Security
How Pentesting-as-a-Service can Reduce Overall Security Costs (bleepingcomputer.com)
Building a cyber security risk assessment template - Security Boulevard
Microsoft unveils safety and security tools for generative AI | InfoWorld
The Biggest Mistake Security Teams Make When Buying Tools (darkreading.com)
World Backup Day triggers call for holistic cyber security overhaul (securitybrief.co.nz)
Cloud Email Filtering Bypass Attack Works 80% of the Time (darkreading.com)
Can cyber insurance help secure business? | Mint (livemint.com)
71% Website Vulnerable: API Security Becomes Prime Target for Hackers - Security Boulevard
Old Technology, New Tricks: Why DNS Is Still A Major Security Target (forbes.com)
Cyber Risk Management: A Beginner's Guide - Security Boulevard
Microsoft Entra Recommendations adds several more for better user security - Neowin
A CISO's Guide to Materiality and Risk Determination (darkreading.com)
Attack Surface Management vs. Vulnerability Management (thehackernews.com)
Why a Cloud Security Platform Approach is Critical | Trend Micro (US)
The Importance Of Physical Cyber Security Testing (forbes.com)
CISOs Are Facing Challenges In Proactive Threat Defence And Compliance Management (forbes.com)
Human risk is the top cyber threat for IT teams - Help Net Security
Data protection vs. data backup: How are they different? | TechTarget
SIEM Implementation: Strategies and Best Practices | MSSP Alert
Is Windows Defender All the Antivirus Protection You Need? (makeuseof.com)
Other News
Cyber Attacks Wreaking Physical Disruption on the Rise (darkreading.com)
Cyber Safety Review Board: Microsoft security culture 'inadequate' (geekwire.com)
Microsoft slammed for lax infosec that led to Exchange crack • The Register
Infosec professionals praise CSRB report on Microsoft breach | TechTarget
76% of consumers don't see themselves as cyber crime targets - Help Net Security
Shielding the lifelines: Protecting energy and infrastructure from cyber threats (betanews.com)
Cyber Security Statistics In 2024: Is Your Law Firm Protected? - Above the Law
Sellafield nuclear waste dump faces prosecution over cyber security failures (bitdefender.com)
Australia Doubles Down On Cyber Security After Attacks (darkreading.com)
Furry Hackers Use Church's Money To Buy Inflatable Sea Lions (dailydot.com)
Windows 10 Support Deadline: Your Guide to Extended Security Updates (ESU) (mspoweruser.com)
Healthcare's cyber resilience under siege as attacks multiply - Help Net Security
Rise of non-tech hackers: new era of cyber threats - VnExpress International
Why Cultural Institutions Are Rich Targets for Cyber Attackers (informationweek.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 21 October 2022
Black Arrow Cyber Threat Briefing 21 October 2022:
-Gen Z, Millennials Really Doesn't Care About Workplace Cyber Security
-Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
-Cyber-Enabled Crimes Are Biggest Police Concerns
-List of Common Passwords Accounts for Nearly All Cyber Attacks
-Shared Responsibility or Shared Fate? Decentralized IT Means We Are All Cyber Defenders
-Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
-96% Of Companies Report Insufficient Security for Sensitive Cloud Data
-Your Microsoft Exchange Server Is a Security Liability
-Are Cyber Security Vendors Pushing Snake Oil?
-Ransomware Preparedness, What Are You Doing Wrong?
-NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
-Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Gen Z, Millennials Really Don’t Care About Workplace Cyber Security
When it comes to cyber security in the workplace, younger employees don’t really seem to care that much, which is putting their organisations in serious harm’s way, new research has claimed.
Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cyber security than their Boomer counterparts in adhering to their employer's safety policies.
This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.
When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.
Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.
Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it. Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cyber criminals looking to exploit any hole in security.
If an organisation's cyber security practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.
https://www.techradar.com/news/younger-workers-dont-care-about-workplace-cybersecurity
Supply Chain Attacks Increased Over 600% This Year and Companies Are Falling Behind
The number of documented supply chain attacks involving malicious third-party components has increased 633% over the past year, now sitting at over 88,000 known instances, according to a new report from software supply chain management company Sonatype. Meanwhile, instances of transitive vulnerabilities that software components inherit from their own dependencies have also reached unprecedented levels and plague two-thirds of open-source libraries.
“The networked nature of dependencies highlights the importance of having visibility and awareness about these complex supply chains” Sonatype said in its newly released State of the Software Supply Chain report. “These dependencies impact our software, so having an understanding of their origins is critical to vulnerability response. Many organisations did not have the needed visibility and continued their incident response procedures for Log4Shell well beyond the summer of 2022 as a result.”
Log4Shell is a critical vulnerability discovered in November 2021 in Log4j, a widely popular open-source Java library used for logging and bundled in millions of enterprise applications and software products, often as an indirect dependency. According to Sonatype’s monitoring, as of August 2022, the adoption rate for fixed versions of Log4j sits at around 65%. Moreover, this doesn’t even account for the fact that the Log4Shell vulnerability originated in a Java class called JndiManager that is part of Log4j-core, but which has also been borrowed by 783 other projects and is now found in over 19,000 software components.
Log4Shell served as a watershed moment, highlighting the inherent risks that exist in the open-source software ecosystem – which sits at the core of modern software development – and the need to manage them properly. It also led to several initiatives to secure the software supply chain by private organisations, software repository managers, the Linux Foundation, and government bodies. Yet, most organisations are far from where they need to be in terms of open-source supply chain management.
Cyber-Enabled Crimes Are Biggest Police Concerns
Cyber-related crimes such as money laundering, ransomware and phishing pose the biggest threat to society, according to the first ever Interpol Global Crime Trend report.
The inaugural study was compiled from data received from the policing organisation’s 195 member countries, as well as information and analysis from external sources.
Money laundering was ranked the number one threat, with 67% of respondents claiming it to be a “high” or “very high” risk. Ransomware came second (66%) but was the crime type that most (72%) expected to increase in the next 3–5 years.
Of the nine top crime trends identified in the report, six are directly cyber-enabled, including money laundering, ransomware, phishing, financial fraud, computer intrusion and child sexual exploitation.
Interpol warned that the pandemic had fomented new underground offerings like “financial crime-as-a-service,” including digital money laundering tools which help to lower the barrier to entry for criminal gangs. It also claimed that demand for online child sexual exploitation and abuse (OCSEA) content surged during the pandemic. Some 62% of respondents expect it to increase or significantly increase in the coming years.
The findings represent something of a turnaround from pre-pandemic times, when drug trafficking regularly topped the list of police concerns. Thanks to a surge in corporate digitalisation, home working and online shopping, there are now rich pickings to be had from targeting consumers and business users with cyber-scams and attacks, Interpol claimed.
https://www.infosecurity-magazine.com/news/cyberenabled-crimes-are-biggest/
List of Common Passwords Accounts for Nearly All Cyber Attacks
Half of a million passwords from the RockYou2021 list account for 99.997% of all credential attacks against a variety of honeypots, suggesting attackers are just taking the easy road.
Tens of millions of credential-based attacks targeting two common types of servers boiled down to a small fraction of the passwords that formed a list of leaked credentials, known as the RockYou2021 list.
Vulnerability management firm Rapid7, via its network of honeypots, recorded every attempt to compromise those servers over a 12-month period, finding that the attempted credential attacks resulted in 512,000 permutations. Almost all of those passwords (99.997%) are included in a common password list — the RockYou2021 file, which has 8.4 billion entries — suggesting that attackers, or the subset of threat actors attacking Rapid7's honeypots, are sticking to a common playbook.
The overlap in all the attacks also suggest attackers are taking the easy road, said Rapid7. "We know now, in a provable and demonstrable way, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet," they said. "Therefore, it's very easy to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls."
Every year, security firms present research suggesting users are continuing to pick bad passwords. In 2019, an evaluation of passwords leaked to the Internet found that the top password was "123456," followed by "123456789" and "qwerty," and unfortunately things have not got much better since then.
https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacks
Shared Responsibility or Shared Fate? Decentralised IT Means We Are All Cyber Defenders
Does your organisation truly understand the shared responsibility model? Shared responsibility emerged from the early days of cloud computing as a way to delineate responsibilities between cloud providers and their customers, but often there's a gap between what shared responsibility means and how it is interpreted. With the decentralisation of IT, this gap is getting worse.
Applications, servers, and overall technology used to be under the purview and control of the IT department, yet with the shift to cloud, and specifically software-as-a-service (SaaS), this dynamic has changed. Whether it's the sales team bringing in a customer relationship management (CRM) system like Salesforce, or the HR department operating a human resources information system (HRIS) like Workday, there's a clear "expanding universe" of IT that no longer sits where it used to. Critical business workflows exist in separate business units far from IT and security and are managed as such. Our corporate IT footprints have become decentralised.
This is not some minor, temporary trend. With the ease and speed of adopting new SaaS applications and the desire to "lift and shift" code into cloud-based environments, this is the future. The future is decentralised.
The shift to business-owned and -operated applications puts security teams in a position where risk management is their responsibility; they are not even able to log into some of these critical systems. It's like asking your doctor to keep you healthy but not giving her access to your information or having regular check-ups. It doesn't work that way.
Beyond the challenging human skills gap, there's technical entropy and diversity everywhere, with different configuration settings, event logs, threat vectors, and data sensitivities. On the access side, there are different admins, users, integrations, and APIs. If you think managing security on Windows and Mac is a lot, try it across many huge applications.
With this reality, how can the security team be expected to combat a growing amount of decentralised business technology risk?
We must operate our technology with the understanding that shared responsibility is the vertical view between cloud provider and customer, but that enterprise-owned piece of shared responsibility is the burden of multiple teams horizontally across an organisation. Too often the mentality is us versus them, availability versus security, too busy to care about risk, too concerned with risk to understand "the business."
Ukraine War Cuts Ransomware as Kremlin Co-Opts Hackers
The Ukraine war has helped reduce global ransomware attacks by 10pc in the last few months, a British cyber security company has said.
Criminal hacking gangs, usually engaged in corporate ransomware activities, are increasingly being co-opted by the Russian military to launch cyber attacks on Ukraine, according to Digital Shadows. “The war is likely to continue to motivate ransomware actors to target government and critical infrastructure entities,” according to the firm. Such attacks partly contributed to a 10pc drop in the number of ransomware threats launched during the three months to September, said the London-based company.
The drop in ransomware may also partly be caused by tit-for-tat digital attacks between rival hacking gangs. Researchers said the Lockbit gang, who recently targeted LSE-listed car retailer Pendragon with a $60m (£53.85m) ransom demand, were the target of attacks from their underworld rivals. The group is increasingly inviting resentment from competing threat groups and possibly former members.
Some cyber criminals’ servers went offline in September after what appeared to be an attack from competitors. In the world of cyber criminality, it is not uncommon for tensions to flare among rival groups.
Officials from GCHQ’s National Cyber Security Centre have said ransomware is one of the biggest cyber threats facing the UK. Figures published by the Department for Digital, Culture, Media and Sport this year revealed the average costs to businesses caused by ransomware attacks is around £19,000 per incident.
US-based cyber security company Palo Alto Networks, however, warned that the average ransom payment it saw in the early part of this year was $925,000 (£829,000).
https://www.telegraph.co.uk/business/2022/10/23/ukraine-war-cuts-ransomware-kremlin-co-opts-hackers/
96% Of Companies Report Insufficient Security for Sensitive Cloud Data
The vast majority of organisations lack confidence in securing their data in cloud, while many companies acknowledge they lack sufficient security even for their most sensitive data, according to a new report by the Cloud Security Alliance (CSA).
The CSA report surveyed 1,663 IT and security professionals from organisations of various sizes and in various locations. "Only 4% report sufficient security for 100% of their data in the cloud. This means that 96% of organisations have insufficient security for at least some of their sensitive data," according to the report, which was sponsored by data intelligence firm BigID.
Apart from struggling with securing sensitive data, organisations are also having trouble tracking data in the cloud. Over a quarter of organisations polled aren’t tracking regulated data, nearly a third aren’t tracking confidential or internal data, and 45% aren’t tracking unclassified data, the report said.
“This suggests that organisations’ current methods of classifying data aren’t sufficient for their needs. However, if the tracking is this low, it could be a contributing factor to the issue of dark data. Organisations need to utilise data discovery and classification tools to properly understand the data they have and how to protect it,” the CSA study noted.
Your Microsoft Exchange Server Is a Security Liability
With endless vulnerabilities, widespread hacking campaigns, slow and technically tough patching, it's time to say goodbye to on-premise Exchange.
Once, reasonable people who cared about security, privacy, and reliability ran their own email servers. Today, the vast majority host their personal email in the cloud, handing off that substantial burden to the capable security and engineering teams at companies like Google and Microsoft. Now, cyber security experts argue that a similar switch is due - or long overdue - for corporate and government networks. For enterprises that use on-premise Microsoft Exchange, still running their own email machine somewhere in a closet or data centre, the time has come to move to a cloud service, if only to avoid the years-long plague of bugs in Exchange servers that has made it nearly impossible to keep determined hackers out.
The latest reminder of that struggle arrived earlier this week, when Taiwanese security researcher Orange Tsai published a blog post laying out the details of a security vulnerability in Microsoft Exchange. Tsai warned Microsoft about this vulnerability as early as June of 2021, and while the company responded by releasing some partial fixes, it took Microsoft 14 months to fully resolve the underlying security problem. Tsai had earlier reported a related vulnerability in Exchange that was massively exploited by a group of Chinese state-sponsored hackers known as Hafnium, which last year penetrated more than 30,000 targets by some counts. Yet according to the timeline described in Tsai’s post this week, Microsoft repeatedly delayed fixing the newer variation of that same vulnerability, assuring Tsai no fewer than four times that it would patch the bug before pushing off a full patch for months longer. When Microsoft finally released a fix, Tsai wrote, it still required manual activation and lacked any documentation for four more months.
Meanwhile, another pair of actively exploited vulnerabilities in Exchange that were revealed last month still remain unpatched after researchers showed that Microsoft’s initial attempts to fix the flaws had failed. Those vulnerabilities were just the latest in a years-long pattern of security bugs in Exchange’s code. And even when Microsoft does release Exchange patches, they’re often not widely implemented, due to the time-consuming technical process of installing them.
The result of those compounding problems, for many who have watched the hacker-induced headaches of running an Exchange server pile up, is a clear message: An Exchange server is itself a security vulnerability, and the fix is to get rid of it.
“You need to move off of on-premise Exchange forever. That’s the bottom line,” says Dustin Childs, the head of threat awareness at security firm Trend Micro’s Zero Day Initiative (ZDI), which pays researchers for finding and reporting vulnerabilities in commonly used software and runs the Pwn2Own hacking competition. “You’re not getting the support, as far as security fixes, that you would expect from a really mission-critical component of your infrastructure.”
https://www.wired.com/story/microsoft-exchange-server-vulnerabilities/
Are Cyber Security Vendors Pushing Snake Oil?
Survey: 96 percent of cyber security decision makers confused by vendor marketing.
The availability of new security products increases, the amount of budget spent on cyber security grows, and the number of security breaches seems to outpace both. This basic lack of correlation between increasing cyber security spend and any clear increase in cyber security effectiveness is the subject of a new analytical survey from Egress.
With 52 million data breaches in Q2 2022 alone (Statista), Egress questioned 800 cyber security and IT leaders on why vendor claims and reality aren’t aligned. The headline response in the survey is that 91% of decision makers have difficulty in selecting cyber security vendors due to unclear marketing about their specific offerings.
The financial investment cycle doesn’t help in this. For many investors, the strength of the management team is more important than the product. The argument is not whether this product is a cyber security silver bullet, but whether this management can take the company to a point where it can exit with serious profits.
If investment is achieved, much of it will go into marketing. That marketing must compete against existing, established vendors – so it tends to be louder, more aggressive, and replete with hyperbole. Marketing noise can lead to increased valuation, which can lead to a successful and profitable exit by the investors.
Of course, this is an oversimplification and doesn’t always happen. The point, however, is that it does happen and has no relevance to the real effectiveness of the product in question. Without any doubt, there are many products that have been over-hyped by marketing funds provided by profit-driven investors.
https://www.securityweek.com/are-cybersecurity-vendors-pushing-snake-oil
Ransomware Preparedness: What Are You Doing Wrong?
Axio released its 2022 State of Ransomware Preparedness research report, revealing that although notable improvements have been made since Axio’s 2021 report, organisational ransomware preparedness continues to be insufficient to keep pace with new attack vectors.
The report reveals that the lack of fundamental cyber security practices and controls, including critical vulnerability patching and employee cyber security training, continues to undermine organisational attempts to improve ransomware defences.
“Ransomware continues to wreak havoc on global organisations, regardless of size or industry,” remarked the report’s co-author David White, President of Axio. “As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cyber security practices and make the needed improvements to help combat these attacks.”
The report identifies several emerging patterns that yield insights into why organisations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organisations were deficient in implementing and sustaining basic cyber security practices were identified, and these patterns dominated the 2022 study results as well:
Managing privileged access
Improving basic cyber hygiene
Reducing exposure to supply chain and third-party risk
Monitoring and defending networks
Managing ransomware incidents
Identifying and addressing vulnerabilities in a timely manner
Improving cyber security training and awareness
Overall, most organisations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:
The number of organisations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.
Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organisations reporting implementing these practices.
Approximately 40% of organisations monitor third-party network access, evaluate third-party cyber security posture, and limit the use of third-party software.
Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.
Critical vulnerability patching within 24 hours was reported by only 24% of organisations.
A ransomware-specific playbook for incident management is in place for only 30% of organisations.
Active phishing training has improved but is still not practiced by 40% of organisations.
https://www.helpnetsecurity.com/2022/10/20/insufficient-ransomware-preparedness/
NSA Cybersecurity Director's Six Takeaways from the War in Ukraine
From the warning banner ‘Be afraid and expect the worst’ that was shown on several Ukrainian government websites on January 13, 2022, after a cyber-attack took them down, the US National Security Agency’s (NSA) cybersecurity director, Rob Joyce, knew that something was going to be different, and very aggressive, between Ukraine and Russia, and that it would be happening in the cyber space as well.
Ten months on, he was invited to speak at one of Mandiant Worldwide Information Security Exchange's (mWISE) opening keynotes on October 18, 2022. Joyce shared six takeaways from the Russia-Ukraine cyber-conflict in terms of what we learned from it and its impact on how nations should protect their organisations.
Both espionage and destructive attacks will occur in conflict
The cyber security industry has unique insight into these conflicts
Sensitive intelligence can make a decisive difference
You can develop resiliency skills
Don’t try to go it alone
You have not planned enough yet for the contingencies
Toward the end of the keynote, Joyce suggested the audience simulate a scenario based on what happened in Ukraine with the China-Taiwan conflict escalating and see what they should put in place to better prepare for such an event.
https://www.infosecurity-magazine.com/news/nsa-6-takeaways-war-ukraine/
Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak
Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication.
"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.
Microsoft also emphasised that the B2B leak was "caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability."
The misconfiguration of the Azure Blob Storage was spotted on September 24, 2022, by cyber security company SOCRadar, which termed the leak BlueBleed. Microsoft said it's in the process of directly notifying impacted customers.
The Windows maker did not reveal the scale of the data leak, but according to SOCRadar, it affects more than 65,000 entities in 111 countries. The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.
https://thehackernews.com/2022/10/microsoft-confirms-server.html
Threats
Ransomware and Extortion
Сryptocurrency and Ransomware — The Ultimate Friendship (thehackernews.com)
Venus Ransomware targets publicly exposed Remote Desktop services (bleepingcomputer.com)
Pendragon being held to $60m ransom by dark web hackers – Car Dealer Magazine
Magniber Ransomware Is Targeting Home PC (informationsecuritybuzz.com)
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang (bleepingcomputer.com)
With Conti gone, LockBit takes lead of the ransomware threat landscape | CSO Online
Tactics Tie Ransom Cartel Group to Defunct REvil Ransomware (darkreading.com)
Wholesale giant METRO hit by IT outage after cyber attack (bleepingcomputer.com)
The link between Ransom Cartel and REvil ransomware gangs - Security Affairs
How Vice Society Got Away With a Global Ransomware Spree | WIRED
Defenders beware: A case for post-ransomware investigations - Microsoft Security Blog
Ransomware crews regrouping as LockBit rise continues (computerweekly.com)
Ransom Cartel linked to notorious REvil ransomware operation (bleepingcomputer.com)
Hackney Council Ransomware Attack £12m+ Recovery - IT Security Guru
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Prestige ransomware hits victims of HermeticWiper • The Register
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Japanese tech firm Oomiya hit by LockBit 3.0 - Security Affairs
Ransomware attack halts circulation of some German newspapers (bleepingcomputer.com)
Ransomware Insurance Security Requirement Strategies (trendmicro.com)
Australian insurance firm Medibank confirms ransomware attack (bleepingcomputer.com)
BlackByte ransomware uses new data theft tool for double-extortion (bleepingcomputer.com)
Phishing & Email Based Attacks
Phishing works so well crims won't use deepfakes: Sophos • The Register
Phishing Mitigation Can Cost Businesses More Than $1M Annually (darkreading.com)
Securing your organisation against phishing can cost up to $85 per email | CSO Online
How phishing campaigns abuse Google Ad click tracking redirects - Help Net Security
Other Social Engineering; Smishing, Vishing, etc
Malware
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Microsoft’s out-of-date driver list left Windows PCs open to malware attacks for years - The Verge
Ursnif malware switches from bank account theft to initial access (bleepingcomputer.com)
Experts spotted a new undetectable PowerShell Backdoor - Security Affairs
Typosquat campaign mimics 27 brands to push Windows, Android malware (bleepingcomputer.com)
Thousands of GitHub repositories deliver fake PoC exploits with malware (bleepingcomputer.com)
Hackers use new stealthy PowerShell backdoor to target 60+ victims (bleepingcomputer.com)
Hijacking of Popular Minecraft Launcher by Rogue Developer Raises Malware Fears - IGN
URSNIF (aka Gozi) banking trojan morphs into backdoor • The Register
What is a RAT (Remote Access Trojan)? | Definition from TechTarget
Mobile
Internet of Things – IoT
Riskiest IoT Devices - Cameras, VoIP And Video Conferencing (informationsecuritybuzz.com)
Securing IoT devices against attacks that target critical infrastructure - Microsoft Security Blog
74% say connected cars and EV chargers need cyber security ratings | Ars Technica
Data Breaches/Leaks
The companies most likely to lose your data - Help Net Security
Fines are not enough! Data breach victims want better security - Help Net Security
Medibank hack turned into a data breach: The attackers are demanding money - Help Net Security
Mormon Church Hit By Cyber attack, Personal Data Exposed (informationsecuritybuzz.com)
Keystone Health Data Breach Impacts 235,000 Patients | SecurityWeek.Com
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
Client Data Exfiltrated In Advanced NHS cyber Attack (informationsecuritybuzz.com)
Australian Wine Dealer Suffers Data Breach, 500,000 Customers May Be (informationsecuritybuzz.com)
Advocate Aurora Health in potential 3 million patient leak • The Register
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Why Crypto Winter is No Excuse to Let Your Cyber Defences Falter (thehackernews.com)
North Korea’s Lazarus Group Attacks Japanese Crypto Firms - Decrypt
Coinbase users scammed out of $21M in crypto sue company for negligence | Ars Technica
SIM Swappers Sentenced to Prison for Hacking Accounts, Stealing Cryptocurrency | SecurityWeek.Com
Fraud, Scams & Financial Crime
Financial losses to synthetic identity-based fraud to double by 2024 | CSO Online
AI is Key to Tackling Money Mules and Disrupting Fraud: Industry Group | SecurityWeek.Com
Deepfakes
Deepfakes: What they are and how to spot them - Help Net Security
Phishing works so well crims won't use deepfakes: Sophos • The Register
Insurance
Supply Chain and Third Parties
Software Supply Chain
Software Supply Chain Attacks Soar 742% In Three Years (informationsecuritybuzz.com)
SBOMs: An Overhyped Concept That Won't Secure Your Software Supply Chain (darkreading.com)
Denial of Service DoS/DDoS
Cloud/SaaS
Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration (darkreading.com)
3 cloud security posture questions CISOs should answer (techtarget.com)
Attack Surface Management
Identity and Access Management
Encryption
API
Open Source
New security concerns for the open-source software supply chain - Help Net Security
Python vulnerability highlights open source security woes (techtarget.com)
3 Ways to Help Customers Defend Against Linux-Based Cyber attacks - MSSP Alert
OldGremlin hackers use Linux ransomware to attack Russian orgs (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Most People Still Reuse Their Passwords Despite Years Of Hacking (informationsecuritybuzz.com)
Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH | SecurityWeek.Com
Eight RTX 4090s Can Break Passwords in Under an Hour | Tom's Hardware (tomshardware.com)
Training, Education and Awareness
Security Awareness Urged to Grow Beyond Compliance (darkreading.com)
Raising cyber security awareness is good for everyone - but it needs to be done better | ZDNET
Millennials, Gen Z blamed for poor company security • The Register
Privacy, Surveillance and Mass Monitoring
Regulations, Fines and Legislation
Fines are not enough! Data breach victims want better security - Help Net Security
Fashion brand SHEIN fined $1.9m for lying about data breach – Naked Security (sophos.com)
New York fines EyeMed $4.5 million for 2020 email hack, data breach | SC Media (scmagazine.com)
Health insurer pays out $4.5m over bungled data security • The Register
Law Enforcement Action and Take Downs
INTERPOL-led Operation Takes Down 'Black Axe' Cyber Crime Organisation (thehackernews.com)
Law enforcement arrested 31 suspects for stealing cars by hacking key fobs - Security Affairs
Interpol is setting up its own metaverse to learn how to police the virtual world | Euronews
Brazilian Police Nab Suspected Member of Lapsus$ Group (darkreading.com)
Interpol Report: "Financial Crime-as-a-Service" an Emerging Threat - MSSP Alert
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ransomware Now Deployed as a Precursor to Physical War - MSSP Alert
US, China, Russia, more meet at Singapore infosec event • The Register
NSA cyber chief says Ukraine war is compelling more intelligence sharing with industry - CyberScoop
China-Linked Cyber-Espionage Team Homes In on Hong Kong Government Orgs (darkreading.com)
Microsoft Warns of Novel Ransomware Attacking Ukraine, Poland - MSSP Alert
Hackers target Asian casinos in lengthy cyber espionage campaign (bleepingcomputer.com)
Prestige ransomware hits victims of HermeticWiper • The Register
Pro-Russia Hackers DDoS Bulgarian Government - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors
Nation State Actors – Russia
Ukraine's cyber chief calls for global anti-fake news fight • The Register
German Cyber security Boss Sacked Over Kremlin Connection (darkreading.com)
New ransomware targets transportation sectors in Ukraine, Poland | SC Media (scmagazine.com)
Bulgaria hit by a cyber attack originating from Russia - Security Affairs
Nation State Actors – China
As China-Taiwan tensions mount, how's your cyber defence? • The Register
Chinese 'Spyder Loader' Malware Spotted Targeting Organisations in Hong Kong (thehackernews.com)
Hackers compromised Hong Kong govt agency network for a year (bleepingcomputer.com)
WIP19 Threat Group Cyber attacks Target IT Service Providers, Telcos - MSSP Alert
Nation State Actors – North Korea
Nation State Actors – Iran
Vulnerability Management
Vulnerabilities
45,654 VMware ESXi servers reached End of Life on Oct. 15 - Security Affairs
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware | Ars Technica
Text message verification flaws in your Windows Active Directory (bleepingcomputer.com)
Apache Commons Vulnerability: Patch but Don't Panic (darkreading.com)
Zoom for Mac patches sneaky “spy-on-me” bug – update now! – Naked Security (sophos.com)
ProxyLogon researcher details new Exchange Server flaws (techtarget.com)
Exploited Windows zero-day lets JavaScript files bypass security warnings (bleepingcomputer.com)
Dozen High-Severity Vulnerabilities Patched in F5 Products | SecurityWeek.Com
Oracle Releases 370 New Security Patches With October 2022 CPU | SecurityWeek.Com
Palo Alto Networks fixed a high-severity flaw in PAN-OS - Security Affairs
Hackers exploit critical VMware flaw to drop ransomware, miners (bleepingcomputer.com)
Zimbra Patches Under-Attack Code Execution Bug | SecurityWeek.Com
WordPress Security Update 6.0.3 Patches 16 Vulnerabilities | SecurityWeek.Com
Python vulnerability highlights open source security woes (techtarget.com)
Other News
Zero trust is misused in security, say Cloudflare, Zscaler - Protocol
Cyber professional shortfall hits 3.4 million (computerweekly.com)
VPN use prevails despite interest in VPN alternatives (techtarget.com)
JP Morgan Bans Staff From Working Remotely In Hotels and Coffee Shops-But Not Airbnbs | Inc.com
Experts discovered millions of .git folders exposed to public - Security Affairs
Microsoft Defender is lacking in offline detection capabilities, says AV-Comparatives | TechSpot
Internet connectivity worldwide impacted by severed fiber cables in France (bleepingcomputer.com)
UK's Remote Shetland Mysteriously Lose Phone, Internet After Cable Cut (businessinsider.com)
CISOs, rejoice! Security spending is increasing - Help Net Security
Equifax surveilled 1,000 remote workers, fired 24 found juggling two jobs | Ars Technica
NATO Just Deployed Its First Killer Ground Robot (futurism.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.