Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k

An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.

Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]

Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses

In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.

Source: [ITPro]

Employment Law Firm Sues IT Company Over Ransomware Attack

A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.

Source: [Law360]

Stolen Passwords are a Hacker Goldmine

Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.

Sources: [Bleeping Computer] [Axios] 

Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success

Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.

Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.

Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]

Business Leaders Don’t Even Know They’ve Been Hacked

A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.

Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.

Source: [Tech.Co]

Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms

According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.

Sources: [TechRadar] [Comms Business]

C-Suite Executives: An Attacker’s Dream?

Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.

Source: [SecurityBrief New Zealand]

Security Risks Plague SMEs in Shift to Remote Working

In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.

Source: [SecurityBrief New Zealand]

After Collecting $22 Million, Ransomware Group Stages FBI Takedown

The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.

Source: [Ars Technica]

Cyber Attacks Remain Chief Concern for Businesses

A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.

Source: [TheHRDirector]

Two New Ransomware Groups Join Forces to Launch Joint Attacks

Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.

Source: [The Hacker News]

Governance, Risk and Compliance

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• What Cyber Security Chiefs Need From Their CEOs (darkreading.com)

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)

• Are C-suite executives cyber security's weakest link? (securitybrief.co.nz

• 30 years of the CISO role – how things have changed since Steve Katz | CSO Online

• How to create an efficient governance control program - Help Net Security

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Cyber Insights 2024: A Dire Year for CISOs? - Security Week

• Cyber Pros’ Knowledge Gaps Lead to Errors | MSSP Alert

• Research finds that cyber security leaders are taking on multiple roles | Security Magazine

• How Security Leaders Can Break Down Barriers to Enable Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard

• What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)

• Banning ransomware payments back on the agenda | Computer Weekly

• BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)

• Inside an Alphv/BlackCat ransomware attack | TechTarget

• Healthcare facing record ransom as cyber criminals continue to target sector - Emerging Risks Media Ltd

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register

• Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (thehackernews.com)

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)

• Experts echo calls for ransomware ban as LockBit rallies • The Register

• Government urged to ban ransom payments to cyber criminals (computing.co.uk)

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Ransomware spikes against critical infrastructure, says FBI • The Register

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

• Government was third-largest ransomware target last year: FBI - Defense One

• JetBrains TeamCity under attack by ransomware thugs • The Register

Ransomware Victims

• A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica

• Change Healthcare hack cripples payment systems across health providers - The Washington Post

• Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED

• Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• Fidelity Investments Notifying 28,000 People of Data Breach - Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)

• Ransomware Attackers Leak Sensitive Swiss Government Documents, Login - Infosecurity Magazine (infosecurity-magazine.com)

• Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week

• Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)

• Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times

• Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• Action needed to avoid repeat of Southern Water cyber attack - Utility Week

Phishing & Email Based Attacks

• Phishing attacks up 40 percent in 2023 (betanews.com)

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• How attackers leverage social engineering for greater scamming success | CSO Online

• Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week

• Annual State of Email Security by the Numbers - Security Boulevard

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes - Help Net Security

• Kaspersky spam and phishing report for 2023 | Securelist

Other Social Engineering

• How attackers leverage social engineering for greater scamming success | CSO Online

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)

Artificial Intelligence

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• AI tools put companies at risk of data exfiltration - Help Net Security

• Don't Give Your Business Data to AI Companies (darkreading.com)

• Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Immediate AI risks and tomorrow's dangers - Help Net Security

• Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)

2FA/MFA

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

Malware

• No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)

• Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• New Linux malware found targeting mobile networks across the world | TechRadar

• ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)

• Malware is coming for your ChatGPT credentials • The Register

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

Mobile

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• Apple warns of increased iPhone security risks | Computerworld

• The Privacy Danger Lurking in Push Notifications | WIRED

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog

• The Importance of Cyber security for Your Smart Devices | HackerNoon

• Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)

Denial of Service/DoS/DDOS

• DDoS Attacks on Financial Services Industry Up 154%, According to New FS-ISAC/Akamai Report (prnewswire.com)

Internet of Things – IoT

• Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)

• Popular doorbell camera brands contain security flaws, making them easy to hack: Report  | The Hill

• NCSC flags up cyber security for connected places | UKAuthority

• The Importance of Cyber Security for Your Smart Devices | HackerNoon

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

• Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)

Data Breaches/Leaks

• The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)

• A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• AI tools put companies at risk of data exfiltration - Help Net Security

• 4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)

Organised Crime & Criminal Actors

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 2023 FBI Internet Crime Report reported cyber crime losses reached $12.5 billion in 2023 (securityaffairs.com)

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Crypto fraud in 2023: How can security teams fight (securityintelligence.com)

Insider Risk and Insider Threats

• Comms Business - Insider threat main concern among mid-market firms

• Current workforce trends feed into rising cyber security risks | TechRadar

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)

• Chinese engineer accused of stealing Google's GPU and TPU secrets, transferring them to China-based startups | Tom's Hardware (tomshardware.com)

Supply Chain and Third Parties

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

Cloud/SaaS

• 10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

Encryption

• Preparing for the post-quantum cryptography environment today | CSO Online

Linux and Open Source

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• Malware is coming for your ChatGPT credentials • The Register

• Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)

• Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)

• Poor Credential Hygiene - Security Boulevard

• US State AGs tell Meta to fix rampant account takeovers • The Register

Social Media

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

• IP address X-posure now a feature on Twitter • The Register

• “Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert

• Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED

• US State AGs tell Meta to fix rampant account takeovers • The Register

Training, Education and Awareness

• In the News | Equip and Educate Students to Combat Cyberthreats - Security Boulevard

Regulations, Fines and Legislation

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• EU council welcomes cyber solidarity act agreement (verdict.co.uk)

• The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)

• Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard

• Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security

Models, Frameworks and Standards

• NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CIS RAM (Risk Assessment Method) (cisecurity.org)

Data Protection

• Charity has 30 days to stop spamming thousands for donations • The Register

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

Careers, Working in Cyber and Information Security

• 11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)

• Cyber and gender | Professional Security

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Law Enforcement Action and Take Downs

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• A cyber criminal is sentenced, will it make a difference? - Help Net Security

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)

Misinformation, Disinformation and Propaganda

• Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC (bleepingcomputer.com)

• The man who tricked Nazi Germany: lessons from the past on how to beat disinformation | Books | The Guardian

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Cyber threats impacting the safety and dignity of civilians in conflict | International Committee of the Red Cross (icrc.org)

Nation State Actors

• Complete Guide to Advanced Persistent Threat (APT) Security - Security Boulevard

China

• Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru

• We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters

• Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

• Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex | AP News

Russia

• The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)

• A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)

• Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg

• Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian

• Ukraine intel says its hackers obtained Russian Defence Ministry's classified documents - Euromaidan Press

• Valuable Russian Military Documents Exposed: Report (newsweek.com)

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

North Korea

• Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• Hacktivist Collective NoName057(16) Strikes European Targets - Infosecurity Magazine (infosecurity-magazine.com)

• 'The Weirdest Trend in Cyber Security': Nation-States Returning to USBs (darkreading.com)

• Four internet cables cut in Red Sea in 'exceptionally rare' incident | Fortune

• Predator spyware endures even after widespread exposure, analysis shows | CyberScoop

Vulnerability Management

• Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Organisations are knowingly releasing vulnerable applications - Help Net Security

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

• Enhancing security through proactive patch management - Help Net Security

Vulnerabilities

• Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica

• CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog (securityaffairs.com)

• Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)

• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica

• VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)

• VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard

• Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week

• Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)

• Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week

Tools and Controls

• Why cyber maturity assessment should become standard practice - Help Net Security

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• What Is A Cyber Incident Response Policy? - Security Boulevard

• Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The critical role of DNS in cyber security and digital thriving | TechRadar

• 5 ways to keep API integrations secure - Help Net Security

• Reduce the Attack Surface | Dell USA

• What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)

Reports Published in the Last Week

• Kaspersky spam and phishing report for 2023 | Securelist

Other News

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• White Hats on Offensive Against Black Hat Hackers: Report (technewsworld.com)

• UK altnets call for action after attacks on fibre infrastructure | Computer Weekly

• Securing the future: Addressing cyber security challenges in the education sector - Help Net Security

• The 3 most common post-compromise tactics on network infrastructure (talosintelligence.com)

• What is Micro Breaching? - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Risk-based spending: An Imperative for Cyber Security That Demands Board Attention

Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.

Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.

Sources: [Security Week] [The Hacker News] [Risk.net]

If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks

Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.

Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]

Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business

Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.

Sources: [Information Week] [Security Boulevard]

Why Governance, Risk and Compliance Must be Integrated with Cyber Security

With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.

Source: [CSO Online]

More and More UK Firms Concerned About Insider Threats

A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.

Source: [Infosecurity Magazine]

98% of Businesses Linked to Breached Third Parties

A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.

Source: [Help Net Security]

Phishing, Smishing and Vishing Skyrocket 1,265%

According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.

A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.

Source: [Bleeping Computer] [Help Net Security] [Security Affairs]

Business Email Compromise Attacks Are Evolving, But What Can Be Done About It

Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.

Source: [ITPro]

Vulnerabilities Count Set to Rise by 25% in 2024

The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.

Source: [Help Net Security]

BYOD Increases Mobile Phishing; Risks Have Never Been Higher

The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.

Source: [MSSP Alert]

What Companies Should Know About Rising Legal Threats

The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.

Source: [Darkreading]

CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments

As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.

This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.

Sources: [CyberScoop] [CIO]

Governance, Risk and Compliance

• Why governance, risk, and compliance must be integrated with cyber security | CSO Online

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)

• Beating the drum on cyber risk: the battle for boardroom attention - Risk.net

• What is cyber hygiene and why businesses should know about it - Security Boulevard

• Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard

• What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)

• Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)

• Essential Guide To Information Security Compliance (informationsecuritybuzz.com)

• Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)

• The CISO: 2024’s Most Important C-Suite Officer (forbes.com)

• UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)

• How to Prioritize Cyber Security Spending: A Risk-Based Strategy for the Highest ROI (thehackernews.com)

• Cyber security 'blind spot' leaves businesses exposed - Accountancy Age

• MTTR: The Most Important Security Metric (darkreading.com)

• Building Your Cyber Incident Response Team - Security Boulevard

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• AWS on why CISOs should track 'the metric of no' | TechTarget

• 2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar

Threats

Ransomware, Extortion and Destructive Attacks

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• If you pay ransom, you may not get your data back and worse, you probably WILL get hit again – Cybereason Survey (databreaches.net)

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying - Infosecurity Magazine (infosecurity-magazine.com)

• 69% of Organisations Infected by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)

• What CISOs Need To Know About The Lockbit Takedown - Security Boulevard

• Ransomware crews lean into infostealers for initial access • The Register

• 78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Do ransomware attackers keep their word? - TechCentral.ie

• What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg

• Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)

• FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)

• What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future

• 3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)

• What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)

• Cyber criminals follow the money to hit manufacturing sector • The Register

• Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)

Ransomware Victims

• Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED

• LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week

• Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)

• Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)

• Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)

• Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie

• Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)

• German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week

• US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)

• MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)

Phishing & Email Based Attacks

• European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar

• Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)

• Unmasking 2024's Email Security Landscape (securityaffairs.com)

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot

Other Social Engineering

• Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security

• The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard

• Registrars can now block all domains that resemble brand names (bleepingcomputer.com)

• How to stay safe from cyber criminal "quishing" attacks | TechRadar

• Scammers Often Rely on This Psychological Trick | TIME

Artificial Intelligence

• Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune

• AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• AI in cyber security presents a complex duality - Help Net Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)

• Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

• BEAST AI attack can break LLM guardrails in a minute • The Register

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

Malware

• Ransomware crews lean into infostealers for initial access • The Register

• BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security

• New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)

• GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica

• Pikabot returns with new tricks up its sleeve - Help Net Security

• TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Cloud-focused malware campaigns on the increase (betanews.com)

• Hackers are infecting Macs with malware using calendar invites and meeting links | Tom's Guide (tomsguide.com)

• New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)

Mobile

• BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert

• Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)

• Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)

Denial of Service/DoS/DDOS

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• DDoS attacks against web apps and APIs surge (betanews.com)

Internet of Things – IoT

• Half of IT Leaders Identify IoT as Security Weak Point - Infosecurity Magazine (infosecurity-magazine.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

Data Breaches/Leaks

• U-Haul says 67K customers' data was stolen in cyber attack • The Register

• Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar

Organised Crime & Criminal Actors

• Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista

• 8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)

• It’s only February and cyber crime is already running rampant (techinformed.com)

• Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)

• How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert

• Lookout Discovers Advanced Phishing Kit Targeting US Federal Agency and Cryptocurrency Exchange Organisations | Business Wire

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

Insider Risk and Insider Threats

• US man accused of making $1.8m from listening in on wife’s remote work calls | Securities and Exchange Commission | The Guardian

• Are remote workers at greater risk of cyber security threats? | TechRadar

• Over Half of UK Firms Concerned About Insider Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding employees' motivations behind risky actions - Help Net Security

• The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)

Insurance

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• A Cyber Insurance Backstop - Schneier on Security

Supply Chain and Third Parties

• New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)

• 98% of businesses linked to breached third parties - Help Net Security

Cloud/SaaS

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• CIOs rethink all-in cloud strategies | CIO

• Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security

• Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert

• Cloud-focused malware campaigns on the increase (betanews.com)

Identity and Access Management

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)

Linux and Open Source

• From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

Social Media

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

Malvertising

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

• Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)

Training, Education and Awareness

• Cyber awareness education is a change-management initiative | CSO Online

• Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)

• 4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)

• Creating a cyber security training curriculum for SMBs and MSPs | TechRadar

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

Regulations, Fines and Legislation

• 81% of security leaders predict SEC rules will impact their businesses | Security Magazine

• Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)

• Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard

• NIST Publishes Final “Cyber Security Resource Guide” on Implementing the HIPAA Security Rule | Foley & Lardner LLP - JDSupra

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Backup and Recovery

• MTTR: The Most Important Security Metric (darkreading.com)

Models, Frameworks and Standards

• NIST CSF 2.0 released, to help all organisations, not just those in critical infrastructure - Help Net Security

• NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert

• Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)

• Preparing for the NIS2 Directive - Help Net Security

Data Protection

• UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update

• Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)

• Rights groups file GDPR suits on Meta's pay-or-consent model • The Register

• UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• A Perfect Cyber Storm is Leading to Burnout | Network Computing

• The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)

• Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard

Law Enforcement Action and Take Downs

• Is the LockBit gang resuming its operation? (securityaffairs.com)

• Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• US leading global alliance to counter foreign government disinformation | Cyberwar | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 15 Countries with Cyber Warfare Capabilities (yahoo.com)

• Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review

• When Hackers Are Hacked, A Chinese Spy Story - Worldcrunch

• Chinese Cyber Attacks:A 12-month Outlook (greydynamics.com)

• Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)

• The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)

• Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)

• The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED

• Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

Russia

• Two Years On: How Ukraine's Cyber Warfront Is Redefining Global Cyber Security Strategies | HackerNoon

• Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica

• Five Eyes nations warn of evolving Russian cyberespionage practices targeting cloud environments | CyberScoop

• Russia may have just carried out its first direct action against the West (yahoo.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)

• Ukraine signs security deals with Western allies to help counter Russian cyber attacks (therecord.media)

• Russia cyber spies behind SolarWinds breach adopting new tactics, warn Five Eyes agencies (therecord.media)

• Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)

• Putin's AI threat to democracy: Russian spies 'have developed artificial intelligence cyber tool to spread disinformation and meddle in elections across the West' | Daily Mail Online

• Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

• Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)

• Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)

• Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (therecord.media)

• Beijing Silent Over Russia's Reported War-Gaming of China Invasion

• Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)

• How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED

Iran

• Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defence Sectors (thehackernews.com)

North Korea

• North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)

• Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)

Vulnerability Management

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• CVE count set to rise by 25% in 2024 - Help Net Security

• Most Commercial Code Contains High-Risk Open Source Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• The rising threat of zero-day attacks | Security Magazine

Vulnerabilities

• Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities (trendmicro.com)

• Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)

• Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)

• Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week

• CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)

• Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)

• One of Apple's best iOS productivity tools had a pretty concerning security flaw, so patch now | TechRadar

• Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week

• Meta Patches Facebook Account Takeover Vulnerability - Security Week

• MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)

• Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)

• Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop

• Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)

Tools and Controls

• The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week

• Cyber awareness education is a change-management initiative | CSO Online

• Why Cyber Security Must Include Protective DNS (hyas.com)

• Championing ethical hackers: a vital defence for the financial industry during turbulent times (finextra.com)

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)

• How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard

• APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)

• Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management (thehackernews.com)

• How organisations can navigate identity security risks in 2024 - Help Net Security

• MTTR: The Most Important Security Metric (darkreading.com)

• 9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)

• Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week

• Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)

• Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)

Reports Published in the Last Week

• A Comparative Study on Cyber Risk: Business vs. Security Perspectives (inforisktoday.com)

• Cyber threat landscape report | Professional Security

• Email Security in 2024: An Expert Look at Email-Based Threats - VIPRE

Other News

• Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)

• IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)

• It's time to stop trusting your antivirus software | Digital Trends

• Three new advanced threat groups targeted industrial organisations last year | CSO Online

• What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard

• Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)

• Why Health Care Is Top Target for Cyber Criminals (govtech.com)

• RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)

• Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Despite Recent NCA and FBI Disruptions, a Rise in Ransomware Means 2024 Will be a Volatile Year for Cyber Security

There has been a lot of high profile coverage this week of the infamous and prolific LockBit gang’s infrastructure having been seized by law enforcement following an international Police operation led by the UK’s National Crime Agency. Whilst the international operation shows the seriousness of the matter, and the success of the operation should be celebrated, those celebrations should be muted and organisations should not become lax. Like the Hydra of Greek mythology, when one head disappears, a few more appear in its place. Ransomware really is a case of if, not when, and your organisation needs to be prepared.

Further, a recent threat report has found that the median ransom demand rose by 20% year on year, hitting an average of $600,000 and it is expected that 2024 will be even more volatile. Ransomware groups are expanding their target lists and exploring new pressure tactics in response to increasingly effective law enforcement efforts, and this is coupled with the increasing regulatory impact on organisations.

Sources: [Sky News] [GOV Infosecurity] [Bleeping Computer] [Infosecurity Magazine] [Cyber Reason]

The Old, Not the New: Basic Security Issues Still the Biggest Threat to Enterprises

In the latest IBM X-Force Threat Intelligence Index, it was revealed that basic security issues remain the most significant threat to enterprises. Cyber criminals are increasingly turning to credential stuffing, using and exploiting valid accounts harvested from the darkweb and previous breaches, with a 266% uptick in info-stealing malware. This tactic is harder to detect and elicits a costly response from enterprises. On the other hand, it is also important to adopt an attacker mindset for effective security. Understanding the attacker’s tools, motives, and efforts can help in limiting access, compartmentalising the impact of any successful attack, and minimising the time to attack detection. In essence, while organisations continue to grapple with complex cyber threats, the biggest security problem boils down to the basic and the already known. Therefore, it is crucial to focus on strengthening basic security measures and thinking like an attacker to proactively mitigate the risk for a more secure attack surface.

Source: [Help Net Security] [Forbes]

Reevaluating Your Cyber Security Priorities

Both technology and cyber criminals are evolving, yet many companies and organisations are not. For many corporate leaders, they may not know where to begin. Organisations looking to evolve their cyber security posture should look to elevate cyber to the C-suite and board, conduct audits of their sensitive information, create or update and test their incident response plan and finally, revisit their cyber hygiene training to ensure it is doing more than just ticking boxes. Organisations doing the above will find themselves improving their cyber security posture, and mitigating their risk to threats.

Source: [Dark Reading]

Cyber Threat Environment at its Most Dangerous for SMBs, as Geopolitical Tenison, Extortion and Attacks Present Biggest Risks

A new study has found that extortion campaigns, geopolitical threats, and attacks on small and medium-sized businesses (SMBs) are amongst the greatest threats to cyber security defences currently. The report, conducted by Mimecast, highlights how individual ransom groups have claimed over 1,000 victims and over $300 million in payments. Regarding SMBs, the report found that these businesses encountered twice the normal number of threats, at over 30 threats per user, as compared to larger companies who saw approximately 15. Not only are SMBs at more risk, but they also do not have the same resources a large company would have to mitigate such threats. SMBs must be efficient in the way they prioritise and address their cyber risk as part of their larger risk management strategy.

Sources: [Emerging Risks] [The HR Director]

Legal Sector Grows as a Target, with Cyber Attacks on Law Firms Surging by Over a Third

A new report has found that the number of reported cyber breaches on UK law firms has increased 30% from the previous year, as attackers increasingly target the profession. As a note, this does not include firms who may be unaware that they have been breached. Law firms are an attractive target to attackers due to the sensitive information such as M&A activity, divorce information and big ticket litigation; many attackers believe that law firms will pay handsomely to have this data back.

Sources: [Emerging Risks] [Legal Cheek]

It’s Not Only Ransomware Seeing Huge Rises: Business Email Compromise (BEC) Attacks are Also Seeing a Huge Rise. Is Your Business Prepared?

A recent report found that business email compromise (BEC) saw a staggering increase of 10 time the amount compared to the previous year. BEC involves a genuine business email account being compromised by a threat actor; this could be your supplier, a client, or anyone you have legitimate contact with. With such an increase, organisations must consider if they would be able to spot and mitigate BEC in their corporate environment through robust operational controls such as callback procedures for example. Due to the rise in deep fake fraud with voice cloning and video, the efficacy of traditional safeguards such as callbacks are not providing the assurance they once did. Firms and employees need to be on their guard to these changing tactics to safeguard the business.

Source: [TechRadar]

Deepfake Phishing Grew by 3,000% in 2023, and it’s Just the Beginning

Phishing remains one of the most prevalent cyber security threats, and with the emergence of artificial intelligence it is only going to carry on getting worse. According to a recent report, the number of deepfake fraud attempts rose by 3,000%. In one instance, the CEO of an energy enterprise sent €220,000 to a supplier after getting a call from the parent company’s leader requesting the exchange; the call was a deepfake.

Source: [HackerNoon]

Cyber Attacks are Getting Faster, More Common and More Successful, Although Detection is More Advanced Than Ever. New Report Signals the Threats to Businesses, Supply Chains, and Democracy

A recent report from CrowdStrike sheds light on the increasing speed and sophistication of cyber attacks. Breakout times have plummeted to an average of 62 minutes, with a record time of just two minutes and seven seconds observed. Hackers are now targeting the cloud, exploiting its vulnerabilities and leveraging AI assistance to escalate attacks. The human factor remains a primary entry point for threat actors, with social engineering and phishing campaigns on the rise. As organisations transition to the cloud, threat actors follow suit, with cloud intrusions soaring by 75%. CrowdStrike warns of state-sponsored adversaries targeting critical elections, emphasising the need for a platform-based approach bolstered by threat intelligence to safeguard against evolving threats.

Source: [TechRadar]

Report Finds Malicious Emails Bypassing Secure Email Gateways Rose by 105%

A report by Cofense has found a 105% increase in malicious emails that successfully bypassed Secure Email Gateways (SEGs), with approximately one malicious email navigating their way past SEGs every 57 seconds. The report suggests that phishing efforts are outpacing that of SEGs, and such phishing efforts are responsible for 90% of data breaches. Whilst SEGs may be filtering out a number of malicious emails, they, like everything in cyber security, are not a silver bullet. Organisations should not fall foul of believing that they are impenetrable because they have a SEG.

Sources: [SiliconANGLE] [Security Magazine] [Help Net Security]

Rising Cyber Threats Identified as Major Business Risk for 2024

In the latest Allianz risk barometer, cyber incidents have been identified as the most significant concern for companies globally in 2024. This is particularly true for remote desktop connections, which have become a prime target for cyber attacks since the shift to a work-from-home environment. The report also highlights that the risk landscape is being shaped by digitalisation, climate change, and geopolitical uncertainties. Meanwhile, a report from Coalition reveals that the cyber attack surface has expanded due to new ways of working. The report found that smaller businesses often lack the resources to prepare for a wide range of risk scenarios, which can lead to longer recovery times after an unexpected incident. These findings underscore the importance of robust cyber security measures and the need for continuous monitoring and improvement of an organisation’s digital defences.

Sources: [Reinsurance News] [Allianz]

Huge Cyber Security Leak Lifts the Lid on China’s Hackers for Hire

A huge leak of data from a Chinese cyber security firm, iSoon, has revealed state security agents paying tens of thousands of pounds to harvest data on targets, including the likes of foreign governments, and the leak shows this has been going on for years. Since the release, CrowdStrike has drawn overlaps between the firm and multiple known Chinese threat actors who are well resourced and conduct attacks over an extended period (referred to as advanced persistent threats, APTs). Among some of the 500 leaked documents are product manuals, lists of clients and employees, and WeChat instant messages. The leaks show over 14 governments have been attacked, as well as gambling and telecommunications companies.

Sources: [Dark Reading] [The Guardian]

Fifth of British Kids Have Broken the Law Online

In a recent study by the UK National Crime Agency (NCA), one in five children aged 10 to 16 have engaged in online offences with the figure rising to 25% among online gamers. These "low-level" cyber crimes, such as attempting to access protected servers or launching distributed denial of service (DDoS) attacks, may not be perceived by young individuals as violating the Computer Misuse Act. The consequences, however, are severe, including potential arrest, criminal records, and restrictions on future opportunities. The NCA stresses the importance of educating both children and adults about the legal and ethical implications of such actions, highlighting the transition from minor offences to more serious cyber crimes. With a significant shortage of cyber security professionals globally, fostering positive digital skills among young individuals is crucial for meeting industry demands and deterring cyber crime. Parents, teachers, and children are encouraged to explore resources provided by the NCA's Cyber Choices website to prevent inadvertent involvement in illegal online activities.

Source: [Infosecurity Magazine]

Over 40% of Firms Struggle with Cyber Security Talent Shortage

A recent report from Kaspersky has unveiled a critical global challenge: over 40% of companies are struggling to fill essential cyber security roles, with information security research and malware analysis roles particularly affected. This scarcity is felt most acutely in Europe and Latin America. Roles within security operations centres (SOCs) and network security are also understaffed, with figures around 35% and 33% respectively. The government sector faces the most significant demand for cyber security experts, followed closely by the telecoms and media sectors. While efforts like offering competitive salaries and enhanced training are underway, the gap persists due to the rapid pace of technological advancement outstripping educational initiatives. The report emphasises the need for innovative solutions to bridge this shortfall, highlighting recruitment, training, and technological advancements as key components of a comprehensive strategy to bolster cyber security resilience in the face of evolving threats.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever | TechRadar

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• Cyber security professionals admit “knowledge gaps” have led to serious security blunders | ITPro

• The old, not the new: Basic security issues still biggest threat to enterprises - Help Net Security

• Cyber threat environment more dangerous then ever - Mimecast (emergingrisks.co.uk)

• Over two-thirds of IT security decision-makers report an increase in cyber security budgets for 2024 | IT Reseller Magazine (itrportal.com)

• Geopolitical tension, extortion and attacks present biggest cyber security risks | theHRD (thehrdirector.com)

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Barracuda report highlights rise of high-risk business security threats in 2023 (securitybrief.co.nz)

• Coalition report reveals rising cyber threats amidst business vulnerabilities - Reinsurance News

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• Thinking Like An Attacker—Another Look At Enterprise Security (forbes.com)

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• The evolution of the CISO - Compare the Cloud

• How CISOs Balance Business Growth, Security in Cyber Threat Landscape (darkreading.com)

• Allianz Risk Barometer: Identifying the major business risks for 2024

• How to mitigate C-Suite cyber risks | Professional Security

• Why cyber security can boost organisational innovation | TechRadar

• 4 Key Steps to Reevaluate Your Cyber Security Priorities (darkreading.com)

• Cyber security success -- elevate your defence against cyber threats (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Ransom demands surge by 20% in 2023, hitting key industries hardest - SiliconANGLE

• Police arrests LockBit ransomware members, release decryptor in global crackdown (bleepingcomputer.com)

• LockBit takedown is a “huge win for law enforcement”, but let’s not celebrate too soon, security experts warn | ITPro

• LockBit Attempts to Stay Afloat with a New Version (trendmicro.com)

• LockBit registered nearly 200 "affiliates" over the past two years | TechRadar

• 2024 will be a volatile year for cyber security as ransomware groups evolve - Help Net Security

• Ransomware Experts See Problems With Banning Ransom Payments (govinfosecurity.com)

• Initial Ransomware Demands Jump 20% to $600,000 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: True Cost to Business 2024 (cybereason.com)

• Ransomware and BEC are seeing a huge rise — is your business ready? | TechRadar

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• 3 trends set to drive cyber attacks and ransomware in 2024 | World Economic Forum (weforum.org)

• Year-over-year, the median initial ransom has risen by 20% | Security Magazine

• Alpha ransomware linked to NetWalker operation dismantled in 2021 (bleepingcomputer.com)

• Why are ransomware gangs making so much money? | TechCrunch

• Akira Ransomware Exploiting Cisco Anyconnect Vulnerability (gbhackers.com)

• Knight ransomware source code for sale after leak site shuts down (bleepingcomputer.com)

• Exclusive: eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• Why some cyber attacks hit harder than others - BBC News

• Report: Manufacturing bears the brunt of industrial ransomware | CyberScoop

Ransomware Victims

• eSentire Confirms Rhysida Ransomware Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Why some cyber attacks hit harder than others - BBC News

• ALPHV ransomware claims loanDepot, Prudential Financial breaches (bleepingcomputer.com)

• Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric (securityaffairs.com)

• Dead Man's Fingers maker cuts over 500 jobs and enters the red after cyber attack hits sales (cityam.com)

• 147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom | NL Times

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

Phishing & Email Based Attacks

• New report warns of ongoing rise of malicious emails bypassing secure email gateways - SiliconANGLE

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• The phishing bait you're most likely to take (betanews.com)

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• SMBs at Risk From SendGrid-Focused Phishing Tactics - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• What ‘psychological warfare’ tactics do scammers use, and how can you protect yourself? (theconversation.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• What Is Social Engineering? Types Of Attacks To Beware Of (forbes.com)

Artificial Intelligence

• AI models can be weaponized to hack websites on their own • The Register

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Deepfake Phishing Grew by 3,000% in 2023 — And It's Just Beginning | HackerNoon

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• As adversaries harness AI, tech firms peer through chat logs to catch them - Defense One

• Here Comes the Flood of AI-Generated Clickbait | WIRED

• Air Canada Has to Honor a Refund Policy Its Chatbot Made Up | WIRED

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Employees input sensitive data into generative AI tools despite the risks | ZDNET

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Gartner: Three top trends in cyber security for 2024 | Computer Weekly

• Global AI Regulatory Update - Lexology

Malware

• PDF Malware on the Rise, Used to Spread WikiLoader, Ursnif and DarkGat - Infosecurity Magazine (infosecurity-magazine.com)

• FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty (thehackernews.com)

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• Anatsa Android malware downloaded 150,000 times via Google Play (bleepingcomputer.com)

• 'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers (darkreading.com)

• What are Botnets and Why are MSSPs So Concerned? | MSSP Alert

• New SSH-Snake malware steals SSH keys to spread across the network (bleepingcomputer.com)

• Ransomware Declines as InfoStealers and AI Threats Gain Ground: IBM X-Force - SecurityWeek

• Your Mac Is Not Virus Proof. It Never Has Been. (gizmodo.com)

• Click: Your innocent mouse could be a cyber criminal's silent weapon - Digital Journal

• Vibrator virus steals your personal information | Malwarebytes

Mobile

• Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices (thehackernews.com)

• New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe (darkreading.com)

• Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks | Tom's Hardware (tomshardware.com)

• VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (bleepingcomputer.com)

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

Denial of Service/DoS/DDOS

• Cyber attacks in Malta, Hungary, Ukraine, Bosnia are a 'wake-up call', IPI warns (timesofmalta.com)

• Average DDoS attack cost businesses £325,000 in 2023, according to new Zayo data | IT Reseller Magazine (itrportal.com)

• Top UK Universities Recovering Following Targeted DDoS Attack - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• 'Anywhere there's a camera, now there's a risk': Billions of users at risk of Peeping Toms — scientists devise incredibly simple eavesdropping system costing only a few hundred dollars | TechRadar

• Wyze camera glitch gave 13,000 users a peek into other homes (bleepingcomputer.com)

• As Cyber attacks Ramp Up, Electric Vehicles Are Vulnerable (autoweek.com)

• Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire | Tom's Hardware (tomshardware.com)

• Is new technology making cars less secure? - Verdict

Data Breaches/Leaks

• Bank of America Suffers Massive Data Breach, Exposing Social Security Numbers, Addresses and Additional Sensitive Data To Hackers - The Daily Hodl

• Infosys subsidiary named as source of Bank of America leak • The Register

• Why Data Breaches Spiked in 2023 (hbr.org)

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• UK council's sneaky insider steals 79k email addresses • The Register

• Eye Care Services Firm Faces Lawsuit Over Data Breach Impacting 2.3 Million - SecurityWeek

Cyber Crime General & Criminal Actors

• Fifth of British Kids Have Broken the Law Online - Infosecurity Magazine (infosecurity-magazine.com)

• Despite Knowing Risks, Brits Continue to Expose Themselves to Cyber Criminals Finds IDnow | The Fintech Times

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cyber Criminals Are Employing New Tactics To Launder Money, Warns Report - Benzinga

Insider Risk and Insider Threats

• UK council's sneaky insider steals 79k email addresses • The Register

Insurance

• Personal cyber insurance nascent but growing in demand as digital crimes increase - Victoria Times Colonist

• Insurers Use Claims Data to Recommend Cyber Security Technologies (darkreading.com)

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• What is Cyber Insurance and Does Your Small Business Need It? (smallbiztrends.com)

Supply Chain and Third Parties

• Infosys subsidiary named as source of Bank of America leak • The Register

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

Cloud/SaaS

• 2024 CrowdStrike Global Threat Report: From Breakout to Breach in Under Three Minutes; Cloud Infrastructure Under Attack | Business Wire

• Cyber security report reveals 75% spike in cloud attacks (securitybrief.co.nz)

• Cyber security fears drive a return to on-premise infrastructure from cloud computing - Help Net Security

• Massive Cloud Database Leak Exposes 380 Million Records (hackread.com)

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Cyber attacks follow businesses to the cloud (betanews.com)

• Six steps for stronger cloud security | SC Media (scmagazine.com)

Identity and Access Management

• Why identity fraud costs organisations millions - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

Encryption

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

Linux and Open Source

• New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hackers using stolen credentials to launch attacks as info-stealing peaks | CSO Online

• How to proactively prevent password-spray attacks on legacy email accounts | CSO Online

Social Media

• EU Watchdog Urged to Reject Meta 'Pay for Privacy' Scheme - SecurityWeek

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• 76% of Super Bowl Traffic From Elon Musk's X to Advertisers Could Be Fake (thewrap.com)

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• European Union deepens its investigation of TikTok • The Register

Training, Education and Awareness

• People cannot be patched (betanews.com)

Regulations, Fines and Legislation

• European Court of Human Rights rules against government backdoors in end-to-end encryption - Neowin

• Hedge Funds Warn SEC Cyber Lapses Risk Exposing Trading Secrets (bloomberglaw.com)

• One Year After the Colonial Pipeline Attack, Regulation Is Still a Problem (securityintelligence.com)

• 7 Ways Companies’ Cyber Related Governance Disclosures Will Evolve Post-SEC Rule Change (harvard.edu)

• European Union deepens its investigation of TikTok • The Register

• Decoding DORA: Navigating the digital regulatory landscape | World Finance

• 81 Percent of Security Leaders Say SEC Cyber Security Rules Will Substantially Impact Their Business | Business Wire

• FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus (404media.co)

• Avast settles claims of customer data peddling for $17M • The Register

• Global AI Regulatory Update - Lexology

Careers, Working in Cyber and Information Security

• Over 40% of Firms Struggle With Cyber Security Talent Shortage - Infosecurity Magazine (infosecurity-magazine.com)

• The Psychology of Cyber Security Burnout (informationweek.com)

• How can we adapt work practices to protect CISO mental health? | Computer Weekly

Misinformation, Disinformation and Propaganda

• Feds deliver stark warnings to state election officials ahead of November - Iowa Capital Dispatch

• UK election cyber attack warning after Putin's hackers target US (inews.co.uk)

• Social Media Platforms Are in an ‘Information Trafficking Business’: Cyber Security Adviser | NTD

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• Election security threats in 2024 range from AI to … anthrax • The Register

• 76 percent of Super Bowl LVIII traffic from Twitter dubbed 'fake' (awfulannouncing.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Countries fear state-sponsored cyber war | The World from PRX

• Cyberwar: What Is It Good For? - GovInfoSecurity

Nation State Actors

• Cyber attacks are getting faster, more common and more successful, even though detection is more advanced than ever — new report signals the threats to businesses, supply chains, and democracy | TechRadar

• Countries fear state-sponsored cyber war | The World from PRX

• How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities (thehackernews.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Pharmacy Delays Across US Blamed on Nation-State Hackers (darkreading.com)

China

• In the evolving cyberwar, China aims to take down our critical infrastructure | SC Media (scmagazine.com)

• 'Major Chinese hack' on Foreign Office urgently investigated by UK spies (inews.co.uk)

• Leaked Chinese Hacking Files Reveal How Compromised the US Could Be (businessinsider.com)

• iSoon's Secret APT Status Exposes China's Foreign Hacking Machination (darkreading.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• China’s Cyber Security and Statecraft – The Diplomat

• Elon Musk’s X allows China-based propaganda banned on other platforms | Ars Technica

• China’s Spy Agency Sees Threats Everywhere in Data Security Push - Bloomberg

Russia

• FBI disrupts hacking network 'linked to Russian intelligence services' | US News | Sky News

• Russian APT 'Winter Vivern' Targets European Governments, Military (darkreading.com)

• Russian Cyber attackers Launch Multiphase PsyOps Campaign (darkreading.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers | Tom's Hardware (tomshardware.com)

• NHS hospitals ‘easy targets’ for Russian hackers (thetimes.co.uk)

• Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign (recordedfuture.com)

• Generative AI and elections are key focus for hackers in 2024, report warns | Evening Standard

• Russian Turla Cyber Spies Target Polish NGOs With New Backdoor - SecurityWeek

• Russian-Aligned Network Doppelgänger Targets German Elections - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (thehackernews.com)

• NATO's chief information officer on what Ukraine did right in its cyberwar with Russia (therecord.media)

• Russian Government Software Backdoored to Deploy Konni RAT Malware (thehackernews.com)

• Three terms sure to grab attention: Russia, nuclear, anti-satellite weapon | Ars Technica

Iran

• Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor (thehackernews.com)

• Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops (darkreading.com)

• Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative (thehackernews.com)

• Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets (darkreading.com)

• Israeli Aircraft Survive “Cyber Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• ChatGPT Used by North Korean Hackers to Scam LinkedIn Users (tech.co)

• North Korean hackers linked to defence sector supply-chain attack (bleepingcomputer.com)

• North Koreans using ChatGPT to scam LinkedIn users; "attacks are getting very sophisticated" - MSPoweruser

• Russian Government Software Backdoored to Deploy North Korean Konni RAT Malware (thehackernews.com)

Vulnerability Management

• CVEs expected to increase 25% in 2024 | Security Magazine

• Coalition: Vulnerability scoring systems falling short | TechTarget

Vulnerabilities

• Ransomware Warning as CVSS 10.0 ConnectWise ScreenConnect Bug is Exploited - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns | SC Media (scmagazine.com)

• Exploiting critical ConnectWise bug is 'embarrassingly easy' • The Register

• Akira Ransomware Exploiting Cisco AnyConnect Vulnerability (gbhackers.com)

• New Ivanti Vulnerability Observed as Widespread Security Concerns Grow - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers (securityaffairs.com)

• VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (thehackernews.com)

• VMware issues no-patch advisory for critical flaw in old SSO plugin | SC Media (scmagazine.com)

• Russian-Linked Hackers Target 80+ Organisations via Roundcube Flaws (thehackernews.com)

• ESET fixed high-severity local privilege escalation bug in Windows products (securityaffairs.com)

• SolarWinds addressed critical RCEs in Access Rights Manager (securityaffairs.com)

• Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities - SecurityWeek

• Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking (darkreading.com)

• Joomla XSS Bugs Open Millions of Websites to RCE (darkreading.com)

• Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft (darkreading.com)

• Urgent patches available for QNAP vulnerabilities, one 0-day • The Register

• Hackers exploit critical RCE flaw in Bricks WordPress site builder (bleepingcomputer.com)

Tools and Controls

• Secure email gateways struggle to keep pace with sophisticated phishing campaigns - Help Net Security

• NCSC Sounds Alarm Over Private Branch Exchange Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Stuck in cyber attack nightmare? Call the negotiators (techxplore.com)

• New Google Chrome feature blocks attacks against home networks (bleepingcomputer.com)

• How Businesses Can Safeguard Their Communication Channels Against Hackers (thehackernews.com)

• Limiting remote access exposure in hybrid work environments | CSO Online

• Cyber Insurance Needs to Evolve to Ensure Greater Benefit (darkreading.com)

• The double-edged sword of zero trust - Help Net Security

• Orgs are having a major identity crisis • The Register

• Active Directory outages can cost organisations $100,000 per day - Help Net Security

• SOC Landscapes: Insights from SANS' 2023 SOC Report (trendmicro.com)

• 36% of code generated by GitHub CoPilot contains security flaws - Help Net Security

• Microsoft expands free logging capabilities after May breach (bleepingcomputer.com)

• Why ransomware gangs love using RMM tools—and how to stop them | Malwarebytes

• People cannot be patched (betanews.com)

• “Ruthlessly prioritize what’s critical”: Check Point expert on CISOs and the evolving attack surface | ITPro

Reports Published in the Last Week

• VIPRE report predicts 276% rise in malware in 2024 (securitybrief.co.nz)

• CrowdStrike 2024 Global Threat Report | CrowdStrike

• IBM XForce Threat Intelligence Index 2024.pdf

• Cyber Threat Index 2024: Scans, Honeypots, and CVEs  (coalitioninc.com)

Other News

• Israeli Aircraft Survive “Cyber-Hijacking” Attempts - Infosecurity Magazine (infosecurity-magazine.com)

• The Power Sector’s High-Stakes Battle for Cyber-Resiliency (powermag.com)

• Ways to elevate public sector cyber security | Professional Security

• Increasing Europe's cyber resilience - government.lu (gouvernement.lu)

• Industries most targeted by active adversaries | SC Media (scmagazine.com)

• Library Cyber Defences Are Falling Down (darkreading.com)

• How conveyancers can protect themselves against a cyber attack | Today's Conveyancer (todaysconveyancer.co.uk)

• US govt shares cyber attack defence tips for water utilities (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• 15 Million Public-Facing Services Vulnerable to Known Exploited Vulnerabilities

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalogue. The findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA's KEV catalogue as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.

Over half of those 7 million instances were vulnerable to one of the 137 CVEs concerning Microsoft Windows, making this component a top priority for defenders and an excellent target for attackers. Almost half of those are over five years old, so roughly 800,000 machines have not applied security updates for a significant period of time.

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD

New research has highlighted the increased threats associated with remote work and bring your own device (BYOD) policies faced by organisations. The results of the survey show that with remote and hybrid working, personal and work tasks blur together and the boundaries between the two have become more porous. The data shows that 32% of remote and hybrid workers use apps or software not approved by IT and 92% of remote employees perform work tasks on their personal tablet or smartphone devices. These devices, apps and software, along with the corporate data being accessed, are not visible to IT, thereby dramatically increasing an organisation’s risk posture.

https://www.itsecurityguru.org/2023/04/03/new-research-highlights-increased-security-risks-posed-by-remote-working-and-bring-your-own-device-policies/

• Lack of Security Employees Makes SMBs Sitting Ducks for Cyber Attacks

Cyber security is a growing concern among all businesses but lack of security expertise in SMBs is leaving smaller firms open to attack. Cyber threats are more real and prevalent than ever before and the risk to businesses includes not only exposure of customer data and a decrease in trust, but also losses in revenue.

54% of small businesses say they are more concerned about cyber security now than one year ago yet 38% of SMBs said they had zero employees dedicated to security as part of their role, and 42% had just one employee working on security. Even without a traditional security role, there should be someone responsible for making security decisions in every organisation.

A lack of time to focus on security and keeping up with changing threats are amongst the biggest challenges for businesses.

https://www.helpnetsecurity.com/2023/04/04/smbs-security-posture/

• IT and Security Pros Pressured to Keep Quiet About Data Breaches

It is not possible to stop every bad thing from happening. Alarmingly, when something does go wrong IT/security professionals are being told to keep a breach confidential, even when they knew it should be reported. More than 42% of IT/security professionals reporting this happening to them, and a worrying 30% said they have kept a breach confidential.

At 71%, IT/security professionals in the US were the most likely to say they have been told to keep quiet followed by the UK at 44%.

52% of global organisations have experienced a data breach or data leak in the last 12 months. The US led at 75% (or 23% higher than average) followed by the UK at 51.4%.

Infosec professionals are increasingly worried about their company facing legal action due to a breach being handled incorrectly.

https://www.helpnetsecurity.com/2023/04/06/pressure-keeping-breaches-confidential/

• Phishing Emails are Seeing a Huge Rise, So Stay on Your Guard

Phishing attacks are up 5x year-on-year, researchers say. A report from Cofense analysed data received from 35 million people across the world, finding there has been a 569% increase in phishing attacks to 2022 and 478% increase to credential phishing. With the increased frequency, intensity and sophistication of these threats small and medium-sized businesses should be particularly wary of phishing and other forms of email-borne cyber attacks as their numbers have grown explosively over the last year, experts have warned. Organisations should keep eyes open for Business Email Compromise (BEC) attacks as this type continues to be one of the top crimes for the eighth year in a row.

https://www.techradar.com/news/phishing-emails-are-seeing-a-huge-rise-so-stay-on-your-guard

• Ransomware Attacks Skyrocket as Threat Actors Double Down on Global Attacks

New studies have found that ransomware exploits are increasing, and a large percentage of victims are being hit multiple times. The NCC Group noted that there were 240 ransomware attacks in February 2023, a 45% increase from the record-high number of attacks in January. North America accounted for 47% of the global ransomware attacks, with Europe following (23%). Another report found that of all organisations hit by ransomware in the last 12 months, 28% were reported to be hit twice or more. Of the organisations breached, 69% reported phishing as the initial access vector.

https://www.techrepublic.com/article/nccgroup-ransomware-attacks-up-february/

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks

With the backdrop of increasing cyber attacks on supply chains, Managed Service Providers (MSPs) are increasingly being favoured by attackers due to their pivotal role in the supply chain and access to the organisations they are serving.

When measured by sector, MSPs are the hardest hit by hackers in supply chain attacks.

ConnectWise’s cyber research unit analysed some 440,000 incidents that impacted MSPs and their clients and found that Lockbit led among the most prolific ransomware hijackers targeting MSPs, (42% of all ransomware attacks) followed by Cl0p at 11%. Whilst numerous other ransomware gangs also directly targeted MSPs in 2022.

Third party risk assessments should be carried out for all organisations in your supply chain and this is especially true of MSPs and external IT providers given the level of access they have into your systems and data.

https://www.msspalert.com/cybersecurity-research/msps-a-favored-target-of-supply-chain-and-infrastructure-attacks-connectwise-reports/

• Fake Ransomware Gang Targets Organisations with Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening companies with publishing or selling allegedly stolen data unless they get paid. Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the messages. It is possible that victims are selected from publicly available sources, such as the initial attacker’s data leak site, social media, news reports, or company disclosures; in some cases a fake extortionist could learn about ransomware victims that have yet to disclose the cyber attack, making it more likely for victims to believe them.

https://www.bleepingcomputer.com/news/security/fake-ransomware-gang-targets-us-orgs-with-empty-data-leak-threats/

• GCHQ Updates Security Guidance for Boards

The UK’s leading cyber security agency GCHQ, has urged the country’s business leaders to “get to grips” with cyber risk after releasing an updated toolkit to help them do so. GCHQ’s National Cyber Security Centre (NCSC) said its updated Cyber Security Board Toolkit is designed to boost the confidence of senior execs when discussing security with key stakeholders from the organisation.

Given the potentially serious impact breaches can have on business operations and growth, the agency wants boards to treat cyber risk with the same urgency as other business risks in areas such as financial and legal.

https://www.infosecurity-magazine.com/news/gchq-updates-security-guidance/

• More than 60% of Organisations have been Hit with Unplanned Downtime on a Monthly Basis

A recent report found that 52% of organisations had suffered a data breach in the past two years, an increase from 49% in 2022. In addition, 62% of organisations reported that business critical applications suffered from unplanned downtime due to a cyber security incident on at least a monthly basis, an increase from 54% in 2022. Other key findings include downtime costing roughly 2.7% of annual revenue, 39% of organisations believing cyber security incidents directly harmed their competitive position and 31% noting that it had reduced shareholder revenue. As a result of the impact, 95% of organisations reported that they had planned to increase their security budget over the next 2 years.

https://www.msspalert.com/cybersecurity-research/splunk-details-increase-in-data-breaches-downtime-due-to-cybersecurity-issues/

• For Cyber Crime Gangs, Professionalisation Comes With “Corporate” Headaches

Today’s largest cyber crime gangs are operating like large enterprises, with $50 million dollars in annual revenue and around 80% of operating expenses going towards wages. Researchers have found that small, medium and especially large cyber crime gangs are operating just like their legitimate counterparts, from their managerial structure to employee benefits. The research highlights a worrying level of sophistication within cyber crime gangs; we are no longer dealing with the lone attacker in a dark room, but in some cases an enterprise with clear objectives.

https://www.darkreading.com/vulnerabilities-threats/cybercrime-professionalization-gangs-corporate-headaches

• UK’s Offensive Hacking Unit Takes on Military Opponents and Terrorist Groups

Britain’s newly created offensive hacking unit, the National Cyber Force (NCF), has said it is engaged daily in operations to disrupt terrorist groups and military opponents of the UK. Operational details remain unclear, however the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda. This news comes after the recent leak of files for Moscow, which had tasked an IT company to develop cyber warfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.

https://www.theguardian.com/technology/2023/apr/03/uks-offensive-hacking-unit-takes-on-military-opponents-and-terrorist-groups

• Man Kills Himself After an AI Chatbot 'Encouraged' Him to Sacrifice Himself to Stop Climate Change

A man reportedly took his own life following a six-week-long conversation about the climate crisis with an artificial intelligence (AI) chatbot. Reports found that the chatbot had fed the mans worries about climate change, which had worsened his anxiety and later led to suicidal thoughts. The AI chatbot failed to dissuade the man from committing suicide and had in fact encouraged him to act on the thoughts and join the AI chatbot so “they could live together, as one person, in paradise”. This is despite the efforts made to limit these kind of events.

https://www.euronews.com/next/2023/03/31/man-ends-his-life-after-an-ai-chatbot-encouraged-him-to-sacrifice-himself-to-stop-climate-

• Hackers Exploit WordPress Plugin Flaw That Gives Full Control of Millions of Sites

Hackers are actively exploiting a critical vulnerability in a widely used WordPress plugin that gives them the ability to take complete control of millions of sites, researchers said. The vulnerability is in Elementor Pro, a premium plugin running on more than 12 million sites powered by WordPress.  Despite the vulnerability being fixed, many have not installed the patch. Worryingly, this is a common theme in cyber; many organisations remain vulnerable due to them not having an efficient patching process and as a result, a number of the most exploited vulnerabilities have available patches.

https://arstechnica.com/information-technology/2023/03/hackers-exploit-wordpress-plugin-flaw-that-gives-full-control-of-millions-of-sites/

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attacks up sharply in February (techrepublic.com)

• Fake ransomware gang targets U.S. orgs with empty data leak threats (bleepingcomputer.com)

• New Money Message ransomware demands million dollar ransoms (bleepingcomputer.com)

• Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research

• ALPHV ransomware exploits Veritas Backup Exec bugs for initial access (bleepingcomputer.com)

• LockBit leaks data stolen from South Korean National Tax Service-Security Affairs

• UK outsourcing services provider Capita suffered a cyber incident-Security Affairs

• March ransomware disclosures spike behind Clop attacks | TechTarget

• Protect Your Company: Ransomware Prevention Made Easy (thehackernews.com)

• Dish Faces Investor Lawsuit Over Ransomware Attack, Downgrades From Equity Analysts | Next TV

Phishing & Email Based Attacks

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• Phishing emails are seeing a huge rise, so stay on your guard | TechRadar

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

BEC – Business Email Compromise

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

2FA/MFA

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Malware

• WinRAR SFX archives can run PowerShell without being detected (bleepingcomputer.com)

• Malware and machine learning: A match made in hell - Help Net Security

• Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks (thehackernews.com)

• Flood of malicious packages results in NPM registry DoS - Help Net Security

• Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks (thehackernews.com)

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

• Typhon info-stealing malware devs upgrade evasion capabilities (bleepingcomputer.com)

• Tax preparation and e-file service eFile.com compromised to serve malware-Security Affairs

• The hidden picture of malware attack trends - Help Net Security

Mobile

• Google publishes April Android Security Bulletin, but Pixel updates are once again missing (androidpolice.com)

• Android's April 2023 Updates Patch Critical Remote Code Execution Vulnerabilities - SecurityWeek

BYOD

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

Internet of Things – IoT

• Hackers can open Nexx garage doors remotely, and there's no fix (bleepingcomputer.com)

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

Data Breaches/Leaks

• Splunk Details Increase in Data Breaches, Downtime Due to Cyber security Issues - MSSP Alert

• Nearly 5 million hit in massive loan data breach — see if you’re affected | Tom's Guide (tomsguide.com)

• Data Breach Strikes Western Digital (darkreading.com)

• Uber driver info stolen in yet another third-party breach • The Register

• High-cost lender TMX Finance data breach affects nearly 5 million customers | SC Media (scmagazine.com)

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• Law Firm for Uber Loses Drivers' Data to Hackers in Yet Another Breach (darkreading.com)

• Marketplace 600K Records Leaked By Database Snafu (informationsecuritybuzz.com)

• Hacker claims breach of US immigration services | Cybernews

Organised Crime & Criminal Actors

• For Cyber Crime Gangs, Professionalization & ‘Corporate’ Headaches (darkreading.com)

• Fight Mercenaries with these Cyber security Principles (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• DoJ Recovers $112M in Crypto Stolen With Romance Scams (darkreading.com)

• Hackers steal crypto assets by defeating 2FA with rogue browser extension | CSO Online

Insider Risk and Insider Threats

• Re-evaluating immature and ineffective insider risk management programs - Help Net Security

• Employees are as likely as cyber-criminals to cause cyber-incidents | The Independent

Fraud, Scams & Financial Crime

• The staggering cost of identity fraud for financial services - Help Net Security

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

• What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse (darkreading.com)

• Feds seize $112m in currency tied to 'pig-butchering scams • The Register

• Stop online counterfeiters dead in their tracks - Help Net Security

Deepfakes

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Welcome to the era of viral AI generated 'news' images | CNN Business

Insurance

• Experts Urge Empathy, Thoughtfulness for Insurers in Challenging Cyber Landscape (insurancejournal.com)

Dark Web

• New dark web market STYX focuses on financial fraud services (bleepingcomputer.com)

Supply Chain and Third Parties

• MSPs a Favoured Target of Supply Chain and Infrastructure Attacks, ConnectWise Reports - MSSP Alert

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• Risk & Repeat: Inside the 3CX supply chain attack | TechTarget

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Automation, Cyber security, Integration Top the List of Priorities for MSPs in 2023 - MSSP Alert

• Capita: Cyber attack caused pre-weekend outage • The Register

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Google Drive does a surprise rollout of file limits, locking out some users | Ars Technica

• Modular "AlienFox" Toolkit Used to Steal Cloud Service Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Capita: Cyber attack caused pre-weekend outage • The Register

• Shadow data slipping past security teams - Help Net Security

• Think Before You Share the Link: SaaS in the Real World (thehackernews.com)

• Western Digital Hit By Network Security Breach - Infosecurity Magazine (infosecurity-magazine.com)

Hybrid/Remote Working

• New Research Highlights Increased Security Risks Posed by Remote Working and BYOD - IT Security Guru

• Unapproved Apps Used By 32% of Remote Workers - Infosecurity Magazine (infosecurity-magazine.com)

Shadow IT

• Shadow data slipping past security teams - Help Net Security

Identity and Access Management

• "It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete? (thehackernews.com)

• The high cost of insecure authentication methods - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Takedown of notorious hacker marketplace selling your identity to criminals | Europol (europa.eu)

• Stolen credential warehouse Genesis Market seized by FBI • The Register

Social Media

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• Twitter's recommendation algorithm opens platform to manipulation, bot attacks, researcher finds | CyberScoop

• TikTok bans explained: Everything you need to know (techtarget.com)

• YouTube warns of email scam from seemingly authentic account | Science & Tech News | Sky News

Parental Controls and Child Safety

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

Regulations, Fines and Legislation

• TikTok fined £12.7m for illegally processing children’s data | TikTok | The Guardian

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

Governance, Risk and Compliance

• 42% of IT leaders told to maintain breach confidentiality | TechTarget

• GCHQ Updates Security Guidance for Boards - Infosecurity Magazine (infosecurity-magazine.com)

• Splunk Details Increase in Data Breaches, Downtime Due to  Issues - MSSP Alert

• 5 strategies to manage  risks in mergers and acquisitions | CSO Online

Models, Frameworks and Standards

• What is PCI DSS 12 requirements? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• Ex-GCHQ chief criticises Treasury for advertising head of cyber security job with £50k salary (telegraph.co.uk)

Law Enforcement Action and Take Downs

• Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M-Security Affairs

• Stolen credential warehouse Genesis Market seized by FBI • The Register

• Spain's most dangerous and elusive hacker now in police custody (bleepingcomputer.com)

• Genesis Market: Popular cyber crime website shut down by police - BBC News

• FBI obtained detailed database exposing 60,000 users of the cyber crime bazaar Genesis Market | CyberScoop

Privacy, Surveillance and Mass Monitoring

• NYPD ignored 93 percent of surveillance law rules • The Register

Artificial Intelligence

• Welcome to the era of viral AI generated 'news' images | CNN Business

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• Scammers Are Using ChatGPT to Write Emails That Aren't Riddled With Typos (futurism.com)

• ChatGPT, the AI Revolution, and the Security, Privacy and Ethical Implications - SecurityWeek

• ChatGPT banned in Italy | The Independent

• Man ends his life after an AI chatbot 'encouraged' him to sacrifice himself to stop climate change | Euronews

• Malware and machine learning: A match made in hell - Help Net Security

• ChatGPT linked to alleged leak of confidential information at Samsung (interestingengineering.com)

• UK data regulator issues warning over generative AI data protection concerns | CSO Online

• Researcher Tricks ChatGPT into Building Undetectable Steganography Malware (darkreading.com)

Misinformation, Disinformation and Propaganda

• Misinformation, mistakes and the Pope in a puffer: what rapidly evolving AI can – and can’t – do | Artificial intelligence (AI) | The Guardian

• ChatGPT could increase 'threat vector' for cyber attacks and misinformation, experts warn: 'Deepfake generator' | Fox Business

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• UK Discloses Offensive Cyber Capabilities Principles - Infosecurity Magazine (infosecurity-magazine.com)

• Britain’s cyberwarfare chief reveals his identity | The Economist

Nation State Actors

• APT group Winter Vivern exploits Zimbra webmail flaw to target government entities | CSO Online

• UK’s offensive hacking unit takes on military opponents and terrorist groups | Cyberwar | The Guardian

• Vodafone warned of ‘profound national security questions’ over merger with Chinese-owned Three (telegraph.co.uk)

• Russian pro-war military blogger killed in blast at St Petersburg cafe | Russia | The Guardian

• China opens national security probe into Micron products • The Register

• Report: Chinese State-Sponsored Hacking Group Highly Active - SecurityWeek

• Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar (darkreading.com)

• Chinese 'spy balloon' that flew over US gathered intelligence from sensitive military sites, officials say | US News | Sky News

• The other Chinese apps taking the US and UK by storm - BBC News

• TikTok to Comply With US Law, Protect User Data From China - Infosecurity Magazine (infosecurity-magazine.com)

• China probes Micron for cyber security risks, urges Japan to stay out of US chip export curbs  | TechCrunch

• Google TAG Alerts Of ARCHIPELAGO Cyber attacks Linked To North Korea (informationsecuritybuzz.com)

Vulnerability Management

• 15 million public-facing services vulnerable to CISA KEV flaws (bleepingcomputer.com)

• 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack (bleepingcomputer.com)

• Millions still exposed despite available fixes - Help Net Security

• Microsoft to admins: Auto-review your Autopatch alerts • The Register

Vulnerabilities

• Log4j bug abused in new 'proxyjacking' attacks to resell bandwidth, abuse enterprise cloud | SC Media (scmagazine.com)

• Hackers exploit WordPress plugin flaw that gives full control of millions of sites | Ars Technica

• CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog-Security Affairs

• HP to patch critical bug in LaserJet printers within 90 days (bleepingcomputer.com)

• Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359) - Help Net Security

• Chrome 112 Patches 16 Security Flaws - SecurityWeek

• QNAP Zero-Days Leave 80K Devices Vulnerable to Cyber attack (darkreading.com)

Tools and Controls

• How can organisations bridge the gap between DR and cyber security? - Help Net Security

• Let’s pump the brakes on the rush to incorporate AI into cyber security | CSO Online

• The high cost of insecure authentication methods - Help Net Security

• How AI is transforming cyber security for better and worse - Help Net Security

• 3 Fronts in the Battle for Digital Identity (darkreading.com)

• What RASP Should Have Been (darkreading.com)

Reports Published in the Last Week

• Bitdefender 2023 Cybersecurity Assessment | Bitdefender

• Annual Report: Leading Anti-Phishing Solutions | Cofense

Other News Misc/Other Misc attacks

• Maintaining Data Integrity With Growing Cyber security Concerns (informationsecuritybuzz.com)

• Keeper Security April Fools - IT Security Guru

• Travel visa delays after UK’s crime records office hit by cyber ‘incident’ | Evening Standard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Hackers Hit One Third of Organisations Worldwide Multiple Times

Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.

The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.

Overall, respondents rated the following as the top cyber threats in 1H 2022:

• Business Email Compromise (BEC)

• Clickjacking

• Fileless attacks

• Ransomware

• Login attacks (Credential Theft)

Here are some key findings from the study:

• The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.

• This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.

• The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.

• The number now expected to be compromised over the coming year has also increased from 76% to 85%.

From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0

By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.

You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.

https://www.msspalert.com/cybersecurity-research/hackers-hit-one-third-of-organizations-worldwide-multiple-times/

• Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks

Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.

Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.

According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.

The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.

These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.

Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.

Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.

The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.

In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.

Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.

https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/

• 90% of Organisations have Microsoft 365 Security Gaps

A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?

Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:

• 90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins

• 87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)

• Only 17% of companies had strong password requirements that were being consistently followed.

Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.

In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:

• The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.

• 17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.

Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.

https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

• Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors

A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.

The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.

“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.

“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.

As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.

The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.

https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/

• The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.

In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.

A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.

Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”

Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).

Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.

For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.

https://informationsecuritybuzz.com/the-real-cost-of-cyber-attacks-what-organizations-should-be-prepared-for-2/

• 34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware

As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.

"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.

Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.

A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.

Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.

https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html

• “Password” Continues to Be the Most Common Password in 2022

You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.

But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.

As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.

“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.

“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”

Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.

“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.

The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).

https://news.softpedia.com/news/password-continues-to-be-the-most-common-password-in-2022-as-well-536503.shtml

• Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers

A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.

It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.

At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.

https://9to5mac.com/2022/11/25/massive-twitter-data-breach/

• European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked

On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.

As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.

In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.

Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.

https://www.europarl.europa.eu/news/en/press-room/20221118IPR55707/european-parliament-declares-russia-to-be-a-state-sponsor-of-terrorism

https://informationsecuritybuzz.com/comment-european-parliament-hit-by-cyberattack-after-vote-on-russia/

• The Changing Nature of Nation-State Cyber Warfare

Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.

The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.

Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.

The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.

https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/

• Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question

Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.

Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.

Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.

With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.

But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.

Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance.  While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.

https://informationsecuritybuzz.com/is-your-company-covered-for-a-cybersecurity-attack-thats-the-2-million-question/

Threats

Ransomware and Extortion

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank hackers release 1,500 more patient records on dark web, including mental health data | Medibank | The Guardian

• Fake subscription invoices lead to corporate data theft and extortion - Help Net Security

• Ouch! Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network • Graham Cluley

• Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)

• New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)

• Donut extortion group also targets victims with ransomware (bleepingcomputer.com)

• Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)

• Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)

• An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs

• Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• Cybereason warns of fast-moving Black Basta campaign (techtarget.com)

• Spate Of Ransomware Targeting Healthcare Cost $92 Billion In Downtime Since 2018, Experts Weigh In - Information Security Buzz

• RansomExx Upgrades to Rust (securityintelligence.com)

• Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)

• Montreal-area city hit by ransomware: Report | IT World Canada News

Phishing & Email Based Attacks

• Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)

• World Cup phishing emails spike in Middle Eastern countries • The Register

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• SocGholish finds success through novel email techniques | SC Media (scmagazine.com)

BEC – Business Email Compromise

• Ten Charged in $11m Healthcare BEC Plots - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online

• A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot

• Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs

• All You Need to Know About Emotet in 2022 (thehackernews.com)

• New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

• Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)

• This new malware is able to bypass all of Microsoft's security warnings | TechRadar

• Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)

Mobile

• 'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)

• Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)

• Your iPhone may be collecting more personal data than you think | Digital Trends

• This Android File Manager App Infected Thousands of Devices with SharkBot Malware (thehackernews.com)

• Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity

• WhatsApp data leak: 500 million user records for sale | Cybernews

Internet of Things – IoT

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Data Breaches/Leaks

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• WhatsApp data leak: 500 million user records for sale - Security Affairs

• California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com

• Personal data of AirAsia Malaysia, Indonesia and Thailand passengers allegedly leaked due to ransomware - SoyaCincau

Organised Crime & Criminal Actors

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)

• DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News

• Hackers are locking out Mars Stealer operators from their own servers | TechCrunch

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)

• Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Crypto exchanges’ bundling of services threatens stability, says Bank of England official | Financial Times (ft.com)

• Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)

Fraud, Scams & Financial Crime

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Beware - Black Friday online shopping scams are here now | TechRadar

• Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online

• Pig butchering domains seized and slaughtered by the Feds • The Register

• Experts Warn Remote Workers of Black Friday Security Threats - Infosecurity Magazine (infosecurity-magazine.com)

Insurance

• What cyber insurance really covers - Help Net Security

Software Supply Chain

• CISA, NSA, ODNI Publish Software Supply Chain Guidelines For Customers - Infosecurity Magazine (infosecurity-magazine.com) 

Denial of Service DoS/DDoS

• Out of the blue: Surviving an 18-hour, 39M-request DDoS attack - Help Net Security

Cloud/SaaS

• The impact of inadequate SaaS management - Help Net Security

Hybrid/Remote Working

• How remote working impacts security incident reporting | CSO Online

Identity and Access Management

• Access Rights – Bridging the Gap Between Current and Desired States - Information Security Buzz

Encryption

• Mathematical theorem used to crack US government encryption algorithm (phys.org)

API

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• The API Timebomb - Information Security Buzz

• What are different types of APIs? - IT Security Guru

• Three security design principles for public REST APIs - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)

• Guess the most common password. Hint: We just told you • The Register

• World Cup Players Among Most Breached Passwords - IT Security Guru

• Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)

Social Media

• Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches - Security Affairs

• Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)

• Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)

• Musk to abused Twitter users: Your tormentors will return • The Register

• Facebook sued for collecting personal data to sell adverts | News | The Times

• DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

• Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

Cyber Bullying, Cyber Stalking and Sextortion

• Musk to abused Twitter users: Your tormentors will return • The Register

Regulations, Fines and Legislation

• Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz

• UK’s Privacy Tsar Defends Controversial Enforcement Strategy - Infosecurity Magazine (infosecurity-magazine.com)

• How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop

Law Enforcement Action and Take Downs

• UK Cops Lead Action Against Fraud Site that Made £100m - Infosecurity Magazine (infosecurity-magazine.com)

• Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire

• Interpol Seized $130 Million from Cyber criminals in Global "HAECHI-III" Crackdown Operation (thehackernews.com)

• 'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• iPhones are not as privacy-focused as Apple claims, researchers point out - India Today

• Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica

Misinformation, Disinformation and Propaganda

• Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop

• Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-US Influence Operation (thehackernews.com)

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine shows how space is now central to warfare | Financial Times (ft.com)

• New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)

• EU Parliament Putin things back together after cyber attack • The Register

• Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post

• Scotland's broadband builder linked to Israeli spyware | HeraldScotland

• Bahamut Spyware Group Compromises Android Devices Via Fake VPN Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)

Nation State Actors

Nation State Actors – Russia

• Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)

• Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – China

• US Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk (thehackernews.com)

• UK bans Chinese CCTV cameras on ‘sensitive’ government sites • The Register

Vulnerability Management

• EPSS explained: How does it compare to CVSS? | CSO Online

Vulnerabilities

• 73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)

• ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution - Infosecurity Magazine (infosecurity-magazine.com)

• Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs

• Vulnerability in AWS AppSync allowed unauthorized access to cloud resources | The Daily Swig (portswigger.net)

• AWS fixes 'confused deputy' vulnerability in AppSync • The Register

• How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)

• Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)

• Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)

• Security experts are laying Mastodon's flaws bare | TechRadar

• Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs

• PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com

• 5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs

• Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog

Tools and Controls

• Does Zero Trust mean Defence in Depth is dead? - Information Security Buzz

• Charting the Path to Zero Trust: Where to Begin (darkreading.com)

Reports Published in the Last Week

• Threat actors extend attack techniques to new enterprise apps and services - Help Net Security

Other News

• Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online

• 'Quiet quitting' poses a cyber security risk that calls for a shift in workplace culture  | VentureBeat

• Nighthawk Likely to Become Hackers' New Post-Exploitation Tool After Cobalt Strike (thehackernews.com)

• Security Culture Matters when IT is Decentralized (trendmicro.com)

• Legacy IT system modernization largely driven by security concerns - Help Net Security

• Been Doing It The Same Way For Years? Think Again. (thehackernews.com)

• Here's how to make sure your incident response strategy is ready for holiday hackers - Help Net Security

• Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)

• Hacked digital billboard in Brisbane displays pornography for several minutes | Queensland | The Guardian

• The Case For A Security Program - Information Security Buzz

• How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)

• Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews

• Deloitte reveals 10 strategic cyber security predictions for 2023  | VentureBeat

• The Biden administration has racked up a host of cyber security accomplishments | CSO Online

• US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• NCSC Looks Back on Year Of ‘Profound Change’ for Cyber

The UK’s National Cyber Security Centre (NCSC) provided support for 18 nationally significant ransomware attacks; removed 2.1 million cyber-enabled commodity campaigns; issued 34 million early warning alerts about attacks, compromises, vulnerabilities or open ports; and received 6.5 million reports of suspicious emails in the past 12 months – but in a year of “profound change” in the cyber security landscape, it was Russia’s invasion of Ukraine that dominated the agenda.

Reflecting on the past 12 months as she launched the NCSC’s latest annual report on 1 November at an event in London, NCSC CEO Lindy Cameron said that the return of war to Europe with Russia’s invasion of Ukraine presented a unique set of challenges in cyber space for the NCSC and its partners and allies.

Cameron added that while the cyber threat from Russia has perhaps been the most visible security issue of 2022, it was also important not to forget that when it comes to nation-state actors, it will likely be the technical development and evolution of China that ultimately has the more lasting impact on the UK’s national cyber security.

https://www.computerweekly.com/news/252526766/NCSC-looks-back-on-year-of-profound-change-for-cyber

• LastPass Research Finds False Sense of Cyber Security Running Rampant

LastPass released findings from its fifth annual Psychology of Password findings, which revealed even with cyber security education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen Z, the research shows a false sense of password security given current behaviours across the board. In addition, LastPass found that while 65% of all respondents have some form of cyber security education — through school, work, social media, books or via online courses — the reality is that 62% almost always or mostly use the same or variation of a password.

The survey, which explored the password security behaviours of 3,750 professionals across seven countries, asked about respondents’ mindset and behaviours surrounding their online security. The findings highlighted a clear disconnect between high confidence when it comes to their password management and their unsafe actions. While the majority of professionals surveyed claimed to be confident in their current password management, this doesn’t translate to safer online behaviour and can create a detrimental false sense of safety.

Key findings from the research include:

• Gen Z is confident when it comes to their password management, while also being the biggest offenders of poor password hygiene.

• Cyber security education doesn’t necessarily translate to action.

• Confidence creates a false sense of password security.

The latest research showcases that even in the face of a pandemic, where we spent more time online amid rising cyber attacks, there continues to be a disconnect for people when it comes to protecting their digital lives. Even though nearly two-thirds of respondents had some form of cyber security education, it is not being put into practice for varying reasons.

https://www.darkreading.com/vulnerabilities-threats/untitled

• Insurance Giant Settles NotPetya ‘Act of War’ Lawsuit, Signaling Cyber Insurance Shakeup

The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace.

Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.

Now, however, it’s increasingly clear insurers aren’t off the hook for NotPetya payouts or from covering losses from other attacks with clear links to nation-state hackers.

That’s because in this case, what Mondelez and many other corporations endured was not an act of war, but “collateral damage” in a much larger cyber conflict that had nothing to do with them, said the Center for Strategic and International Studies.

There needs to be a rethink what act of war means in cyber space when it comes to insurance. The current definitions come out of the 19th century when we had pirates, navies and privateers.

Last week’s ruling in favour of Mondelez follows a January ruling in a New Jersey court that sided with global pharmaceutical company Merck in a similar case. Its insurance companies initially refused to pay for damages from NotPetya. Merck claimed losses that amounted to $1.4 billion. The insurers are appealing the ruling.

Insurers seized on the NotPetya episode to test how courts would rule on cyber coverage questions, particularly when there’s so much evidence pointing to one particular nation-state actor. Since NotPetya was widely attributed to the Russian government it gave the industry a “really strong opportunity” to set legal precedent limiting their responsibility in these instances.

Insurers will start to be much more upfront about the fact that they aren’t going to cover acts of cyber war or limit payouts for NotPetya type incidents in the future.

https://www.cyberscoop.com/insurance-giant-settles-notpetya-lawsuit/

• Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities

Microsoft is warning of an uptick among nation-state and criminal actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

The tech giant, in its 114-page Digital Defense Report, said it has "observed a reduction in the time between the announcement of a vulnerability and the commoditisation of that vulnerability," making it imperative that organisations patch such exploits in a timely manner.

This also corroborates with an April 2022 advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are "aggressively" targeting newly disclosed software bugs against broad targets globally.

Microsoft noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.

It further accused Chinese state-sponsored groups of being "particularly proficient" at discovering and developing zero-day exploits. This has been compounded by the fact that the Cyberspace Administration of China (CAC) enacted a new vulnerability reporting regulation in September 2021 that requires security flaws to be reported to the government prior to them being shared with the product developers.

Redmond further said the law could enable government-backed elements to stockpile and weaponise the reported bugs, resulting in the increased use of zero-days for espionage activities designed to advance China's economic and military interests.

https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html

• Chinese Mob Has 100K Slaves Working in Cambodian Cyber Crime Mills

Up to 100,000 people from across Asia have been lured to Cambodia by Chinese crime syndicates with the promise of good jobs. When they arrive, their passports are seized and they are put to work in modern-day sweatshops, running cyber crime campaigns.

The Los Angeles Times reported that Cambodia, which was hit hard economically by the pandemic, has allowed Chinese mobsters to set up enormous cyber crime operations using human trafficked labour without consequence, because of the revenue it generates for the country. The campaigns they carry out run the gamut from romance scams to fake sports betting.

Although the Cambodian government acknowledges that as many as 100,000 workers are involved in these activities, it denies anyone is being held against their will. However, the stories from traumatised victims rescued from cyber crime mills include tales of beatings and torture for failing to meet quotas, and of being sold and passed around from gang to gang.

https://www.darkreading.com/attacks-breaches/chinese-mob-100k-slaves-cambodian-cybercrime-mills

• Ransomware Research: 17 Leaked Databases Operated by Threat Actors Threaten Third Party Organisations

Ransomware remains a serious threat to organisations, Deep Instinct, a New York-based deep learning cyber security specialist, said in its recently released 2022 Interim Cyber Threat Report.

It’s no surprise, the company said, as there are currently 17 leaked databases operated by threat actors who are leveraging the data for attacks on third-party companies, most notably social engineering, credential theft, and triple-extortion attacks.

Here are the report’s key findings:

• Changes in ransomware gangs, including LockBit, Hive, BlackCat, and Conti. The latter has spawned “Conti Splinters” made up of former affiliates Quantum, BlackBasta, and BlackByte.

• Significant changes to tactics by Emotet, Agent Tesla, NanoCore, and others. For example, Emotet uses highly obfuscated VBA macros to avoid detection.

• The use of documents for malware has decreased as the top attack vector, following Microsoft’s move to disable macros by default in Microsoft Office files. Threat actors have already pivoted to other methods such as LNK, HTML, and archive email attachments.

• Vulnerabilities such as SpoolFool, Follina and DirtyPipe highlighted the exploitability of both Windows and Linux systems despite efforts to enhance their security.

• The number of exploited in-the-wild vulnerabilities spikes every 3-4 months. The next spike is expected to occur by the end of the year.

• Threat actor groups are extending data exfiltration attacks to demand ransoms from third-party companies if the leaked data contains their sensitive information.

The report also makes three predictions:

• More inside jobs. Malicious threat actors look for the weakest link, which is often in the supply chain. Groups like Lapsus$ do not rely on exploits but instead look for insiders who are willing to sell access to data within their organisation.

• Rise of protestware. Look for a spike in protestware, which is self-sabotaging one’s software and weaponising it with malware capabilities in an effort to harm all or some of its users. The war between Russia and Ukraine has caused a surge in protestware.

• End of year attacks. While no major vulnerability in 2022 has emerged similar to the Log4J or the Exchange cases in 2021, there is an increase year-over-year in the number of publicly assigned CVEs for reported vulnerabilities. For now, threat actors are still exploiting old vulnerabilities during 2022 simply because there is a plethora of unpatched systems for 2021 CVEs but that will change.

Organisations are warned to be on their guard. 2022 has been another record year for cyber criminals and ransomware gangs. It’s no secret that these threat actors are constantly upping their game with new and improved tactics designed to evade traditional cyber defences. Defenders must continue to be vigilant and find new approaches to prevent these attacks from happening.

https://www.msspalert.com/cybersecurity-research/ransomware-research-17-leaked-databases-operated-by-threat-actors-threaten-third-party-organizations/

• Ransomware: Not Enough Victims Are Reporting Attacks, And That's a Problem for Everyone

Ransomware continues to be a significant cyber threat to businesses and the general public – but it's difficult to know the true impact of attacks because many victims aren't coming forward to report them.

The warning comes in the National Cyber Security Centre (NCSC) Annual Review for 2022, which looks back at key developments and incidents in cyber crime over the last year, with ransomware described as an "ever present" threat and a "major challenge" to businesses and public services.

That's demonstrated by how the review details how in the 12-month period between 1 September 2021 and 31 August 2022 there were 18 ransomware incidents that needed a "nationally coordinated" response. These included attacks on a supplier to the National Health Service (NHS) and a ransomware attack against South Staffordshire Water.

However, the true impact of ransomware remains unclear, because the NCSC says that many organisations that fall prey to ransomware attacks aren't disclosing them.

That lack of reporting is despite the significant and disruptive consequences ransomware attacks can have, not only for organisations that fall victim, but for wider society – which is why it's vital that cyber security is taken seriously and incidents are reported.

https://www.zdnet.com/article/ransomware-not-enough-victims-are-reporting-attacks-and-that-increases-the-threat-for-everyone/

• Hackers Selling Access to 576 Corporate Networks for $4 Million

A new report shows that hackers are selling access to 576 corporate networks worldwide for a total cumulative sales price of $4,000,000, fuelling attacks on the enterprise.

The research comes from Israeli cyber-intelligence firm KELA which published its Q3 2022 ransomware report, reflecting stable activity in the sector of initial access sales but a steep rise in the value of the offerings.

Although the number of sales for network access remained about the same as in the previous two quarters, the cumulative requested price has now reached $4,000,000. For comparison, the total value of initial access listings in Q2 2022 was $660,000, recording a drop in value that coincided with the summer ransomware hiatus that hurt demand.

Initial access brokers (IABs) are hackers who sell access to corporate networks, usually achieved through credential theft, webshells, or exploiting vulnerabilities in publicly exposed hardware. After establishing a foothold on the network, the threat actors sell this corporate access to other hackers who use it to steal valuable data, deploy ransomware, or conduct other malicious activity. The reasons IABs choose not to leverage network access vary, ranging from lacking diverse intrusion skills to preferring not to risk increased legal trouble.

IABs still play a crucial role in the ransomware infection chain, even if they got sidelined last year when big ransomware gangs that operated as crime syndicates operated their own IAB departments.

https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/

• Cyber Security Recovery is a Process That Starts Long Before a Cyber Attack Occurs

Organisations are racing to stay ahead of cyber criminals, and as a result, we see businesses investing a lot of money on identifying and detecting attacks, on preventing attacks in the first place, and in responding to live attacks. But they are not spending the same amounts on attack recovery. They may have followed all the relevant guidelines, and even implemented the ISO 27000 standard, but none of that helps them to understand how to build the business back after a serious cyber attack.

Until recent years, this cyber security recovery investment would be spent on an annual tabletop exercise or disaster recovery test and auditing recovery plans. While this should be done, it isn’t enough on its own.

Cyber security insurance is also critical, of course, but it only covers some of the losses. It won’t cover future loss. The reality is most organisations find it very difficult to fully recover from an attack. Those that invest more in disaster recovery and business continuity recover from these attacks far more swiftly than their less-prepared competitors.

The four core components of an effective cyber security recovery program

1. Pre-emptive action

2. Responsibilities and accountability

3. Having the right IT architecture, security and recovery process in place

4. Learning lessons and implementing changes.

Once these factors are understood, and any weak spots identified, the organisation can focus on re-designing or updating architecture and procedures, and on retraining employees (something that should happen regularly).

Recovery is a process that starts long before a cyber attack occurs. It concludes not when the data is secured, but when the organisation can say that it’s learned everything it can from the event and has made the changes necessary to avoid it happening again.

https://www.helpnetsecurity.com/2022/11/03/cybersecurity-recovery/

• Geopolitics Plays Major Role in Cyber Attacks, Says EU Cyber Security Agency

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organisations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA).

In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report, this year titled Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape, notes that in general geopolitical situations continue to have a high impact on cyber security.

This year's report identified several attack types frequently used by state-sponsored attackers. These include zero-day and critical vulnerability exploitation; attacks on operational technology (OT) networks; wiper attacks to destroy and disrupt networks of governmental agencies and critical infrastructure entities; and supply chain attacks. Attacks also featured social engineering, disinformation, and threats against data.

State-sponsored threat actors have also been observed targeting entities from countries in Southeast Asia, Japan, Australia, and Taiwan. Due to increased tensions between specific countries in Asia, state-sponsored threat actors have targeted countries (including EU member states) that had established closer ties with Taiwan.

Ransomware remains the top cyber crime attack type this year as well. More than 10 terabytes of data were stolen monthly during the period studied, with phishing identified as the most common initial vector of such attacks. The report also noted that 60% of affected organisations likely have paid the ransom demanded.

The second most used form of attack was DDoS. The largest DDoS attack ever was launched in Europe in July 2022 against a European customer of Akamai. The attack hit a peak at 853.7Gbps and 659.6Mpps (megapackets per second) over 14 hours.

While all sectors fell victim to attacks, public administration and government entities were the most affected, making up 24% of all cyber attack victims. This was followed by digital service providers at 13% and the general public at 12%. These three sectors alone accounted for 50% of all the attacks during this year.

https://www.csoonline.com/article/3678771/geopolitics-plays-major-role-in-cyberattacks-says-eu-cybersecurity-agency.html#tk.rss_news

• Russian Hackers Account for Most 2021 Ransomware Schemes, US Says

Payment-seeking software made by Russian hackers was used in three quarters of all the ransomware schemes reported to a US financial crime agency in the second half of 2021, a Treasury Department analysis released on Tuesday showed.

In an analysis issued in response to the increase in number and severity of ransomware attacks against critical infrastructure in the United States since late 2020, the US Financial Crimes Enforcement Network (FinCEN) said it had received 1,489 ransomware-related filings worth nearly $1.2 billion in 2021, a 188% jump from the year before.

Out of 793 ransomware incidents reported to FinCEN in the second half of 2021, 75% "had a nexus to Russia, its proxies, or persons acting on its behalf," the report said.

Washington last week hosted a meeting with officials from 36 countries and the European Union, as well as 13 global companies to address the growing threat of ransomware and other cyber crime, including the illicit use of cryptocurrencies.

https://www.reuters.com/technology/us-says-many-ransomware-attacks-late-2021-were-connected-russian-actors-2022-11-01/

• Exposed: The Global Hacking Network That Targets VIPs

Private investigators linked to the City of London are using an India-based computer hacking gang to target British businesses, government officials and journalists.

The Sunday Times and the Bureau of Investigative Journalism have been given access to the gang’s database, which reveals the extraordinary scale of the attacks. It shows the criminals targeted the private email accounts of more than 100 victims on behalf of investigators working for autocratic states, British lawyers and their wealthy clients. Critics of Qatar who threatened to expose wrongdoing by the Gulf state in the run-up to this month’s World Cup were among those hacked.

It is the first time the inner workings of a major “hack-for-hire” gang have been leaked to the media and it reveals multiple criminal conspiracies. Some of the hackers’ clients are private investigators used by major law firms with bases in the City of London.

The investigation — based on the leaked documents and undercover work in India — reveals:

• Orders went out to the gang to target the BBC’s political editor Chris Mason in May, three weeks after his appointment was announced.

• The president of Switzerland and his deputy were targeted just days after he met Boris Johnson and Liz Truss in Downing Street to discuss Russian sanctions.

• Philip Hammond, then chancellor, was hacked as he was dealing with the fallout of Russia’s novichok poisonings in Salisbury.

• A private investigator hired by a London law firm acting for the Russian state ordered the gang to target a British-based oligarch fleeing President Putin.

• Michel Platini, the former head of European football, was hacked shortly before he was due to talk to French police about corruption allegations relating to this year’s World Cup.

• The hackers broke into the email inboxes of the Formula One motor racing bosses Ruth Buscombe, the British head of race strategy at the Alfa Romeo team, and Otmar Szafnauer, who was chief executive of the Aston Martin team.

• The gang seized control of computers owned by Pakistan’s politicians, generals and diplomats and eavesdropped on their private conversations apparently at the behest of the Indian secret services.

The commissioning of hacking is a criminal offence punishable with a maximum sentence of ten years in jail in Britain. The Metropolitan Police was tipped off about the allegations regarding Qatar in October last year, yet chose not to take any action. David Davis, the former cabinet minister, said that the force should reopen its investigation into the cyber attacks against British citizens. Davis said the investigation exposed how London has become “the global centre of hacking”.

https://www.thetimes.co.uk/article/exposed-the-global-hacking-network-that-targets-vips-nff67j67z

Threats

Ransomware and Extortion

• Wannacry, the hybrid malware that brought the world to its knees. Let’s not forget! - Security Affairs

• International Counter Ransomware Initiative 2022 Joint Statement | The White House

• Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)

• Extortion fears after hacker stole patient files from Dutch mental health clinics (bitdefender.com)

• Ransomware activity and network access sales in Q3 2022 - Security Affairs

• Ransomware costs top $1 billion as White House inks new threat-sharing initiative - CyberScoop

• Stopping C2 communications in human-operated ransomware through network protection - Microsoft Security Blog

• FIN7 Cyber crime Group Likely Behind Black Basta Ransomware Campaign (darkreading.com)

• Everything You Need to Know About LockBit (darkreading.com)

• Yanluowang ransomware gang goes dark after leaks (techtarget.com)

• LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs

• Ransomware cost US banks $1.2 billion last year • The Register

• Australia sees rise in cyber crimes on back of 'destructive' ransomware, state actors | ZDNET

• Listed car dealer Pendragon has ‘contained’ cyber attack – but new deadline for data release issued by hackers – Car Dealer Magazine

• Hackers Target Australian Defense Communications Platform With Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct - Infosecurity Magazine (infosecurity-magazine.com)

• BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider - Security Affairs

• Australian Defence Department Impacted In Ransomware Attack (informationsecuritybuzz.com)

• LockBit ransomware gang claims the hack of the Continental automotive group - Security Affairs

• Cyber attack Strikes Global Copper Conglomerate (darkreading.com)

• ALMA Observatory shuts down operations due to a cyber attack (bleepingcomputer.com)

• Osaka Hospital Halts Services After Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

Phishing & Email Based Attacks

• Outmanoeuvring cyber criminals by recognizing mobile phishing threats’ telltale markers - Help Net Security

• Robin Banks phishing service returns to steal banking accounts (bleepingcomputer.com)

• Attackers leverage Microsoft Dynamics 365 to phish users - Help Net Security

• Phishers Abuse Microsoft Voicemail Service to Trick Users - Infosecurity Magazine (infosecurity-magazine.com)

• CISA Urges Organisations to Implement Phishing-Resistant MFA | SecurityWeek.Com

• 130 private Dropbox GitHub repos copied after phish attack • The Register

• As Twitter brings on $8 fee, phishing emails target verified accounts (bleepingcomputer.com)

BEC – Business Email Compromise

• New Crimson Kingsnake gang impersonates law firms in BEC attacks (bleepingcomputer.com)

• Double-check those demand-payment emails from law firms • The Register

Malware

• RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (bleepingcomputer.com)

• The Emotet botnet has returned with a vengeance | TechRadar

• Emotet botnet starts blasting malware again after 4 month break (bleepingcomputer.com)

• Drinik banking malware returns: Things you can do to keep your data safe | Mint (livemint.com)

• Hacking group abuses antivirus software to launch LODEINFO malware (bleepingcomputer.com)

• This stealthy hacking campaign uses a new trick to deliver its malware | ZDNET

• Cranefly threat group uses innocent-looking info-stealer • The Register

• 250+ US news sites spotted spreading FakeUpdates malware in a supply-chain attack - Security Affairs

• New Azov data wiper tries to frame researchers and BleepingComputer

• Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware (bleepingcomputer.com)

• Inside Raccoon Stealer V2 (thehackernews.com)

Mobile

• Android Apps With a Million Downloads Led Users to Phishing Sites - Infosecurity Magazine (infosecurity-magazine.com)

• US govt employees exposed to mobile attacks from outdated Android, iOS (bleepingcomputer.com)

• Samsung Galaxy Bug Secretly Let Hackers Install Apps on Targeted Devices (informationsecuritybuzz.com)

• Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)

• Malicious dropper apps on Play Store totaled 30.000+ installations - Security Affairs

• New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)

Internet of Things – IoT

• IoT devices can undermine your security. Here are four ways to boost your defences | ZDNET

• Understanding The Importance Of Cyber Resilience In Smart Buildings - IT Security Guru

Data Breaches/Leaks

• Royal Mail customer data leak shutters online Click and Drop • The Register

• Vodafone Italy discloses data breach after reseller hacked (bleepingcomputer.com)

• LockBit 3.0 gang claims to have stolen data from Thales - Security Affairs

• Dropbox discloses breach after hacker stole 130 GitHub repositories (bleepingcomputer.com)

• Data Breach of Missile Maker MBDA May Have Been Real: CloudSEK - Infosecurity Magazine (infosecurity-magazine.com)

• Experian tool exposed partial Social Security numbers, putting customers at risk - CyberScoop

• Label Giant Multi-Color Corporation Discloses Data Breach | SecurityWeek.Com

• Bed Bath & Beyond Discloses Data Breach to SEC (darkreading.com)

Organised Crime & Criminal Actors

• US Hacker Group Indicted For Million-Dollar RICO Conspiracy - Infosecurity Magazine (infosecurity-magazine.com)

• Four-year cyber crime campaign targeting African banks netted $30 million - CyberScoop

• French-speaking crooks stole $30m in bank cyber-heist spree • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• New clipboard hijacker replaces crypto wallet addresses with lookalikes (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Fraudulent Instruction Losses Spike in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Former Apple worker pleads guilty to $17m fraud charges • The Register

Insurance

• Mondelez, Zurich settle $100m+ NotPetya insurance lawsuit • The Register

Dark Web

• German cops arrest student in dark-web marketplace bust • The Register

Supply Chain and Third Parties

• NCSC issues fresh guidance following recent rise in supply chain cyber attacks – Intelligent CISO

• Hundreds of US news sites push malware in supply-chain attack (bleepingcomputer.com)

Software Supply Chain

• You can up software supply chain security by implementing these measures - Help Net Security

• W4SP Stealer Stings Python Developers in Supply Chain Attack (darkreading.com)

Denial of Service DoS/DDoS

• FBI: Hacktivist DDoS attacks had minor impact on critical orgs (bleepingcomputer.com)

• CISA, FBI, MS-ISAC Publish Guidelines For Federal Agencies on DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS Attacks are Upgrading 70% with The Help of CLDAP (analyticsinsight.net)

Cloud/SaaS

• Why Identity & Access Management Governance is a Core Part of Your SaaS Security (thehackernews.com)

• Top 4 priorities for cloud data protection - Help Net Security

• Zscaler's Cloud-Based Cyber security Outages Showcase Redundancy Problem (darkreading.com)

API

• Why Are Zombie APIs and Shadow APIs So Scary? (darkreading.com)

Open Source

• Last Years Open Source - Tomorrow's Vulnerabilities (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Air New Zealand warns of an ongoing credential stuffing attack - Security Affairs

Social Media

• As Twitter brings on $8 fee, phishing emails target verified accounts (bleepingcomputer.com)

Training, Education and Awareness

• Can You Nudge Employees Toward Better Cyber security? New Research Says Yes (darkreading.com)

Travel

• Data capture by border agencies can and will happen – are your on-the-road employees prepared? | CSO Online

Regulations, Fines and Legislation

• ICO Slashes Government Data Breach Fine - Infosecurity Magazine (infosecurity-magazine.com)

• SolarWinds reaches $26m settlement, expects SEC action • The Register

• How to Prepare for New SEC Cyber security Disclosure Requirements | SecurityWeek.Com

Careers, Working in Cyber and Information Security

• How Microsoft works to grow the next generation of cyber defenders - Microsoft Security Blog

• Economic Uncertainty Isn't Stopping Cyber crime Recruitment — It's Fueling It (darkreading.com)

• How to Narrow the Talent Gap in Cyber security (darkreading.com)

• Is there a problem with stress and burnout in cyber security? - IT Security Guru

• A Third of Security Leaders Considering Quitting Their Current Role - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• German cops arrest student in dark-web marketplace bust • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russia has declared hybrid war on Britain (telegraph.co.uk)

• Will cyber saber-rattling drive us to destruction? - Help Net Security

• British cyber warriors defend Ukraine | News | The Times

• No.10 WhatsApp Use Is Critical Danger To Security (informationsecuritybuzz.com)

• Oreo Giant Mondelez Settles NotPetya 'Act of War' Insurance Suit (darkreading.com)

• Cyber Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware (darkreading.com)

• New SandStrike spyware infects Android devices via malicious VPN app (bleepingcomputer.com)

• Russian missile strikes overshadow cyber attacks as Ukraine reels from blackouts | CNN Politics

Nation State Actors

Nation State Actors – Russia

• Liz Truss 's phone was allegedly hacked by Russian spies - Security Affairs

• MPs 'constantly' warned their phones are national security risk (telegraph.co.uk)

• US Treasury thwarted attack by Russian hacker group last month-official | Reuters

• Russia tries to impose switch to Linux from Windows (freethink.com)

• Ukraine war: British spies playing key role in defending Kyiv from Russian cyber attacks | UK News | Sky News

Nation State Actors – China

• China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor (darkreading.com)

• Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (thehackernews.com)

Nation State Actors – Misc

• Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics (darkreading.com)

Vulnerability Management

• The most frequently reported vulnerability types and severities - Help Net Security

• Last Years Open Source - Tomorrow's Vulnerabilities (thehackernews.com)

• Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics (darkreading.com)

Vulnerabilities

• The OpenSSL security update story – how can you tell what needs fixing? – Naked Security (sophos.com)

• Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers | SecurityWeek.Com

• Fortinet fixed 16 vulnerabilities, 6 rated as high severity - Security Affairs

• Cisco Patches High-Severity Bugs in Email, Identity, Web Security Products | SecurityWeek.Com

• You Need to Update Google Chrome, Windows, and Zoom Right Now | WIRED UK

• The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical (darkreading.com)

• Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product | SecurityWeek.Com

• OpenSSL downgrades horror bug after week of speculation • The Register

• Follina Exploit Leads to Domain Compromise (thedfirreport.com)

• Patch Now: Dangerous RCE Bug Lays Open ConnectWise Server Backup Managers (darkreading.com)

Reports Published in the Last Week

• NCSC Annual Review 2022 - NCSC.GOV.UK

• Microsoft Digital Defense Report 2022 | Microsoft Security

• Psychology of Passwords 2022: Proactive Cyber security - LastPass

• APT trends report Q3 2022 | Securelist

• Attack Surface Management 2022 Midyear Review Part 3 (trendmicro.com)

• 2022 Cyber Threat Report Details Growing Trends | TechRepublic

• Volatile Geopolitics Shake the Trends of the 2022 Cyber security Threat Landscape — ENISA (europa.eu)

Other News

• Meet fundamental cyber security needs before aiming for more - Help Net Security

• NCSC Issued 34 Million Cyber Alerts in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

• Multi-factor authentication fatigue can blow open security • The Register

• WiFi security flaw lets a drone track devices through walls | Engadget

• Now That EDR Is Obvious, What Comes Next? (darkreading.com)

• The Art of Calculating the Cost of Risk (darkreading.com)

• Build Security Around Users: A Human-First Approach to Cyber Resilience (darkreading.com)

• The Role of Ethical Hacking in Cyber security (bolton.ac.uk)

• Top 10 Ethical Hacking Trends and Predictions for 2023 (analyticsinsight.net)

• British govt is scanning all Internet devices hosted in UK (bleepingcomputer.com)

• Red Cross Eyes Digital Emblem for Cyber space Protection | SecurityWeek.Com

• CISA releases cyber security performance goals to reduce risk and impact of adversarial threats | CSO Online

• Security hygiene and posture management requires new tools (techtarget.com)

• Most Online Shoppers Would Leave Retailer Following Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Offense Gets the Glory, but Defence Wins the Game | SecurityWeek.Com

• The 7 Core Pillars of a Zero-Trust Architecture (techtarget.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

• Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

• Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

• UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

• HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

• The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

• 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

• 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

• Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

• Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

• network security (43%)

• backup infrastructure security (40%)

• endpoint security (39%)

• email security (36%)

• data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

• Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

• How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/

Threats

Ransomware and Extortion

• SonicWall: Ransomware down this year, but there’s a catch • The Register

• Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? | Health | The Guardian

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)

• How to detect Windows worm that now distributes ransomware • The Register

• Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)

• BlackByte ransomware affiliate also steals victims' data • The Register

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

• CISA warns of ransomware attacks on healthcare providers (techtarget.com)

• Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom | SecurityWeek.Com

• Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)

• Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)

• Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)

• Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)

• Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)

• Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)

• Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)

• Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)

Phishing & Email Based Attacks

• DHL Replaces LinkedIn As Most Imitated Brand in Phishing Attempts - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering attacks anybody could fall victim to - Help Net Security

• Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com

Malware

• Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)

• Types of cloud malware and how to defend against them (techtarget.com)

• Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands Of Fake PoC Exploits In GitHub Repositories Deliver Malware – (informationsecuritybuzz.com)

• Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)

• Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)

Mobile

• Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (thehackernews.com)

• These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (thehackernews.com)

• Android Hacking Warning As Criminals Target TikTok And PayPal For (informationsecuritybuzz.com)

Internet of Things – IoT

• IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)

• IoT security strategy from enterprises using connected devices | Network World

• Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC | CSO Online

• Your CCTV devices can be hacked and weaponized - Help Net Security

• Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras | SecurityWeek.Com

Data Breaches/Leaks

• Thomson Reuters leaked at least 3TB of sensitive data | Cybernews

• See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)

• Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)

• Seven months after it found out, FamilySearch tells users their personal data has been breached • Graham Cluley

• Bed Bath & Beyond reviewing possible data breach | Reuters

Organised Crime & Criminal Actors

• Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)

• Interpol says metaverse opens up new world of cyber crime | Reuters

• From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Researchers uncover cryptojacking campaign targeting Docker, Kubernetes cloud servers | SC Media (scmagazine.com)

• Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register

• Cryptomining campaign abused free GitHub account trials (techtarget.com)

Insider Risk and Insider Threats

• New York Post hacked? No, the culprit is an employee - Security Affairs

Fraud, Scams & Financial Crime

• UK Anti-fraud Efforts Failing (informationsecuritybuzz.com)

• Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)

• Economic strife fuels cyber anxiety - Help Net Security

• LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)

• Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)

Insurance

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)

Dark Web

• Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)

• Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)

• Dark Web Forum Busts Come Days Apart (darkreading.com)

• British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs

Software Supply Chain

• Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (informationsecuritybuzz.com)

• How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• Consumer behaviours are the root of open source risk - Help Net Security

Denial of Service DoS/DDoS

• Key observations on DDoS attacks in H1 2022 - Help Net Security

• Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica

Cloud/SaaS

• Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)

• It’s time to prioritize SaaS security | InfoWorld

• Top Cloud Security Challenges & How to Beat Them (trendmicro.com)

• Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)

• Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

• Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)

Hybrid Working

• Balancing remote work privacy vs. productivity monitoring (techtarget.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Asset risk management: Getting the basics right - Help Net Security

Encryption

• New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)

• Can a new form of cryptography solve the internet’s privacy problem? | Data protection | The Guardian

API

• Thousands Of Publicly Exposed API Tokens Could Threaten Software Integrity (informationsecuritybuzz.com)

• Key API Security Principles And How To Implement Them (informationsecuritybuzz.com)

Open Source

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why it's time to expire mandatory password expiration policies (techtarget.com)

• Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica

Biometrics

• ICO Warns of "Immature" Biometric Tech - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)

• LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)

• Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)

• Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)

• Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos (bitdefender.com)

Regulations, Fines and Legislation

• UK Construction Biz Fined £4.4m for Serious Security Failings - Infosecurity Magazine (infosecurity-magazine.com)

• Australia Flags New Corporate Penalties for Privacy Breaches | SecurityWeek.Com

Data Protection

• What consumers expect from organisations that handle their personal data - Help Net Security

Law Enforcement Action and Take Downs

• Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too | ZDNET

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)

• Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)

• Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com

• Norway arrests man accused of being Russian spy - BBC News

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

Nation State Actors – Russia

• Russia says Starlink satellites could become military target • The Register

• Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

Nation State Actors – China

• Chinese spy duo charged in Huawei case as US condemns ‘egregious’ interference | China | The Guardian

• Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert

• Federal bans don't stop US states from buying Chinese kit • The Register

• Chinese Spies Indicted for Coercing Nationals Living in US to Return as Agents of the PRC - MSSP Alert

Nation State Actors – North Korea

• Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (thehackernews.com)

Nation State Actors – Iran

• Iranian government blames 'foreign country' for hack-and-leak of nuclear information - CyberScoop

Vulnerability Management

• Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited (bleepingcomputer.com)

• Protecting organisations by understanding end-of-life software risks - Help Net Security

Vulnerabilities

• OpenSSL to fix the second critical flaw ever - Security Affairs

• Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)

• Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)

• Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig (portswigger.net)

• Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)

• Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)

• 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)

• Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)

• Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)

• Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com

• Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security

• Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com

• VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs

• VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com

• Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs

Reports Published in the Last Week

• Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% (vadesecure.com)

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament

Other News

• Cyber Security Risks & Stats This Spooky Season (darkreading.com)

• Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)

• 8 hallmarks of a proactive security strategy | CSO Online

• Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)

• Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security

• Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)

• Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)

• Why dark data is a growing danger for corporations - Help Net Security

• Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.