Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 24 May 2024
Black Arrow Cyber Threat Intelligence Briefing 24 May 2024:
-Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk
-Threat Research Highlights Growing Mobile Security Risks
-The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever
-Family Offices Become Prime Targets for Cyber Hacks and Ransomware
-Ransomware Fallout - 94% Experience Downtime, 40% Face Work Stoppage
-Employee Discontent - Insider Threat No. 1
-Report Reveals 341% Rise in Advanced Phishing Attacks
-Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment
-New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans
-HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report
-80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface
-UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments
-UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Human Error and AI Tops Cyber Threats as 70% of CISOs Worry About Risk
According to a survey of 1,600 CISOs, 70% worry about the risk of a material cyber attack over the next 12 months. Additionally, nearly 31% believe an attack is very likely, compared to 25% in 2023. Amongst the largest concerns were human error, with 75% of CISOs identifying it as their most significant cyber vulnerability, up from 60% in 2023. Furthermore, 80% anticipate that human risk and employee negligence in particular will be major cyber security issues in the next two years. Additionally, artificial intelligence was identified as an emerging concern for 54% of CISOs.
Sources: [The Register] [Infosecurity Magazine] [Cryptopolitan]
The State of Cyber Security: AI and Geopolitics Mean a Bigger Threat Than Ever
A recent report by Check Point reveals that global organisations faced an average of 1,158 weekly cyber attacks in 2023, an increase from 2022. In the UK, 50% of businesses experienced cyber attacks in the past year, with medium and large-sized businesses more affected at 70% and 74%, respectively. A ClubCISO survey found 62% of CISOs believe organisations are ill-equipped for AI-driven attacks, yet 77% haven't increased cyber security spending.
Additionally, a British Foreign Policy Group (BFPG) article highlights cyber threats from geopolitical tensions, with a recent attack on the Ministry of Defence exposing HR and payroll data. The National Cyber Security Centre attributes such attacks to state-affiliated actors like China and Russia. Despite efforts to establish international cyber norms, enforcement remains challenging. Businesses must recognise that cyber security is now deeply intertwined with geopolitics, affecting strategic partnerships and procurement.
Threat Research Highlights Growing Mobile Security Risks
A recent report by a cloud security vendor focusing on the mobile threat landscape found that in the first quarter of 2024, the number of phishing, malicious, denylisted and offensive links delivered to their customers’ mobile devices tripled compared to Q1 2023. The report, which bases its data on 220 million devices, 325 million apps and billions of web items, found that the most common misconfiguration in mobiles was out of date operating systems (37%). When it came to the prevalence of attacks, 75% of organisations reported experiencing mobile phishing attempts targeting their employees.
This comes as a representative from the US Cybersecurity and Infrastructure Security Agency told the Federal Communications Commission earlier this year that there had been “numerous incidents of successful, unauthorised attempts” to steal location data, monitor voice and text messages, and deliver spyware.
Sources: [Economist] [Business Wire]
Family Offices Become Prime Targets for Cyber Hacks and Ransomware
A recent Dentons survey reveals that nearly 80% of family offices perceive a dramatic increase in cyber attack threats, with a quarter experiencing an attack in 2023, up from 17% in 2020. Despite their wealth, family offices often lack the staff and technology to manage these risks effectively. Less than a third report well-developed cyber risk management processes, and only 29% believe their cyber training programs are sufficient. This gap between awareness and action highlights the need for family offices to prioritise comprehensive cyber security measures, including better training, updated policies, and secure communication practices.
Source: [CNBC]
Ransomware Fallout: 94% Experience Downtime, 40% Face Work Stoppage
According to a report by cyber security provider Arctic Wolf, within the last 12 months 48% of organisations identified evidence of a successful breach within their environment and 70% of organisations were the targets of attempted Business Email Compromise (BEC) attacks, with 29% of these targets becoming victims of one or more successful BEC occurrences.
In its survey, the company says “45% of the organizations we spoke with admitted to being the victim of a ransomware attack within the last 12 months”, an increase from the prior year. Of those impacted by ransomware, 86% of attacks including successful data exfiltration and 94% of those impacted by a ransom event experienced a significant downtime and delays. 40% of victims stated they experienced a period of total work stoppage due to ransomware.
Source: [Help Net Security]
Employee Discontent: Insider Threat No. 1
Chief Information Security Officers (CISOs) must integrate human factors into insider risk management (IRM), not just rely on detection technologies. IRM must consider factors such as those raised by recent research where only half of US workers are very satisfied with their jobs, and 28% feel their employers don't care about them. CISOs themselves are affected by job satisfaction; the 2024 IANS/Artico report shows three out of four CISOs are ready to leave their roles. DTEX Systems found 77% of malicious insiders concealed their activities, emphasising the importance of human engagement and feedback in mitigating risks.
Source: [CSO]
Report Reveals 341% Rise in Advanced Phishing Attacks
A recent report has revealed malicious emails increased by 341% over the past 6 months. This included a 217% increase in credential harvesting phishing attacks and a 29% increase in Business Email Compromise (BEC) attacks. The report highlighted the impact of artificial intelligence, noting that since the launch of ChatGPT in November 2022, there has been a 4,151% surge in malicious phishing messages.
Source: [Security Magazine] [ Infosecurity Magazine]
Ransomware and GenAI Raise Security Challenges, Driving Cyber Investment
A recent study by Infosecurity Europe reveals that nearly 40% of cyber security leaders are increasing investments to combat the growing threats of ransomware and AI-generated attacks. A separate survey found 94% of organisations have or plan to implement generative AI use policies, and a third strictly forbid AI tech in their environment. This data highlights the ongoing effort to balance AI benefits with security risks, indicating that there isn’t a one-size-fits-all strategy for formalising AI adoption and usage policies.
Source: [Security Boulevard] [Infosecurity Magazine]
New Rules Prompt 93% of Organisations to Rethink Cyber Security Plans
A recent report reveals that 93% of organisations have re-evaluated their cyber security strategies due to new regulations, with 58% reconsidering their entire approach. The survey, which included 500 cyber security decision-makers from the US and UK, found that 92% reported increased security budgets, with 36% seeing rises of 20-49% and 23% experiencing over 50% increases. Despite this, only 40% feel confident in their resources to comply with regulations, and just one-third believe they can meet all requirements, highlighting significant gaps in preparedness.
Source: [security magazine]
HR and IT Related Phishing Scams Still Most Popular According to KnowBe4’s Latest Phishing Report
A recent KnowBe4 report reveals that HR-related phishing emails account for 42% of top-clicked phishing attempts, followed by IT-related emails at 30%. These phishing tactics exploit employees' trust and evoke immediate responses by mimicking legitimate business communications about dress code changes, tax updates, and training notifications. The report also highlights that nearly a third of users are vulnerable to phishing, emphasising the need for robust security awareness training. A well-trained workforce is essential in defending against increasingly sophisticated phishing attacks that leverage AI and emotional manipulation.
Source: [IT Security Guru]
80% of Exposures from Misconfigurations, as 15 Vendors Account for 62% of Global Attack Surface
A recent XM Cyber report highlights a significant gap in cyber security focus with identity and credential misconfigurations accounting for 80% of security exposures. The study, based on hundreds of thousands of attack path assessments, found that 62% of the global attack surface is concentrated in just 15 vendors. Furthermore, 41% of organisations had at least one compromised device, and 11% experienced ransomware incidents. The report underscores the need for a shift from patching all vulnerabilities to addressing high-impact exposures, especially those around identity management and critical asset protection.
Sources: [Security Magazine] [The Hacker News]
UK to Propose Mandatory Reporting for Ransomware Attacks and Licensing Regime for all Payments
A forthcoming proposal in Britain aims to overhaul the response to ransomware by mandating victims to report incidents and obtain a license before making extortion payments. This initiative, part of a public consultation, includes a ban on ransom payments for critical national infrastructure to deter attacks. The National Cyber Security Centre has highlighted concerns over underreporting, with a 2023 increase in ransomware-related data breaches. The plan’s success hinges on replacing the delayed Action Fraud reporting platform. This proposal marks a significant step in global ransomware policy, with Britain leading international efforts against cyber criminals.
Source: [The Record Media]
UK’s Legal Sector Needs to Improve its Cyber Security, Says Experts
One in ten UK data breaches in 2023 occurred in the legal sector, highlighting that UK law firms are attractive targets for cyber criminals. A recent analysis of the UK’s Information Commissioner's Office (ICO) data found that the legal sector is one of the worst performing sectors for data breaches, with nearly 86 per cent of the incidents within the legal sector involving breaches of personal identifiable information, including instances also affecting sensitive economic and financial data.
Sources [CITY AM]
Governance, Risk and Compliance
UK's legal sector needs to improve its cyber security, say experts (cityam.com)
How to stay on top of evolving cyber security legislation | RSM UK
New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine
One CISO Can’t Fill Your Board’s Cyber Security Gaps (mit.edu)
Security Compliance 101: What It Is and How to Master It - Security Boulevard
Family offices become prime targets for cyber hacks and ransomware (cnbc.com)
Worried about job security, cyber teams hide security incidents - Help Net Security
Law firms warn global risks on the rise (emergingrisks.co.uk)
Financial companies must have data breach incident plans, SEC says | SC Media (scmagazine.com)
Businesses must overcome security communication roadblocks – Channel EYE
Why Culture is the Bedrock of Cyber Security - Infosecurity Magazine (infosecurity-magazine.com)
IT Security Leaders Are Failing to Close a Boardroom Credibility Gap (prnewswire.com)
Effective GRC programs rely on team collaboration - Help Net Security
Understanding cyber risks beyond data breaches - Help Net Security
De-risking the business - how to evolve your approach to security | TechRadar
IT and security data is siloed in most organisations (betanews.com)
Can Cyber Security Be a Unifying Factor in Digital Trade Negotiations? (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Family offices become prime targets for cyber hacks and ransomware (cnbc.com)
Ransomware fallout: 94% experience downtime, 40% face work stoppage - Help Net Security
Ransomware Attacks Evolve as Average Ransom Demand Tops $1.26 Million - Security Boulevard
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)
Cyber criminals shift tactics to pressure more victims into paying ransoms - Help Net Security
This wiper malware takes data destruction to a whole new level | TechRadar
A Surge in Ransomware: Insights from Our 2024 Cyber Threat Report | Huntress
Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard
LockBit takedown taking toll as gang plummets down rankings • The Register
First LockBit, now BreachForums: Are cops winning the war? • The Register
2024 sees continued increase in ransomware activity - Help Net Security
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)
What role does an initial access broker play in the RaaS model? | TechTarget
Casino cyber attacks put a bullseye on Scattered Spider • The Register
Ransomware innovation slowdown a product of crims' success • The Register
Ransomware Victims
OmniVision Says Personal Information Stolen in Ransomware Attack - Security Week
LockBit says they stole data in London Drugs ransomware attack (bleepingcomputer.com)
Phishing & Email Based Attacks
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)
Phishing statistics that will make you think twice before clicking - Help Net Security
Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)
Only 60 percent of brands can protect their customers from digital impersonation (betanews.com)
A phish by any other name should still not be clicked – Computerworld
Active Chinese Cyber espionage Campaign Rifling Email Servers (inforisktoday.com)
YouTube has become a significant channel for cyber crime - Help Net Security
BEC
The last six months shows a 341% increase in malicious emails | Security Magazine
Phishing, BEC, and Beyond: Tackling the Top Cyber Threats to UK Banks (prnewswire.co.uk)
Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard
10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire
Other Social Engineering
Artificial Intelligence
The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict
Three Questions Every Leader Needs To Ask About AI Cyber Security (forbes.com)
Ransomware, BEC, GenAI Raise Security Challenges - Security Boulevard
Beware – Your Customer Chatbot is Almost Certainly Insecure: Report - Security Week
Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan
Consumers continue to overestimate their ability to spot deepfakes - Help Net Security
CIO’s 2024 Checklist: Generative AI, Digital Transformation And More (forbes.com)
Deepfakes Rank As the Second Most Common Cyber Security Incident for US Businesses (darkreading.com)
Data regulator looking into Microsoft’s AI Recall feature | The Independent
US Intelligence Agencies’ Embrace of Generative AI Is at Once Wary and Urgent - Security Week
User Outcry as Slack Scrapes Customer Data for AI Model Training - Security Week
Balancing generative AI cyber security risks and rewards | TechTarget
AI Is The Past, Present And Future Of Cyber Security (forbes.com)
US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)
Transparency is sorely lacking amid growing AI interest | ZDNET
2FA/MFA
Malware
Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide (thehackernews.com)
400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)
Another nasty Mac malware is spoofing legitimate software to target macOS users | TechRadar
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)
What Does Malware Look Like? Check Out These Real-World Examples (pcmag.com)
Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail (thehackernews.com)
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks (thehackernews.com)
Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns (thehackernews.com)
Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica
US AI Experts Targeted in SugarGh0st RAT Campaign (darkreading.com)
New BiBi Wiper version also destroys the disk partition table (bleepingcomputer.com)
Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth (darkreading.com)
Malicious actors are cat-phishing targets in order to spread malware | Security Magazine
Mobile
It is dangerously easy to hack the world’s phones (economist.com)
How often should you turn off your phone? Here's what the NSA says | PCWorld
North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)
US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED
How to recognise if the security of your work device has been breached (siliconrepublic.com)
Vultur Malware Mimic As Mobile Antivirus Steals Login Credentials (cybersecuritynews.com)
‘Unblockable’ HMRC scam message on iPhones sparks warning (yahoo.com)
Lookout Threat Research Highlights Growing Mobile Security Risks | Business Wire
Internet of Things – IoT
Data Breaches/Leaks
Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News
NYSE parent fined $10M for breach reporting failure • The Register
Were The Ashley Madison Hackers Ever Caught? (screenrant.com)
49 Million Customers Impacted by API Security Flaw - Security Boulevard
Army personnel fear for their jobs after huge MoD cyber attack | The Independent
Criminal record database of millions of Americans dumped online | Malwarebytes
Optus denies claims of ‘cloaking’ Deloitte cyber attack report findings - Lawyers Weekly
Record breaking number of data breaches reported | Bailiwick Express
55,000 Impacted by Cyber Attack on California School Association - Security Week
Organised Crime & Criminal Actors
Were The Ashley Madison Hackers Ever Caught? (screenrant.com)
HP Catches Cyber Criminals 'Cat-Phishing' Users (darkreading.com)
Cyber crime on the rise as account takeovers become leading method (investmentnews.com)
YouTube has become a significant channel for cyber crime - Help Net Security
Ransomware innovation slowdown a product of crims' success • The Register
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking (thehackernews.com)
Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica
Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)
He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED
Insider Risk and Insider Threats
Human Error and AI Tops Cyber Security Threats in CISO Survey | Cryptopolitan
Can we fix the human error problem in cyber security? (siliconrepublic.com)
Insurance
Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)
Cyber insurance trends: reshaping the industry - SiliconANGLE
Supply Chain and Third Parties
Implementing Third-Party Risk Management Workflows | UpGuard
JAVS courtroom recording software backdoored in supply chain attack (bleepingcomputer.com)
Cloud/SaaS
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)
Security concerns impeding cloud migration | SC Media (scmagazine.com)
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (thehackernews.com)
Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)
Identity and Access Management
Encryption
Linux and Open Source
The economic model that made the internet, and the hack that almost broke it : Planet Money : NPR
400K Linux Servers Recruited by Resurrected Ebury Botnet (darkreading.com)
Are all Linux vendor kernels insecure? A new study says yes, but there's a fix | ZDNET
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
YouTube has become a significant channel for cyber crime - Help Net Security
How Secure Is The Metaverse? (A Look At Cyber Threats And Defences) (forbes.com)
Malvertising
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (bleepingcomputer.com)
The mystery of the targeted ad and the library patron • The Register
Windows admins targeted with clever malvertising scam | TechRadar
Training, Education and Awareness
Regulations, Fines and Legislation
NYSE parent fined $10M for breach reporting failure • The Register
Intercontinental Exchange Will Pay $10 Million to Resolve SEC Cyber Probe (wsj.com)
UK considering mandatory reporting for ransomware attacks (computing.co.uk)
How to stay on top of evolving cyber security legislation | RSM UK
Security Compliance 101: What It Is and How to Master It - Security Boulevard
Singapore updates cyber security law to expand regulatory oversight | ZDNET
The Dawn of DORA: Building a Resilient Financial Infrastructure (finextra.com)
What American Enterprises Can Learn From Europe's GDPR Mistakes (darkreading.com)
Preparing Your Organisation for Upcoming Cyber Security Deadlines (darkreading.com)
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
The IT skills shortage situation is not expected to get any better - Help Net Security
UK Government ramps up efforts to bridge cyber security skills gap (holyrood.com)
Persistent Burnout Is Still a Crisis in Cyber Security (darkreading.com)
5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast
Law Enforcement Action and Take Downs
Dutch police tracked a crypto theft to one of world’s worst botnets (thenextweb.com)
Police caught circumventing city bans on face recognition • The Register
10 Years in Prison for $4.5 million BEC Scammer Who Bought Ferrari to Launder Money | Tripwire
LockBit takedown taking toll as gang plummets down rankings • The Register
He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market | WIRED
Casino cyber attacks put a bullseye on Scattered Spider • The Register
First LockBit, now BreachForums: Are cops winning the war? • The Register
No time to take eye of the ball despite recent cyber success – report (emergingrisks.co.uk)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
World War War III May Already Have Started—in the Shadows (reason.com)
The state of cyber security: AI and geopolitics mean a bigger threat than ever - Verdict
Nation State Actors
China
The Security Interviews: What is the real cyber threat from China? | Computer Weekly
UK not heeding warning over China threat, says ex-cyber security chief (yahoo.com)
Newly Detected Chinese Group Targeting Military, Government Entities - Security Week
Spies, trade and tech: China’s relationship with Britain (economist.com)
Google, Meta warned that undersea internet cables at risk for Chinese espionage: report (nypost.com)
UK military in data breach - and other cyber security news | World Economic Forum (weforum.org)
Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (thehackernews.com)
Active Chinese Cyberespionage Campaign Rifling Email Servers (inforisktoday.com)
State hackers turn to massive ORB proxy networks to evade detection (bleepingcomputer.com)
Stronger critical infrastructure defence aimed by Army Cyber Command | SC Media (scmagazine.com)
Former Royal Marine charged with spying for China found dead (thetimes.co.uk)
Russia
New Star Wars Plan: Pentagon Rushes to Counter Threats in Orbit - The New York Times
British man, 64, charged with assisting Russian intelligence service | The Independent
Iran
North Korea
North Korea-linked Kimsuky APT attack targets victims via Messenger (securityaffairs.com)
US Official Warns a Cell Network Flaw Is Being Exploited for Spying | WIRED
North Korea-linked IT workers infiltrated hundreds of US firms (securityaffairs.com)
High-ranking military officials' e-mail hacked, possibly by N. Korea (koreaherald.com)
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
93% of vulnerabilities unanalysed by NVD since February | TechTarget
How AI-driven patching could transform cyber security | TechTarget
Vulnerabilities
Microsoft Edge gets fixes for five more security vulnerabilities - Neowin
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms (darkreading.com)
Veeam warns of critical Backup Enterprise Manager auth bypass bug (bleepingcomputer.com)
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days (darkreading.com)
Critical Flaw in AI Python Package Can Lead to System and Data Compromise - Security Week
This devious Wi-Fi security flaw could let hackers eavesdrop on your network with ease | TechRadar
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal (thehackernews.com)
Intel's Max Severity Flaw Affects AI Model Compressor Users (govinfosecurity.com)
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) - Help Net Security
Keylogger Embedded Microsoft Exchange Server Steals Login Credentials (cybersecuritynews.com)
Chrome 125 Update Patches High-Severity Vulnerabilities - Security Week
Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager - Security Week
Unauthenticated RCE Vulnerability in Fortinet FortiSIEM: PoC Published (cybersecuritynews.com)
Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern (thehackernews.com)
VMware Abused in Recent MITRE Hack for Persistence, Evasion - Security Week
High-severity GitLab flaw lets attackers take over accounts (bleepingcomputer.com)
CISA Warns of Actively Exploited Apache Flink Security Vulnerability (thehackernews.com)
Tools and Controls
New rules prompt 93% of organisations to rethink cyber security plans | Security Magazine
Microsoft to Mandate Multi-Factor Authentication for All Azure Users (cybersecuritynews.com)
What is a Third-Party Risk Assessment in Cyber Security? | UpGuard
Should You Buy Cyber Insurance in 2024? Pros & Cons (techopedia.com)
The Critical Role Of Web Filtering To Secure A Modern Workplace (forbes.com)
We put too much faith in our web browsers, here's why we shouldn't (xda-developers.com)
Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defences (thehackernews.com)
Google says Microsoft can’t be trusted after email security blunders | ITPro
Fighting identity fraud? Here's why we need better tech - Help Net Security
77 percent of organisations suffer cyber attacks due to identity issues (betanews.com)
Researchers spot cryptojacking attack that disables endpoint protections | Ars Technica
Microsoft's latest Windows 11 security features aim to make it 'more secure out of the box' | ZDNET
Are Your SaaS Backups as Secure as Your Production Data? (thehackernews.com)
Cyber insurance trends: reshaping the industry - SiliconANGLE
The Evolution of Security Operations Centres in the Past Decade | Information Security Buzz
When to Automate and When Not to Automate Security - Security Boulevard
Critical Capabilities of Cyber Security Risk Assessment Tools (cybersaint.io)
How AI-driven patching could transform cyber security | TechTarget
Reports Published in the Last Week
Other News
Aon reveals cyber attack/data breach as top risk for financial institutions - Reinsurance News
15 companies account for 62% of global attack surface | Security Magazine
Cyber attacks are soaring—treat them as an 'act of war', health care exec warns | Fortune Well
If the Lights Went Out: Exploring a Power Grid Failure (greydynamics.com)
Wars in Ukraine and Gaza raise UK infrastructure cyber threat level | New Civil Engineer
Malware power threat real and growing – researchers (emergingrisks.co.uk)
Microsoft’s President to Testify to House Panel on Cyber Security (bloomberglaw.com)
5 Ways SMBs Can Bridge the Cyber Security Skills Gap | Mimecast
Why cyber security is front and centre for rail - Railway Technology (railway-technology.com)
Mitigating cyber security risks in the technology sector | TechRadar
Cyber attacks on construction firms jump, new report finds | News | Building
FUD: How Fear, Uncertainty, and Doubt can ruin your security program - Security Boulevard
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 03 May 2024
Black Arrow Cyber Threat Intelligence Briefing 03 May 2024:
-Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
-91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
-BEC and Fund Transfer Fraud Top Insurance Claims
-Correlating Cyber Investments with Business Outcomes
-Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
-MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
-Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
-Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
-95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
-Human Factor a Significant Risk for Small and Medium-Sized Businesses.
-Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
-Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities
Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.
For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.
Sources: [Infosecurity Magazine]
91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit
Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.
The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.
In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.
Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]
BEC and Fund Transfer Fraud Top Insurance Claims
Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.
Source: [Infosecurity Magazine]
Correlating Cyber Investments with Business Outcomes
The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.
Source: [InfoRisk Today]
Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link
Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.
Sources: [MSSP Alert] [Verizon]
MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer
Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.
The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.
Source: [Reinsurance News]
Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties
Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.
Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.
Source: [Help Net Security]
Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.
Source: [ITPro]
95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right
A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.
When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.
Sources: [Business Wire] [Security Magazine]
Human Factor a Significant Risk for Small and Medium-Sized Businesses.
A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.
Sources: [Beta News] [Business Wire]
Microsoft CEO Says it is Putting Security Above All Else in Major Refocus
Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.
Sources: [TechRadar]
Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams
A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.
Source: [Minute Hack]
Governance, Risk and Compliance
Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert
Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget
Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)
95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire
95% of organisations adjusted cyber security strategies this past year | Security Magazine
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)
How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)
Correlating Cyber Investments with Business Outcomes (inforisktoday.com)
Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
97% of security leaders have increased SaaS security budgets - Help Net Security
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek
What needs to change to overcome nonchalant security approaches | TechRadar
Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)
Threats
Ransomware, Extortion and Destructive Attacks
Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)
91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET
1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)
There was an 81% year-over-year increase in ransomware attacks | Security Magazine
Ransom recovery costs reach $2.73 million - Help Net Security
Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
How Businesses Should Grapple With Ransomware Threats (eetimes.eu)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
Ransomware Victims
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Almost all US hospitals took financial hit from Change hack, AHA says | Reuters
Another major pharmacy chain shuts following possible cyber attack | TechRadar
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)
LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)
French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)
'Cybersecurity incident' closes London Drugs' pharmacies • The Register
Phishing & Email Based Attacks
AI-driven phishing attacks deceive even the most aware users - Help Net Security
US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)
If you receive a Shein mystery box, do not open it | TechRadar
Why the automotive sector is a target for email-based cyber attacks - Help Net Security
BEC
BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering
FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)
A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag
Artificial Intelligence
AI-driven phishing attacks deceive even the most aware users - Help Net Security
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
How AI and data protection intersect in today's threat era - SiliconANGLE
Understanding emerging AI and data privacy regulations - Help Net Security
To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)
From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com
Cyber security experts face AI risks, deepfakes, burnout | Fortune
US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)
Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek
2FA/MFA
Malware
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
Guarding the Gates: The Growing Abundance of Linux Malware - VMRay
Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
Mobile
Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)
New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)
Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
A glaring Android TV security flaw might put your Gmail at risk | Android Central
Data Breaches/Leaks
PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News
Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)
FBCS data breach impacted 2M individuals (securityaffairs.com)
States shares health debt data of 5,000 in an email | Guernsey Press
Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)
Australian pubgoers' personal info posted to leak site • The Register
Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)
Panda Restaurant Group disclosed a data breach (securityaffairs.com)
Organised Crime & Criminal Actors
AI is creating a new generation of cyber attacks - Help Net Security
Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Insider Risk and Insider Threats
How insider threats can cause serious security breaches - Help Net Security
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Insurance
Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)
Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)
Supply Chain and Third Parties
Cloud/SaaS
New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security
97% of security leaders have increased SaaS security budgets - Help Net Security
Encryption
UK's Investigatory Powers Bill approved to become law • The Register
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Change Healthcare breached via Citrix portal with no MFA | TechTarget
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)
New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)
How to use a YubiKey to log into Windows and macOS (xda-developers.com)
Social Media
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)
Training, Education and Awareness
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)
Regulations, Fines and Legislation
UK's Investigatory Powers Bill approved to become law • The Register
UK rolls out new consumer safeguards for smart devices (betanews.com)
FCC fines major wireless carriers over illegal location data sharing - Help Net Security
Understanding emerging AI and data privacy regulations - Help Net Security
CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop
Data Protection
Careers, Working in Cyber and Information Security
Cyber security experts face AI risks, deepfakes, burnout | Fortune
The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online
Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop
Cyber Security Degrees, Are They Really Worth It? | HackerNoon
Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek
Law Enforcement Action and Take Downs
Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)
Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)
Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)
CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)
Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)
Germany grapples with wave of spying threats from Russia and China - BBC News
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek
Think tank: Tech companies spread China's propaganda • The Register
China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Chinese government website security has big problems • The Register
Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)
Russia
Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)
Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek
Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop
Germany grapples with wave of spying threats from Russia and China - BBC News
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)
Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek
Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)
Two British men charged with helping Russian intelligence - BBC News
Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)
Iran
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Vulnerability exploitation nearly tripled in 2023 (telecoms.com)
Vulnerabilities
Cisco devices again targeted by state-linked threat campaign - TechCentral.ie
Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)
1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)
Most attacks affecting SMBs target five older vulnerabilities | CSO Online
Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)
UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)
Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)
WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot
Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)
Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)
Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)
NTLM auth traffic spikes after Windows Server patch • The Register
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)
Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)
1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek
Tools and Controls
Why remote desktop tools are facing an onslaught of cyber threats | ITPro
Correlating Cyber Investments With Business Outcomes (inforisktoday.com)
When is One Vulnerability Scanner Not Enough? (thehackernews.com)
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
Can automating security relieve CISO pressure? (techinformed.com)
10 Critical Endpoint Security Tips You Should Know (thehackernews.com)
Businesses turn to generative AI but many don't have policies on it (betanews.com)
Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack
Organisations Struggle with Zero Trust: Gartner | MSSP Alert
Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)
97% of security leaders have increased SaaS security budgets - Help Net Security
DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)
How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)
Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)
Why LLMs are predicting the future of compliance and risk management | VentureBeat
Other News
Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar
A Season Of Health Breaches, A Season Of Changes (forbes.com)
Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)
NCSC updates warning over hacktivist threat to CNI | Computer Weekly
The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)
During National Small Business Week, Take Steps to Secure Your Business | CISA
At Microsoft, years of security debt come crashing down | Cybersecurity Dive
Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 April 2024
Black Arrow Cyber Threat Intelligence Briefing 19 April 2024:
-94% of Ransomware Victims Have Their Backups Targeted by Attackers
-Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
-Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
-Your Annual Cyber Security Is Not Working, but There is a Solution
-73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
-Russia and Ukraine Top Inaugural World Cyber Crime Index
-Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
-Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
-The Threat from Inside: 14% Surge in Insider Threats Compared to Previous Year
-Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
-Large Enterprises Experience Breaches, Despite Large Security Stacks - Report Finds 93% of Breaches Lead to Downtime and Data Loss
-Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
94% of Ransomware Victims Have Their Backups Targeted by Attackers
Organisations that have backed up sensitive data may believe they are safe from the effects of ransomware attacks; however a new study by Sophos reported that cyber criminals attempted to compromise the backups of 94% of companies hit by ransomware in the past year. The research found that criminals can demand a higher ransom when they compromise an organisation’s backup data, and those victims are twice as likely to pay. The median ransom demand is $2.3 million when backups are compromised, compared to $1 million otherwise.
Additionally, sectors like state and local governments, along with media and entertainment, are particularly vulnerable with nearly all affected organisations experiencing backup compromises.
Source: [Tech Republic]
Sharing IT Providers Is a Risk for Financial Services, Says IMF, as Rising Cyber Threats Pose Serious Concerns for Financial Stability
The International Monetary Fund has found that with greater digitalisation and heightened geopolitical tensions comes a greater risk of cyber attack with systemic consequences. The IMF noted that losses more than quadrupled since 2017 to $2.5 billion.
The push for technology has led to a number of financial services institutions relying on third-party IT firms, increasing their susceptibility to cyber disruption on a wider scale and a potential ripple effect were a third party to be hit. Whilst such third parties can increase the cyber resilience of a financial services institution, they also expose the industry to systemwide shocks, the IMF reports.
The IMF recommend institutions should identify potential systematic risks in their third-party IT firms. If the organisation is unable to perform such risk assessments, they should seek the expert support of an independent cyber security specialist.
Sources: [The Banker] [IMF]
Hackers are Threatening to Publish a Huge Stolen Sanctions and Financial Crimes Watchlist
A cyber crime group named GhostR has claimed responsibility for stealing 5.3 million records from the World-Check database, which companies use for "know your customer" (KYC) checks to screen potential clients for financial crime risks. The data theft occurred in March and originated from a Singapore-based firm with access to World-Check. The London Stock Exchange Group (LSEG), which owns World-Check, confirmed that the breach involved a third-party's dataset and not their systems directly. The stolen data includes sensitive information on individuals identified as high-risk, such as government-sanctioned figures and those linked to organised crime. LSEG is coordinating with the affected third party and authorities to protect the compromised data and prevent its dissemination.
Source: [TechCrunch]
Your Annual Cyber Security Is Not Working, But There is a Solution
Most organisations utilise annual security training in an attempt to ensure every department develops their cyber awareness skills and is able to spot and report a threat. However, this training is often out of date. Additionally, often training has limited interactivity, failing to capture and maintain employees’ attention and retention. On top of this, many training courses fail to connect employees to real-world scenarios that could occur in their specific job.
To get the most return on investment, organisations need to have more regular education, with the aim of long-term behavioural shifts in the work place, nudging employees towards greater cyber hygiene.
Source: [TechRadar]
73% of Security Professionals Say They’ve Missed, Ignored or Failed to Act on a High Priority Security Alert
A new survey from Coro, targeting small medium enterprises (SME) cyber security professionals, reveals that 73% have missed or ignored high priority security alerts due to overwhelming workloads and managing multiple security tools. The 2024 SME Security Workload Impact Report highlights that SMEs are inundated with alerts and responsibilities, which dilute their focus from critical security threats. On average, these professionals manage over 11 security tools and spend nearly five hours daily on tasks like monitoring and patching vulnerabilities. Respondents handle an average of over 2,000 endpoint security agents across 656 devices, more than half dealing with frequent vendor updates.
Source: [Business Wire]
Russia and Ukraine Top Inaugural World Cyber Crime Index
The inaugural World Cybercrime Index (WCI) identifies Russia, Ukraine, and China as the top sources of global cyber crime. This index, the first of its kind, was developed over four years by an international team from the University of Oxford and the University of New South Wales, with input from 92 cyber crime experts. These experts ranked countries based on the impact, professionalism, and technical skills of their cyber criminals across five cyber crime categories, including data theft, scams, and money laundering. Russia topped the list, followed by Ukraine and China, highlighting their significant roles in high-tech cyber criminal activities. The index, expected to be updated regularly, aims to provide a clearer understanding of cyber crime's global geography and its correlation with national characteristics like internet penetration and GDP. Of note the UK and US also made the top ten list, so it is not just other countries we need to worry about.
Top ten Countries in full:
1. Russia
2. Ukraine
3. China
4. United States
5. Nigeria
6. Romania
7. North Korea
8. United Kingdom
9. Brazil
10. India
Source: [Infosecurity Magazine]
Police Takedown Major Cyber Fraud Superstore: Will the Cyber Crime Industry Become More Fragmented?
The London Metropolitan Police takedown of online fraud service LabHost serves as a reminder of the industrial scale on which cyber crimes are being performed, with the service amassing 480,000 debit or credit card numbers and 64,000 PINs: all for the subscription price of £300 a month. The site even included tutorial videos on how to commit crime and offered customer service.
Such takedowns can lead to fragmentation. The 2,000 individuals subscribed to LabHost may have lost access but where there is demand, supply will be found. The takedown of one service allows other, small services to fill the gap. As the saying goes ‘nature abhors a vacuum’ and it is especially true when it comes to cyber crime; there is too much business for empty spaces not to be filled.
Sources: [ITPro] [The Guardian]
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat
Small businesses are experiencing a stable business climate, as reflected by the Small Business Index, indicating an increasing optimism about the economy. However, the recent surge in cyber attacks, including major assaults on UnitedHealth Group and MGM Resorts, has underscored the growing vulnerability of these businesses to cyber crime. Despite 80% of small to medium-sized enterprises feeling well-protected by their IT defences, a Devolutions survey reveals that 69% of them still fell victim to cyber attacks last year. This has led to cyber security being viewed as the greatest threat by 60% of small businesses, even surpassing concerns over supply chain disruptions and the potential for another pandemic.
The average cost of these attacks ranges from $120,000 to $1.24 million, leading to 60% of affected businesses closing within six months. This vulnerability is further compounded by a common underestimation of the ransomware threat. While 71% of businesses feel prepared for future threats, the depth of this preparedness varies, with only 23% feeling very prepared for cyber security challenges.
Sources: [Claims Journal] [Inc.com]
The Threat from Inside: Insider Threats Surge 14% Annually as Cost-of-Living Crisis Bites
Employee fraud grew significantly last year thanks to the opportunities afforded by remote working and the pressures of a cost-of-living crisis in the UK, according to Cifas, an anti-fraud non-profit. The number of individuals recorded in its cross-sector Insider Threat Database (ITD) increased 14% year-on-year (YoY) in 2023, with the most common reason being “dishonest action to obtain benefit by theft or deception” (49%).
Insider threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm.
Source: [Infosecurity Magazine] [TechRadar]
Dark Web Sales Driving Major Rise in Credential Attacks as Attackers Pummel Networks with Millions of Login Attempts
Dark web sales are driving a major rise in credential attacks, with a surge in infostealer malware attacks over the last three years significantly heightening the cyber crime landscape. Kaspersky reports a sevenfold increase in data theft attacks, leading to the compromise of over 26 million devices since 2022. Cyber criminals stole roughly 400 million login credentials last year alone, often sold on dark web markets for as low as $10 per log file. These stolen credentials have become a lucrative commodity, fostering a complex economy of initial access brokers who facilitate broader corporate network infiltrations. The Asia-Pacific and Latin America regions have been particularly affected, with millions of credentials stolen annually.
Simultaneously, Cisco’s Talos team warns of a current credential compromise campaign targeting networks via mass login attempts to VPN, SSH, and web apps. Attackers use a mix of generic and specific usernames with nearly 100 passwords from about 4,000 IP addresses, likely routed through anonymising services (such as TOR). These attacks pose risks like unauthorised access, account lockouts, and potential denial-of-service. The attack volume has increased since 18 March this year mirroring a previous alert by Cisco about a similar campaign affecting VPNs. Despite method and infrastructure similarities, a direct link between these campaigns is yet to be confirmed.
Sources: [Ars Technica] [Data Breach Today]
Large Enterprises Experience Breaches, Despite Large Security Stacks; Report Finds 93% of Breaches Lead to Downtime and Data Loss
93% of enterprises admitting to having had a breach have suffered significant consequences, ranging from unplanned downtime to data exposure or financial loss, according to a recent report. 73% of organisations made changes to their IT environment at least quarterly, however only 40% tested their security at the same frequency. Unfortunately, this means that many organisations are facing a significant gap in which changes in the IT environment are untested, and therefore their risk unknown.
Security tools can aid this, however as the report finds, despite having a large number of security stacks, 51% still reported a breach in the past 24 months. Organisations must keep in mind that security extends beyond the technical realm, and it needs to include people and operations.
Sources: [Infosecurity Magazine] [Help Net Security]
Charities Doing Worse than Private Sector in Staving off Cyber Attacks
Recent UK Government data reveals a significant cyber security challenge for charities, with about a third experiencing breaches this past year, equating to nearly 924,000 cyber crimes. Notably, 83% of these incidents involved phishing, with other prevalent threats including fraud emails and malware. The data found that 63% of charities said cyber security was a high priority for senior management, however, charities lag behind the private sector in adopting security monitoring tools and conducting risk assessments.
Additionally, while half of the charities implement basic cyber hygiene defences like malware protection and password policies, only about 40% seek external cyber security guidance.
Source: [TFN]
Governance, Risk and Compliance
Cyber attack volumes peak in first quarter | SC Media (scmagazine.com)
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Security breaches are causing more damage than ever before | TechRadar
Small Businesses See Stable Business Climate; Cite Cyber Security as Top Threat (claimsjournal.com)
51% of enterprises experienced a breach despite large security stacks - Help Net Security
Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)
Ex-Uber security exec Joe Sullivan is advising CISOs on how to avoid his legal fate (axios.com)
Cyber Security Tips for Small Businesses Now Considered Big Hacking Targets | Inc.com
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Threats
Ransomware, Extortion and Destructive Attacks
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
FBI: Akira ransomware raked in $42 million from 250+ victims (bleepingcomputer.com)
What if we made ransomware payments illegal? | SC Media (scmagazine.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
A whole new generation of ransomware makers are attempting to shake up the market | TechRadar
Security Think Tank: Approaches to ransomware need a course correction | Computer Weekly
Ransomware Victims Who Pay a Ransom Drops to Record Low (databreachtoday.co.uk)
Ransomware Victims
Change Healthcare’s ransomware attack costs reach nearly $1B • The Register
Ransomware attacks against food, agriculture industry examined | SC Media (scmagazine.com)
Ransomware attack compromises UN agency data | SC Media (scmagazine.com)
840-bed hospital in France postpones procedures after cyber attack (bleepingcomputer.com)
US think tank Heritage Foundation hit by cyber attack | TechCrunch
Daixin ransomware gang claims attack on Omni Hotels (bleepingcomputer.com)
Ransomware feared as Octapharma Plasma closes 150+ centers • The Register
Cyber Attack Takes Frontier Communications Offline (darkreading.com)
Phishing & Email Based Attacks
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
FIN7 targets American automaker’s IT staff in phishing attacks (bleepingcomputer.com)
Other Social Engineering
Quishing: The New Cyber Threat to the Cleared Workplace - ClearanceJobs
FBI warns of massive wave of road toll SMS phishing attacks (bleepingcomputer.com)
Cyber criminals pose as LastPass staff to hack password vaults (bleepingcomputer.com)
Artificial Intelligence
CISOs not changing priorities in response to AI threats (betanews.com)
92% of enterprises unprepared for AI security challenges - Help Net Security
AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (thehackernews.com)
Best Practices & Guidance For AI Security Deployment 2024 (gbhackers.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
2FA/MFA
Cisco Duo warns third-party data breach exposed SMS MFA logs (bleepingcomputer.com)
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Malware
LockBit 3.0 Variant Generates Custom, Self-Propagating Malware (darkreading.com)
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (thehackernews.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
New SteganoAmor attacks use steganography to target 320 orgs globally (bleepingcomputer.com)
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (thehackernews.com)
Fake cheat lures gamers into spreading infostealer malware (bleepingcomputer.com)
Mobile
Government spyware is another reason to use an ad blocker | TechCrunch
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Enterprises face significant losses from mobile fraud - Help Net Security
SoumniBot malware exploits Android bugs to evade detection (bleepingcomputer.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
How to protect IP surveillance cameras from Wi-Fi jamming - Help Net Security
CISA warns of critical vulnerability in Chirp smart locks • The Register
New rules for security of connected products in the UK and EU - Lexology
Data Breaches/Leaks
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Panama Papers: Money laundering trial of 27 defendants begins
Giant Tiger data breach may have impacted millions of customers (securityaffairs.com)
5 Ways Your Personal Information May End Up On The Dark Web (slashgear.com)
Law Firm to Pay $8M to Settle Health Data Hack Lawsuit (databreachtoday.co.uk)
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Ex-Amazon engineer gets 3 years for hacking crypto exchanges (bleepingcomputer.com)
Security engineer jailed for 3 years for $12M crypto hacks | TechCrunch
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (bleepingcomputer.com)
Insider Risk and Insider Threats
Insurance
Cloud/SaaS
What Is Microsoft's Role in the Shared Responsibility Model for Data Security? (prweb.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Identity and Access Management
Linux and Open Source
Open source groups say more software projects may have been targeted for sabotage (yahoo.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Passwords, Credential Stuffing & Brute Force Attacks
Attackers are pummelling networks around the world with millions of login attempts | Ars Technica
Roku Mandates 2FA for Customers After Credential-Stuffing Compromise (darkreading.com)
Cisco warns of large-scale brute-force attacks against VPN and SSH services (securityaffairs.com)
For Service Accounts, Accountability Is Key to Security (darkreading.com)
Dark Web Sales Driving Major Rise in Credential Attacks (databreachtoday.co.uk)
Social Media
Malvertising
Government spyware is another reason to use an ad blocker | TechCrunch
Google to crack down on third-party YouTube apps that block ads (bleepingcomputer.com)
Training, Education and Awareness
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
Cyber security training: How to make it more motivating (hrexecutive.com)
Regulations, Fines and Legislation
US Supreme Court ruling suggests change in cyber security disclosure process | CSO Online
New rules for security of connected products in the UK and EU - Lexology
Congress votes to kick Uncle Sam’s data broker habit • The Register
Cops can force suspect to unlock phone with thumbprint, US court rules | Ars Technica
Models, Frameworks and Standards
Backup and Recovery
Data Protection
Careers, Working in Cyber and Information Security
IT and security professionals demand more workplace flexibility - Help Net Security
National Security at Risk as Essential Cyber Security Roles Face Sharp Decline (prnewswire.com)
Break Security Burnout: Combining Leadership With Neuroscience (darkreading.com)
Law Enforcement Action and Take Downs
Firebird RAT creator and seller arrested in the US and Australia (bleepingcomputer.com)
Moldovan charged for operating botnet used to push ransomware (bleepingcomputer.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
China
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
Leaked FBI document shows MPs were kept in dark over China hack for two years (inews.co.uk)
Risks are higher than ever for US- China cyber war | Responsible Statecraft
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
Singapore infosec boss: splinternet hinders interoperability • The Register
FBI says Chinese hackers preparing to attack US infrastructure | Reuters
Chinese fraud victims seek return of £3bn in bitcoin seized in UK (ft.com)
Russia
Chinese, Russian Hackers Keep Getting Past Microsoft's Security (businessinsider.com)
CISA orders agencies impacted by Microsoft hack to mitigate risks (bleepingcomputer.com)
Microsoft breach allowed Russia to steal Feds' emails • The Register
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
How Ukraine’s cyber police fights back against Russia’s hackers | TechCrunch
Russian 'Cyber Sabotage' A Global Threat: Security Firm | IBTimes
Mandiant upgrades Sandworm to APT44 due to increasing threat | TechTarget
Russia's Sandworm 'cyber attacked US, EU water utilities' • The Register
Sandworm Group Shifts to Espionage Attacks, Hacktivist Personas | Decipher (duo.com)
Russia is trying to sabotage European railways, Czech minister said (securityaffairs.com)
Singapore infosec boss: splinternet hinders interoperability • The Register
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (thehackernews.com)
Destructive ICS Malware 'Fuxnet' Used by Ukraine Against Russian Infrastructure - Security Week
Iran
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (thehackernews.com)
Middle East Cyber Ops Intensify, With Israel the Main Target (darkreading.com)
Iran-Backed Hackers Blast Out Threatening Texts to Israelis (darkreading.com)
Israel Holds Hybrid Cyber & Military Readiness Drills (darkreading.com)
North Korea
Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence
Vulnerability Management
How to conduct security patch validation and verification | TechTarget
Zero-Day Vulnerabilities: A Beginner’s Guide - The New Stack
The importance of the Vulnerability Operations Centre for cyber security | TechRadar
Vulnerabilities
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls - Security Week
“Highly capable” hackers root corporate networks by exploiting firewall 0-day | Ars Technica
Cisco discloses root escalation flaw with public exploit code (bleepingcomputer.com)
PuTTY SSH client flaw allows recovery of cryptographic private keys (bleepingcomputer.com)
Citrix Releases Security Updates for XenServer and Citrix Hypervisor | CISA
Yubico Issues YubiKey Security Alert For Windows Users (forbes.com)
Samsung Issues Update Now Warning For Millions Of Galaxy Users (forbes.com)
Juniper Networks Publishes Dozens of New Security Advisories - Security Week
Ivanti warns of critical flaws in its Avalanche MDM solution (bleepingcomputer.com)
Oracle Patches 230 Vulnerabilities With April 2024 CPU - Security Week
iPhone users warned to disable iMessage temporarily to avoid getting hacked - PhoneArena
Delinea Fixes Flaw After Analyst Goes Public With Disclosure First (darkreading.com)
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (thehackernews.com)
Telegram fixes Windows app zero-day used to launch Python scripts (bleepingcomputer.com)
Critical RCE Vulnerability in 92,000 D-Link NAS Devices - Security Boulevard
Tools and Controls
Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted (techrepublic.com)
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (darkreading.com)
CISA's Malware Analysis Platform Could Foster Better Threat Intel (darkreading.com)
Pentesting accounts for an average of 13% of total IT security budgets | Security Magazine
Annual cyber security training isn’t working, so what’s the alternative? | TechRadar
6 Ways Businesses Can Boost Their Cloud Security Resilience - Compare the Cloud
Dark Web Monitoring: What's the Value? (bleepingcomputer.com)
Ransomware, meet DRaaS: The future of disaster mitigation (betanews.com)
Cyber security training: How to make it more motivating (hrexecutive.com)
The Five Main Steps In A Compliance Risk Assessment Plan (forbes.com)
AI set to enhance cyber security roles, not replace them - Help Net Security
Stateful vs. stateless firewalls: Understanding the differences | TechTarget
Reports Published in the Last Week
Other News
Charities doing worse than private sector in staving off cyber attacks - TFN
The US counterintelligence head says the list of threats is long and getting longer (cfpublic.org)
Critical Infrastructure Security: Observations From the Front Lines (darkreading.com)
Geopolitical tensions escalate OT cyber attacks - Help Net Security
Microsoft, Beset by Hacks, Grapples With Problem Years in the Making - BNN Bloomberg
The invisible seafaring industry that keeps the internet afloat (theverge.com)
Do we have a plan on how to deal with subsea cables sabotage? | Euronews
Ex-GCHQ chief: Cyber attacks could target fragile trust in utilities - Utility Week
University chiefs to get security service Cobra briefing on hostile states | The Argus
SAP Applications Increasingly in Attacker Crosshairs, Report Shows - Security Week
Emergency services a likely target for cyber attacks, warns DHS - ABC News (go.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 13 October 2023
Black Arrow Cyber Threat Intelligence Briefing 13 October 2023:
-Small Businesses Hit by Frequent Cyber Attacks as 90% of CISOs Faced at least One Attack Last Year
-The Most Effective Cyber Attacks Never Touch Your Organisation's Firewall, HR’s Role in Defending the Organisation
-Ransomware Infection Times Fall from 5 Days to 5 Hours
-80% of Security Leaders See AI as the Biggest Threat to Business
-Is Your Board Cyber-Ready?
-Cyber Security Should Be a Business Priority for CEOs
-The Looming Threat of a Single Phishing Click to Your Business
-40% of Organisations Leave Ransomware to IT
-Auditors Growing Concern About Cyber Security
-The Cyber Villains Are Getting Bolder: Businesses Need to Up Their Game
-Preparing for the Unexpected: A Proactive Approach to Operational Resilience
-Staggering Losses to Social Media and Social Engineering Since 21, as Victims Take $2.7 Billion Hit in US Alone
-Organisations Grapple with Detection and Response Despite Rising Security Budgets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year
A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.
In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.
Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.
Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]
The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation
In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.
Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.
Source: [News Week] [Beta News]
Ransomware Infection Times Fall from 5 Days to 5 Hours
The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.
This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.
The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.
Sources: [Cision] [PC Mag] [Security Magazine]
80% of Security Leaders See AI as the Biggest Threat to Business
A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.
In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.
With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.
Sources: [Diginomica] [Infosecurity Magazine]
Is Your Board Cyber-Ready?
With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.
Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.
Sources: [Harvard.edu] [JDSupra]
Cyber Security Should Be a Business Priority for CEOs
A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.
Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.
Source: [HelpNet Security]
The Looming Threat of a Single Phishing Click to Your Business
A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.
Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation.
Source: [CMS-lawnow]
40% of Organisations Leave Ransomware to IT
A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.
By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [MSSP Alert]
Auditors’ Growing Concern About Cyber Security
The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.
Source: [Accounting Today]
Preparing for the Unexpected: A Proactive Approach to Operational Resilience
Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.
Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.
Source: [Dark Reading]
Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone
The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.
It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.
Sources: [Bleeping Computer] [Infosecurity Magazine]
Organisations Grapple with Detection and Response Despite Rising Security Budgets
A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.
The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.
Source: [CSO Online]
Governance, Risk and Compliance
Auditors more worried about cyber security than AI risks | Accounting Today
Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar
Warning as more businesses fall victim to cyber attacks | Insurance Times
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)
90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)
The world was already horrifying — technology is making it more so - The Hustle
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Cyber security should be a business priority for CEOs - Help Net Security
Organisations grapple with detection and response despite rising security budgets | CSO Online
The undeniable benefits of making cyber resiliency the new standard | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
Cyber insurance costs pressure business budgets - Help Net Security
C-suite weighs in on generative AI and security (securityintelligence.com)
Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023
New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)
Should businesses follow Google’s footsteps in cyber security? | TechRadar
Cyber security is booming but it comes at a human cost (betanews.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)
6 steps to getting the board on board with your cyber security program (welivesecurity.com)
Threats
Ransomware, Extortion and Destructive Attacks
First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine
Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert
Cyber criminals can go from click to compromise in less than a day - Help Net Security
Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)
Ransomwared health insurer wasn't using anti-virus software • The Register
Everest searching for corporate insiders amid rare pivot • The Register
HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)
How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)
SEC Investigating Progress Software Over MOVEit Hack - Security Week
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)
Ransomware Victims
Cyber attack victim Estes making ‘steady progress’ - FreightWaves
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Ransomwared health insurer wasn't using anti-virus software • The Register
BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)
Phishing & Email Based Attacks
The looming threat of a single phishing click to your business (cms-lawnow.com)
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Phishing, the campaigns that are affecting Italy (securityaffairs.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News
'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)
Cyber security pros predict rise of malicious AI - Help Net Security
Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)
C-suite weighs in on generative AI and security (securityintelligence.com)
68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)
US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)
Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)
How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)
2FA/MFA
Malware
Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)
Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)
How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)
Endpoint malware attacks decline as campaigns spread wider - Help Net Security
Mobile
Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)
Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)
5 quick tips to strengthen your Android phone security today | ZDNET
Botnets
Denial of Service/DoS/DDOS
HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)
Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert
Internet of Things – IoT
Automotive cyber security: A decade of progress and challenges - Help Net Security
Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)
Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week
Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)
Data Breaches/Leaks
3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)
23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)
DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)
Lyca Mobile says customer data was stolen during cyber attack | TechCrunch
Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)
Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews
Air Europa customers urged to cancel cards following hack on payment system (therecord.media)
Dymocks breach happened while changing providers | Information Age | ACS
Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)
Organised Crime & Criminal Actors
The cyber villains are getting bolder. Businesses need to up their game - Raconteur
Protecting your business against the cyber criminal enterprise (techuk.org)
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
Insider Risk and Insider Threats
Everest searching for corporate insiders amid rare pivot • The Register
Former US soldier accused of trying to pass secrets to China • The Register
Understanding the human factor of digital safety | TechRadar
Fraud, Scams & Financial Crime
Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media
Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian
Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED
What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog
Never click on bank-draining words if message pops up, expert warns (ladbible.com)
Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian
Deepfakes
AML/CFT/Sanctions
Insurance
Cyber insurance costs pressure business budgets - Help Net Security
Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News
Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)
Keeping up with the demands of the cyber insurance market - Help Net Security
Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)
Supply Chain and Third Parties
Software Supply Chain
Why open-source software supply chain attacks have tripled in a year | CSO Online
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Cloud/SaaS
The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)
Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology
Securely Moving Financial Services to the Cloud (darkreading.com)
Identity and Access Management
Encryption
New cryptographic protocol aims to bolster open-source software security | ZDNET
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
API
Open Source and Linux
New cryptographic protocol aims to bolster open-source software security | ZDNET
Why open-source software supply chain attacks have tripled in a year | CSO Online
Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
CISA publishes top 10 most common security misconfigurations • The Register
Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)
Social Media
FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)
LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)
Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)
What should you do if your Facebook is hacked? (pocket-lint.com)
Parental Controls and Child Safety
Regulations, Fines and Legislation
Models, Frameworks and Standards
Data Protection
Careers, Working in Cyber and Information Security
Work-related stress “keeps cyber professionals up at night” | ITPro
Cyber security is booming but it comes at a human cost (betanews.com)
eBook: Cyber security career hacks for newcomers - Help Net Security
Turning military veterans into cyber security experts - Help Net Security
CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week
Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)
Law Enforcement Action and Take Downs
European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Misc Nation State/Cyber Warfare
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)
Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)
The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)
Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)
Russia
Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)
Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)
Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba
Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)
Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)
Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)
China
A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)
Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)
Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)
Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)
China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert
Former US soldier accused of trying to pass secrets to China • The Register
Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
Iran
Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)
North Korea
Vulnerability Management
Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)
Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert
Vulnerabilities
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)
Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week
Google Chrome 118 is a massive security update - gHacks Tech News
Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)
Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)
Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)
Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)
WhatsApp exploits commanding multi-million prices (computing.co.uk)
High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)
Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week
Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)
Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica
New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)
libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)
D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)
Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)
Apple releases iOS 16.7.1 to plug critical security holes | Macworld
The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)
Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)
35 Squid proxy bugs still unpatched after 2 years • The Register
Fortinet Releases Security Updates for Multiple Products | CISA
Tools and Controls
Organisations grapple with detection and response despite rising security budgets | CSO Online
Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)
A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)
Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)
16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)
A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)
Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)
Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)
You can't avoid APIs, so you need to secure them (betanews.com)
What is External Attack Surface Management (EASM)? | UpGuard
Why You Should Phish In Your Own (informationsecuritybuzz.com)
Why zero trust delivers even more resilience than you think - Help Net Security
Unmasking the limitations of yearly penetration tests - Help Net Security
Keeping up with the demands of the cyber insurance market - Help Net Security
Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)
Keep on keeping your organisation informed to stay cyber secure (techuk.org)
Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)
Reports Published in the Last Week
Other News
Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)
Large law firms experiencing two 'cyber incidents' a month - Legal Futures
Small businesses growing target for cyber criminals (planetradio.co.uk)
The world was already horrifying — technology is making it more so - The Hustle
Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)
Subsea cable business seeks to plug its security holes (lightreading.com)
Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)
Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)
Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star
Proactive not reactive: adjusting the approach to cyber crime in education
Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)
As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security
Electric Power System Cyber Security Vulnerabilities (trendmicro.com)
Securing the Food Pipeline from Cyber Attacks (newswise.com)
US construction giant reports cyber security incident • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.