Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Most Attacks Impacting SMB’s Target Older, Unpatched Vulnerabilities

Attackers continue to aggressively target small and mid-size businesses using specific high-profile vulnerabilities dating back a decade or more, network telemetry shows. Findings have shown that this is due to these vulnerabilities featuring in a wide range of products. Due to their prevalence, they can often become missed by organisations conducting patch management and therefore leave the organisation open.

For this reason it is critical that all organisations, including smaller organisations, have internal as well as external vulnerability scanning. You might believe your systems are patched up to date but there is no way to confirm without scanning , or to know which patches might have been missed.

Sources: [Infosecurity Magazine]

91% of Ransomware Victims Paid At least One Ransom in the Past Year, as 1 in 5 Ransomware Attacks Triggers Lawsuit

Ransomware attacks saw a significant surge in 2023, following a dip in 2022. The number of victims increased by 66% from 2022 to 2023, with 91% of those affected paying at least one ransom. 58% of organisations have been targeted six times or more.

The Sophos State of Ransomware 2023 report highlighted ransom payments rose by 500%; nearly two-thirds exceeded $1m or more, with an average payment of $2m. Furthermore, 30% of the demands were for over $5m.

In the US, 18% of incidents led to litigation, with 123 lawsuits filed in 2023 and 355 over five years. Data breaches, affecting 283.3 million records, primarily triggered these lawsuits, especially in healthcare and finance sectors. The resolution rate is 59%, with the highest settlement at $8.7m. Regulatory fines added nearly $10m to the financial impact. These figures underscore the significant financial implications of ransomware attacks and the urgent need for robust cyber security measures.

Sources: [ZD Net] [Infosecurity Magazine] [Security Magazine] [PrNewsWire] [Infosecurity Magazine]

BEC and Fund Transfer Fraud Top Insurance Claims

Cyber Insurer Coalition's 2024 Cyber Claims Report highlights a significant trend in cyber security threats, identifying email-based fraud as the predominant cause of insurance claims in 2023, accounting for 53% of all claims. Business email compromise (BEC) and funds transfer fraud (FTF) topped the list, contributing to 28% of claims and increasing claim amounts by 24% to an average loss exceeding $278,000. In contrast, ransomware, while less frequent at 19% of claims, also saw a rise in both frequency and severity, with average losses climbing to over $263,000. The report also notes a 13% year-on-year surge in overall claims, with substantial losses tied to compromised network security devices and a notable vulnerability in organisations using exposed remote desktop protocols.

Source: [Infosecurity Magazine]

Correlating Cyber Investments with Business Outcomes

The US Securities and Exchange Commission (SEC) has implemented stringent new rules compelling organisations to report significant cyber incidents within four days and to annually disclose details concerning their cyber security risk management, strategy, and governance. These mandates are seen as giving “more teeth to the idea that cyber security is a business problem” and “bringing an element of cyber security to the boardroom” according to cyber security solutions provider SecurityGate. Highlighted in the "Cybersecurity Insights" podcast, experts argue for simplifying cyber security strategies, advocating sustained resource allocation over reactive measures, and emphasising the importance of training over expensive solutions. These steps are deemed crucial for enhancing organisational resilience and security in a landscape where cyber threats are increasingly sophisticated and pervasive.

Source: [InfoRisk Today] 

Verizon: Vulnerability Exploitation up 180%, 68% of Breaches involved Humans and Supply Chain Weak Link

Verizon has released the findings of its 17th Annual Data Breach Investigations Report, which showed security incidents doubled year over year in 2023 to a record high 30,458 security events and 10,626 confirmed breaches. Some of the key takeaways from the 100-page report include zero-day attacks on unpatched systems and devices rising 180% in 2023, most breaches (68%) involving a non-malicious human element and the median time for users to fall for phishing emails falling just south of 60 seconds. In its first inclusion as a separate metric, supply chain attacks were found to contribute to 15% of all attacks.

Sources: [MSSP Alert] [Verizon]

MOVEit & Change Healthcare Attacks Designated as Cyber Catastrophe Loss Events by Insurer

Verisk’s Property Claim Services (PCS) has recently identified the MOVEit and Change Healthcare cyber attacks as significant Cyber Catastrophe Loss Events. These designations are part of PCS’s Global Cyber solution, which tracks cyber incidents and their potential impact on the insurance market. The designation indicates that each attack is anticipated to result in insurance industry losses exceeding USD 250 million.

The MOVEit attack, linked to the Russian-affiliated group Cl0p, compromised over 2,700 organisations globally, affecting up to 90 million individuals. The Change Healthcare attack, attributed to the ALPHV/Blackcat gang, notably disrupted UnitedHealth Group’s operations, with projected costs and lost revenue totalling up to USD 1.6 billion. These designations highlight the escalating scale and financial impact of cyber incidents on global markets.

Source: [Reinsurance News]

Securing Your Organisation’s Supply Chain: Reducing the Risks of Third Parties

Nearly every organisation is part of a supply chain, where a significant amount of data is transferred. When data leaves your infrastructure, its security depends on the third party. The risks of a cyber incident increases as the supply chain increases.

Organisations need to mitigate the risks that their third party brings. This requires an understanding of the supply chain actors, and performing cyber security assessments of the most critical ones. The objective is to ensure that your organisation is satisfied with the third party’s security controls, or to work together to remediate any gaps.

Source: [Help Net Security]

Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats

In the era of hybrid work, remote desktop tools have become crucial yet vulnerable points within corporate networks, attracting significant cyber criminal attention. A study by Barracuda Networks underscores the challenges of securing these tools. Virtual Network Computing (VNC) is particularly susceptible; it is targeted in 98% of these types of attacks due to its use of multiple, sometimes unsecured ports. VNC attacks predominantly exploit weak password practices, notably through brute force methods. Conversely, Remote Desktop Protocol (RDP) accounts for about 1.6% of these attacks but is favoured for more extensive network breaches, often involving ransomware or crypto mining. The study highlights a pressing need for robust endpoint management and heightened security measures to mitigate these threats.

Source: [ITPro]

95% of Organisations Revamped Cyber Security Strategies in the Last Year: Make Sure Yours is Right

A recent report found that 95% of companies have altered their cyber security strategies in the last twelve months. This was driven by keeping pace with the shifting regulatory landscape (98%), the need to meet customer expectations for data protection and privacy (89%), and the rise of AI-driven threats and solutions (65%). Almost half (44%) of non-security executives do not understand the regulatory requirements their organisation must adhere to.

When it came to reporting, the study found that security teams aren’t reporting on key operational metrics that define whether their security investments and strategy changes have a measurable impact. It is evident that there is a disconnect between security and non-security professionals when it comes to the business strategy.

Sources: [Business Wire] [Security Magazine]

Human Factor a Significant Risk for Small and Medium-Sized Businesses.

A survey of business and IT security in small and medium-sized businesses (SMBs) conducted by LastPass found that roughly one in five business leaders admits to circumventing security policies, as do one in 10 IT security leaders. The survey found that password management is critically important to cyber security, with nearly half (47%) reporting recent breaches due to compromised passwords.

Sources: [Beta News] [Business Wire]

Microsoft CEO Says it is Putting Security Above All Else in Major Refocus

Following a series of high-profile attacks in recent months and a report by the US Cyber Safety Review Board (CSRB), Microsoft’s CEO has revealed it will now focus its efforts on an increase in the commitment to security. Investigating a summer 2023 attack, Microsoft was deemed to have made a series of “avoidable errors”, including the failure to detect several compromises, the CSRB said.

Sources: [TechRadar]

Ending the Culture of Silence in Cyber Security; Three Ways to Empower Teams

A recent discussion on workplace errors highlights the significant repercussions of cyber breaches compared to typical office mistakes. In the UK, nearly a third of businesses face cyber attacks weekly, with each breach costing approximately £4,000. However, a concerning trend is that 41% of these breaches are not reported to internal leadership, often due to fears among staff about the consequences of admitting faults. A three-pronged approach has been suggested to foster a blame-free culture: providing tailored and evolving cyber training, establishing safe zones for admitting mistakes, and implementing robust recovery plans. This approach not only prepares employees to handle potential breaches more effectively but also encourages them to report incidents promptly, reducing the overall impact and aiding quicker recovery. Such strategies are essential for maintaining resilience against increasingly sophisticated cyber threats.

Source: [Minute Hack]

Governance, Risk and Compliance

• Verizon 2024 Data Breach Investigations Report: 5 Takeaways | MSSP Alert

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Verizon DBIR: Vulnerability exploitation in breaches up 180% | TechTarget

• Verizon DBIR: Basic Security Gaffes Cause Breach Surge (darkreading.com)

• 95% of Organisations Revamped Their Cyber Security Strategies in the Last Year | Business Wire

• 95% of organisations adjusted cyber security strategies this past year | Security Magazine

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Exploits Triple as Initial Access Point for Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Are Enterprises Overconfident About Cyber Security Readiness? (govinfosecurity.com)

• How CISOs Can Contend with Increasing Scrutiny from Regulators (informationweek.com)

• Correlating Cyber Investments with Business Outcomes (inforisktoday.com)

• Ending The Culture of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Should Cyber Security Leadership Finally be Professionalized? - SecurityWeek

• What needs to change to overcome nonchalant security approaches | TechRadar

• Agile by Design: Cyber Security at the Heart of Transformation (noeticcyber.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Ransomware Rising Despite Takedowns, Says Corvus Report - Infosecurity Magazine (infosecurity-magazine.com)

• Impact of organisational structure on ransomware outcomes: Where does your org fit in? | SC Media (scmagazine.com)

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• 91% of ransomware victims paid at least one ransom in the past year, survey finds | ZDNET

• Ransom Payments Surge by 500% to an Average of $2m - Infosecurity Magazine (infosecurity-magazine.com)

• 1 in 5 US Ransomware Attacks Triggers Lawsuit - Infosecurity Magazine (infosecurity-magazine.com)

• There was an 81% year-over-year increase in ransomware attacks | Security Magazine

• Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings 2024 Global Threat Intelligence Report (prnewswire.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• LockBit, Black Basta, Play Dominate Ransomware in Q1 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Ransom recovery costs reach $2.73 million - Help Net Security

• Cactus Ransomware Group Targets Qlik Sense Servers | Decipher (duo.com)

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Better hygiene may mitigate the need to ban ransomware payments | Computer Weekly

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• How Businesses Should Grapple With Ransomware Threats (eetimes.eu)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

Ransomware Victims

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Almost all US hospitals took financial hit from Change hack, AHA says | Reuters

• Another major pharmacy chain shuts following possible cyber attack | TechRadar

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Cyber attack to cost Western Isles Council half a million pounds (holyrood.com)

• LockBit publishes confidential data stolen from Cannes hospital in France (therecord.media)

• French hospital CHC-SV refuses to pay LockBit extortion demand (bleepingcomputer.com)

• 'Cybersecurity incident' closes London Drugs' pharmacies • The Register

Phishing & Email Based Attacks

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• US Post Office phishing sites get as much traffic as the real one (bleepingcomputer.com)

• If you receive a Shein mystery box, do not open it | TechRadar

• Why the automotive sector is a target for email-based cyber attacks - Help Net Security

BEC

• BEC and Fund Transfer Fraud Top Insurance Claims - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering

• OODA Loop - Social Engineering Remains the Coin of the Realm for Ransomware Gangs (or APTs- Advanced Persistent Threats)

• FBI warns of fake verification schemes targeting dating app users (bleepingcomputer.com)

• A Lot of People Are Falling for Those 'Your Package Cannot Be Delivered' Texts | PCMag

Artificial Intelligence

• AI-driven phishing attacks deceive even the most aware users - Help Net Security

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• State of Security 2024 Report Reveals Growing Impact of Generative AI on Cyber Security Landscape | Business Wire

• How AI and data protection intersect in today's threat era - SiliconANGLE

• Understanding emerging AI and data privacy regulations - Help Net Security

• To understand the risks posed by AI, follow the money – O’Reilly (oreilly.com)

• From Risk to Resilience: Managing Data Security in AI-Driven Enterprises | Inc.com

• Security in the AI Sector: Understanding Infostealer Exposures and Corporate Risks - Security Boulevard

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• US Government Releases New AI Security Guidelines for Critical Infrastructure (thehackernews.com)

• Why Using Microsoft Copilot Could Amplify Existing Data Quality and Privacy Issues - SecurityWeek

• Why the Military Can’t Trust AI | Foreign Affairs

2FA/MFA

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

Malware

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

• Bogus npm Packages Used to Trick Software Developers into Installing Malware (thehackernews.com)

• Stealthy malware: The threats hiding in plain sight | ITPro

• Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years (thehackernews.com)

• ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan (thehackernews.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

Mobile

• Powerful 'Brokewell' Android Trojan Allows Attackers to Takeover Devices - SecurityWeek

• Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 (thehackernews.com)

• New Wpeeper Android malware hides behind hacked WordPress sites (bleepingcomputer.com)

• NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms - Infosecurity Magazine (infosecurity-magazine.com)

• Android Flaw Affected Apps With 4 Billion Installs - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft warns of "Dirty Stream" attack impacting Android apps (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Hackers Target New NATO Member Sweden with Surge of DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• A glaring Android TV security flaw might put your Gmail at risk | Android Central

Data Breaches/Leaks

• PSNI data breach: Almost 5,000 officers and staff in legal action - BBC News

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Kaiser Permanente data breach may have impacted 13.4 million patients (securityaffairs.com)

• Social exclusion charity Extern “urgently reviewing” impact of data breach following ransomware attack – The Irish News

• FBCS data breach impacted 2M individuals (securityaffairs.com)

• States shares health debt data of 5,000 in an email | Guernsey Press

• Qantas app exposed sensitive traveller details to random users (bleepingcomputer.com)

• DropBox says hackers stole customer data, auth secrets from eSignature service (bleepingcomputer.com)

• Mitre Shares Lessons Learned from Breach | MSSP Alert

• Hull City Council pays £30K in data breach claims and suffers nine cyber attacks in three years - Hull Live (hulldailymail.co.uk)

• Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach (bleepingcomputer.com)

• Australian pubgoers' personal info posted to leak site • The Register

• Monash Health data breach exposes sexual assault and family violence claims (smh.com.au)

• Panda Restaurant Group disclosed a data breach (securityaffairs.com)

Organised Crime & Criminal Actors

• AI is creating a new generation of cyber attacks - Help Net Security

• Combating the Rising Tide of AI-Driven Cyber Crime (cryptopolitan.com)

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

Insider Risk and Insider Threats

• 2024 Data Breach Investigations Report: Half of the breaches in EMEA were internal (globenewswire.com)

• 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element - Help Net Security

• Survey: Human Factors Create Significant Cyber Security Risks for Small and Medium-Sized Businesses, Despite Increased Technology Investment | Business Wire

• How insider threats can cause serious security breaches - Help Net Security

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

Insurance

• MOVEit & Change Healthcare attacks designated as cyber catastrophe loss events by PCS - Reinsurance News

• Cyber facility in capacity raise as risk severity grows (emergingrisks.co.uk)

• Hack That Paralyzed US Health Care Turns Up Scrutiny on Insurer (claimsjournal.com)

• Alarming Insurance Gaps and Soaring Breach Rates Call for a United Front in Cyber Security | HaystackID - JDSupra

Supply Chain and Third Parties

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• Securing your organisation's supply chain: Reducing the risks of third parties - Help Net Security

Cloud/SaaS

• Understanding Scattered Spider, and how they perform cloud-centric identity attacks | SC Media (scmagazine.com)

• New SOHO router malware aims for cloud accounts, internal company resources - Help Net Security

• 97% of security leaders have increased SaaS security budgets - Help Net Security

Encryption

• UK's Investigatory Powers Bill approved to become law • The Register

• Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• White Swan, Black Swan and QuantumBleed (forbes.com)

Linux and Open Source

• Guarding the Gates: The Growing Abundance of Linux Malware - VMRay

Passwords, Credential Stuffing & Brute Force Attacks

• Single Citrix Compromised Credential Results in $22,000,000 Ransom to Change Healthcare | InfoStealers

• Change Healthcare breached via Citrix portal with no MFA | TechTarget

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• NCSC: New UK law bans default passwords on smart devices (securityaffairs.com)

• Nvidia's flagship gaming GPU can crack complex passwords in under an hour | Tom's Hardware (tomshardware.com)

• New Cuttlefish malware infects routers to monitor traffic for credentials (bleepingcomputer.com)

• Five Ways to Dramatically Reduce the Risk of Password Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Google Online Security Blog: Your Google Account allows you to create passkeys on your phone, computer and security keys (googleblog.com)

• How to use a YubiKey to log into Windows and macOS (xda-developers.com)

Social Media

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• Facebook at 20: Contemplating the Cost of Privacy (darkreading.com)

Training, Education and Awareness

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Everyone's an Expert: How to Empower Your Employees for Cyber Security Success (thehackernews.com)

Regulations, Fines and Legislation

• UK's Investigatory Powers Bill approved to become law • The Register

• UK rolls out new consumer safeguards for smart devices (betanews.com)

• UK and global cyber threats require robust supply chain risk management - Osborne Clarke | Osborne Clarke

• FCC fines major wireless carriers over illegal location data sharing - Help Net Security

• Understanding emerging AI and data privacy regulations - Help Net Security

• CISA's incident reporting requirements go too far, trade groups and lawmakers say | CyberScoop

Data Protection

• How AI and data protection intersect in today's threat era - SiliconANGLE

Careers, Working in Cyber and Information Security

• Cyber security experts face AI risks, deepfakes, burnout | Fortune

• The rise in CISO job dissatisfaction – what’s wrong and how can it be fixed? | CSO Online

• Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says | CyberScoop

• Cyber Security Degrees, Are They Really Worth It? | HackerNoon

• Beyond the Buzz: Rethinking Alcohol as a Cyber Security Bonding Ritual - SecurityWeek

Law Enforcement Action and Take Downs

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms | AP News

• Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (thehackernews.com)

• Police shuts down 12 fraud call centres, arrests 21 suspects (bleepingcomputer.com)

• Cyber security consultant arrested after allegedly extorting IT firm (bleepingcomputer.com)

• CEO who sold fake Cisco devices to US military gets 6 years in prison (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Disinformation: EU Opens Probe Against Meta Ahead of Election - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Think tank: Tech companies spread China's propaganda • The Register

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

• Why China Is So Bad at Disinformation | WIRED

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• 'DuneQuixote' Shows Stealth Cyber Attack Methods Are Evolving (darkreading.com)

Nation State Actors

China

• ‘Honeypots’ and influence operations: China’s spies turn to Europe (ft.com)

• Philippines Pummelled by Cyber Attacks & Misinformation Tied to China (darkreading.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat - SecurityWeek

• Think tank: Tech companies spread China's propaganda • The Register

• China's attacks on critical infrastructure ‘tip of the iceberg' | SC Media (scmagazine.com)

• DJI Could Get Banned In The U.S. As Authorities Believe That The Chinese Firm And Its Drones Present A Major Security Risk (wccftech.com)

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why China Is So Bad at Disinformation | WIRED

• Chinese government website security has big problems • The Register

• Espionage breaches account for 25% in APAC, report reveals (securitybrief.co.nz)

Russia

• Router Roulette: Cyber Criminals and Nation-States Sharing Compromised Networks | Trend Micro (US)

• Russian Hackers Target Industrial Systems in North America, Europe - SecurityWeek

• Pro-Russia hacktivists attacking vital tech in water and other sectors, agencies say | CyberScoop

• Critical infrastructure operators urged to harden systems against pro-Russia hackers (therecord.media)

• Ukraine's military intelligence launches cyber attack against United Russia party (kyivindependent.com)

• Germany grapples with wave of spying threats from Russia and China - BBC News

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• The Dangerous Rise of GPS Attacks | WIRED

• Russia’s Pawprints on Aircraft Jamming Outbreak - CEPA

• Germany Warns Of Consequences For Alleged Russian Cyber Attack (rferl.org)

• Hackers Claim to Have Infiltrated Belarus’ Main Security Service - SecurityWeek

• Military Tank Manual, 2017 Zero-Day Anchor Latest Ukraine Cyber Attack (darkreading.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia (thehackernews.com)

• Two British men charged with helping Russian intelligence - BBC News

• Two hackers in Ukraine accused of spreading Russian propaganda (therecord.media)

Iran

• Israel winning cyber war against Iran, says former officer of elite IDF intelligence unit | All Israel News

North Korea

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• INTERPOL Identifies 20,674 Suspicious Networks Linked To Terrorists, Warns of Rising Cyber Crimes | Greenbarge Reporters (greenbreporters.com)

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

Vulnerability Management

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Vulnerability exploitation nearly tripled in 2023 (telecoms.com)

Vulnerabilities

• Cisco devices again targeted by state-linked threat campaign - TechCentral.ie

• Okta warns of "unprecedented" credential stuffing attacks on customers (bleepingcomputer.com)

• 1,200+ Vulnerabilities Detected In Microsoft Products In 2023 (gbhackers.com)

• Most attacks affecting SMBs target five older vulnerabilities | CSO Online

• Severe Flaws Disclosed in Brocade SANnav SAN Management Software (thehackernews.com)

• UnitedHealth hackers took advantage of Citrix vulnerability to break in, CEO says (yahoo.com)

• Palo Alto Updates Remediation for Max-Critical Firewall Bug (darkreading.com)

• Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades - Help Net Security

• WordPress plugin vulnerability poses severe security risk, allows for site takeovers | TechSpot

• Ukraine Targeted in Cyber Attack Exploiting 7-Year-Old Microsoft Office Flaw (thehackernews.com)

• New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (thehackernews.com)

• Grafana Tool Vulnerability Let Attackers Inject SQL Queries (gbhackers.com)

• Microsoft says April Windows updates break VPN connections (bleepingcomputer.com)

• NTLM auth traffic spikes after Windows Server patch • The Register

• New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw (thehackernews.com)

• Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (thehackernews.com)

• Ten years of Heartbleed: Lessons learned | SC Media (scmagazine.com)

• 1,400 GitLab Servers Impacted by Exploited Vulnerability - SecurityWeek

Tools and Controls

• Why remote desktop tools are facing an onslaught of cyber threats | ITPro

• Correlating Cyber Investments With Business Outcomes (inforisktoday.com)

• When is One Vulnerability Scanner Not Enough? (thehackernews.com)

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• Can automating security relieve CISO pressure? (techinformed.com)

• 10 Critical Endpoint Security Tips You Should Know (thehackernews.com)

• 7 antivirus myths that are dead wrong | PCWorld

• Businesses turn to generative AI but many don't have policies on it (betanews.com)

• EDR vs. EPP: What's the difference? | TechTarget

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

• Ending The Culture Of Silence In Cyber Security – 3 Ways To Empower Teams - Minutehack

• Organisations Struggle with Zero Trust: Gartner | MSSP Alert

• Tech Tip: Why Haven't You Set Up DMARC Yet? (darkreading.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• 97% of security leaders have increased SaaS security budgets - Help Net Security

• Communication gaps between IT departments and senior corporate leadership worsening application security risks - Tech Monitor

• Continuous threat exposure management (CTEM): What it is and how to achieve it | SC Media (scmagazine.com)

• DPRK's Kimsuky APT Abuses Weak DMARC Policies, Feds Warn (darkreading.com)

• Fortifying Cyber Defence With the Power of Linux Intrusion Detection and Prevention Systems | Linux Journal

• How to Red Team GenAI: Challenges, Best Practices, and Learnings (darkreading.com)

• What is API Security? - Security Boulevard

• Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report - SecurityWeek

• Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (bleepingcomputer.com)

• Why LLMs are predicting the future of compliance and risk management | VentureBeat

• Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM (thehackernews.com)

Reports Published in the Last Week

• Q1 2024 Ransomware Report: 21% Increase in Q1 2023 Ransomware Activity (corvusinsurance.com)

• Global Threat Intelligence Report 2024 by NTT Security Holdings

• 2024 Data Breach Investigations Report | Verizon

• The State of Security 2024 | Splunk

• Cobalt's 2024 State of Pentesting Report Reveals Cyber Security Industry Seeks Partners and Solutions as Staffing Shortages and New AI Threats Collide (prweb.com)

Other News

• Microsoft CEO says it is "putting security above all else" in major refocus | TechRadar

• 3 Key Business Areas Cyber Security Falls Short | Inc.com

• 7 antivirus myths that are dead wrong | PCWorld

• A Season Of Health Breaches, A Season Of Changes (forbes.com)

• Bank of England tells payment firms to step up disruption mitigation plans (yahoo.com)

• Three-Quarters of CISOs Admit App Security Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC updates warning over hacktivist threat to CNI | Computer Weekly

• Cyber Space: EU and partners discuss ways to strengthen cooperation in promoting international security and stability | EEAS (europa.eu)

• The EU's Strategy for a Cyber Secure Digital Single Market | UpGuard

• Cyber attack at Irish telecoms firm? – The Irish Times

• To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware (darkreading.com)

• During National Small Business Week, Take Steps to Secure Your Business | CISA

• At Microsoft, years of security debt come crashing down | Cybersecurity Dive

• National Small Business Week: IRS warns entrepreneurs to take precautions on data security; protect their businesses, employees, customers | Internal Revenue Service

• Zelenskyy fires security service chief accused of "weaponized draft" against journalist - Euromaidan Press

• Sweden prepares for Eurovision amidst fears of protests, cyber attacks and unrest | Euronews

• The ultimate cyber spring-cleaning checklist (avast.com)

• European New Space Companies Prepare to Counter Growing Security Threat - Via Satellite (satellitetoday.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Businesses Found to Neglect Cyber Security Until it is Too Late

Businesses only take cyber security seriously after falling victim to an attack, according to a report published by the UK's Department for Culture, Media and Sport (DCMS) this week.

For the research, the UK government surveyed IT professionals and end users in 10 UK organisations of varying sizes that have experienced cyber security breaches in the past three years. This analysed their existing level of security prior to a breach, the business impacts of the attack and how cyber security arrangements changed in the wake of the incident.

Nearly all respondents said their organisation took cyber security much more seriously after experiencing a breach, including reviewing existing practices and significantly increased investment in technology solutions.

While there was a consensus among participants that there is a greater need for vigilance and investment in cyber security, there was significant variation between organisations’ practices in this area. Medium and large organisations tended to have formal plans in place and budget allocated for further cyber security investment, but smaller businesses mostly did not due to resource constraints.

https://www.infosecurity-magazine.com/news/cybersecurity-seriously-breach/

• Cyber Tops Staff Retention as Biggest Business Risk

Cyber security concerns represent the most serious risk facing organisations, beating inflation, talent acquisition/retention and rising production costs, according to a new PwC study.

The PwC Pulse: Managing business risks in 2022 report was compiled from interviews with 722 US C-suite executives.

Two-fifths (40%) ranked cyber-attacks as a serious risk, rising to 51% of board members. PwC said boardrooms may be getting more attuned to cyber risk after new SEC proposals were published in March that would require directors to oversee cyber security risk and be more transparent about their cyber expertise.

In fact, executives appear to be getting more proactive with cyber security on a number of fronts.

Some 84% said they are taking action or monitoring closely policy areas related to cyber security, privacy and data protection. A further 79% said they’re revising or enhancing their cyber risk management approaches, and half (49%) pointed to increased investments in cyber security and privacy.

By way of comparison, 53% said they’re increasing investment in digital transformation and 52% in IT.

Cyber security is a strategic business enabler – technology is the central nervous system of many companies – and confirming its data is secure and protected can be brand defining.

There’s now heightened attention from a wider range of business leaders and corporate directors as they recognise that cyber security and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cyber security program is in place, and manage these risks to create opportunities.

https://www.infosecurity-magazine.com/news/cyber-tops-staff-retention-biggest/

• Cyber Criminals Weaponising Ransomware Data for BEC Attacks

Cyber criminals and other threat actors are increasingly using data dumped from ransomware attacks in secondary business email compromise (BEC) attacks, according to new analysis by Accenture Cyber Threat Intelligence.

The ACTI team analysed data from the 20 most active ransomware leak sites, measured by number of featured victims, between July 2021 and July 2022. Of the 4,026 victims (corporate, non-governmental organisations, and governmental entities) uncovered on various ransomware groups’ dedicated leak sites, an estimated 91% incurred subsequent data disclosures, ACTI found.

Dedicated leak sites most commonly provide financial data, followed by employee and client personally identifiable information and communication documentation. The rise of double extortion attempts – where attack groups use ransomware to exfiltrate data and then publicise the data on dedicated leak sites – has made large amounts of sensitive corporate data available to any threat actor. The most valuable types of data most useful for conducting BEC attacks are financial, employee, and communication data, as well as operational documents. There is a significant overlap between the types of data most useful for conducting BEC attacks and the types of data most commonly posted on these ransomware leak sites, ACTI said.

The data is a “rich source for information for criminals who can easily weaponise it for secondary BEC attacks,” ACTI said. “The primary factor driving an increased threat of BEC and VEC attacks stemming from double-extortion leaks is the availability of [corporate and communication data].”

https://www.darkreading.com/edge-threat-monitor/cybercriminals-weaponizing-ransomware-data-for-bec-attacks

• Callback Phishing Attacks See Massive 625% Growth Since Q1 2021

Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.

According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of 'hybrid vishing' is seeing a massive 625% growth.

Vishing, "voice phishing," involves some form of a phone call to perform social engineering on the victim. Its hybrid form, called "callback phishing," also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice.

The recipient is advised to call on the provided phone number to resolve any issues with the charge, but instead of a real customer support agent, the call is answered by phishing actors.

The scammers then offer to resolve the presented problem by tricking the victim into disclosing sensitive information or installing remote desktop tools on their system. The threat actors then connect to the victim's device remotely to install further backdoors or spread to other machines.

These callback phishing attacks were first introduced by the 'BazarCall/BazaCall' campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.

The attacks work so well that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today to gain initial network access through an unsuspecting employee.

"Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats," details the Agari report.

"While this is the second quarter hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the course of the year."

https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-see-massive-625-percent-growth-since-q1-2021/

• Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022

Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.

The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cyber criminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.

“The vast majority of cyber crime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security.

“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”

LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cyber criminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.

https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/

• Are Cloud Environments Secure Enough for Today’s Threats?

Cyber security is a major problem right now. Not only is it the highest priority of any given business to keep their own data and their customers’ and clients’ data secure, but changes in the workplace have had a knock-on effect on cyber security. The concept of working from home has forced businesses all around the world to address old and new cyber security threats. People taking their laptops, and therefore their data, home to public networks that can be hacked or leaving access details like passwords scribbled on notebooks has meant that access to a business and therefore their customers’ data is a lot more accessible.

The saving grace was said to be the cloud. Beyond retraining cyber security in staff workforces, the practical solution was to move data into the cloud. But we’re now a few years from the point when the cloud really gained popularity. Is it still the answer to all our cyber security problems? Is there a chance of risk to using the cloud?

Cloud data breaches do happen and misconfiguration is a leading cause of them, mainly due to businesses inadequate cyber security strategies. This is due to several factors, such as the fundamental nature of the cloud designed to be easy for anyone to access, and businesses unable to completely see or control the cloud’s infrastructure and therefore relying on the cyber security controls that are provided by the cloud service provider (or CSP).

Unauthorised access is also a risk. The internet, which is a readily available public resource to most of the world, makes it easy for hackers to access data if they have the credentials to get past the cyber security set up by the individual business. This is where the ugliness of internal cloud breaches happens. If security is not configured well or credentials like passwords and secret questions are compromised, an attacker can easily access the cloud.

However, it’s not only through an employee that hackers access credentials. Phishing is a very common means of gaining information that would allow access to a customer or business data.

Plus, the simple nature of sharing data can easily backfire on a company. A lot of data access is granted with a link to someone external, which can then be forwarded, either sold or stolen, to an attacker to access the cloud’s data.

https://www.itsecurityguru.org/2022/08/16/are-cloud-environments-secure-enough-for-todays-threats/

• Most Q2 Attacks Targeted Old Microsoft Vulnerabilities

Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis.

Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw (CVE-2021-40444) last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited.

Kaspersky said it has observed threat actors exploiting the flaw in attacks on organisations across multiple sectors including the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, the adversaries have used social engineering tricks to try and get victims to open specially crafted Office documents that would then download and execute a malicious script. The flaw was under active attack at the time Microsoft first disclosed it in September 2021.

Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis. Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited. According to Kaspersky, exploits for Windows vulnerabilities accounted for 82% of all exploits across all platforms during the second quarter of 2022. While attacks on the MSHTML vulnerability increased the most dramatically, it was by no means the most exploited flaw, which was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago that was attacked some 345,827 times last quarter.

https://www.darkreading.com/attacks-breaches/most-attacks-in-q2-targeted-old-microsoft-vulnerabilities

• Cyber Resiliency Isn't Just About Technology, It's About People

Cyber attacks are on the rise — but if we're being honest, that statement has been true for quite a while, given the acceleration of cyber incidents over the past several years. Recent research indicates that organisations experienced 50% more attack attempts per week on corporate networks in 2021 than they did in 2020, and tactics such as phishing are becoming increasingly popular as attackers refine their tried-and-true methods to more successfully entice unsuspecting targets.

It's no surprise, then, that cyber resiliency has been a hot topic in the cyber security world. But although cyber resiliency refers broadly to the ability of an organisation to anticipate, withstand, and recover from cyber security incidents, many experts make the mistake of applying the term specifically to technology. And while it's true that detection and remediation tools, backup systems, and other resources play an important role in cyber resiliency, organisations that focus exclusively on technology risk are overlooking an equally important element: people.

People are often thought of as the weak link in cyber security. It's easy to understand why. People fall for phishing scams. They use weak passwords and procrastinate on installing security updates. They misconfigure hardware and software, leave cloud assets unsecured, and send confidential files to the wrong recipient. There's a reason so much cyber security technology is moving toward automation: removing people from the equation is seen as one of the most obvious ways to improve security. To many security experts, that's just common sense.

Except — is it, really? It's true that people make mistakes — it's called "human error" for a reason, after all — but many of those mistakes come when employees aren't put in a position to succeed. Phishing is a great example. Most people are familiar with the concept of phishing, but many may not be aware of the nefarious techniques that today's attackers deploy. If employees have not been properly trained, they may not be aware that attackers often impersonate real people within the organisation, or that the CEO asking them to buy gift cards "for a company happy hour" probably isn't legit. Organisations that want to build strong cyber-resiliency cannot pretend that people don't exist. Instead, they need to prioritise the resiliency of their people just as highly as the resiliency of their technology.

Training the organisation to recognise the signs of common attack tactics, practice better password and cyber hygiene, and report signs of suspicious activity can help ease the burden on IT and security personnel by providing them better information in a more timely manner. It also avoids some of the pitfalls that create a drain on their time and resources. By ensuring that people at every level of the business are more resilient, today's organisations will discover that their overall cyber-resiliency will improve significantly.

https://www.darkreading.com/vulnerabilities-threats/cyber-resiliency-isn-t-just-about-technology-it-s-about-people

• The “Cyber Insurance Gap” Is Threatening Most Companies

A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses either uninsured or under insured against a rising tide of ransomware attacks and other cyber threats.

• Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000)

• Among SMBs with fewer than 1,500 employees, only 14% have a coverage limit in excess of $600,000

• 37% of respondents with cyber insurance do not have any coverage for ransomware payment demands

• 43% of those with a policy are not covered for auxiliary costs such as court fees or employee downtime

• 60% say they would reconsider entering into a partnership or agreement with another business or supplier if the organisation did not have comprehensive cyber insurance

• Endpoint detection and response (EDR) software is frequently a key component to obtaining a policy

• 34% of respondents have been previously denied cyber coverage by insurance providers due to not meeting EDR eligibility requirements

https://informationsecuritybuzz.com/expert-comments/the-cyber-insurance-gap-is-threatening-most-companies/

• Easing the Cyber-Skills Crisis with Staff Augmentation

Filling cyber security roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.

There are many possible solutions to the cyber security skills shortage, but most of them take time. Cyber security education, career development tracks, training programs, employer-sponsored academies, and internships are great ways to build a talent pipeline and develop skill sets to meet organisational needs in years to come.

But sometimes the need to fill a gap in capability is more immediate.

An organisation in the entertainment industry recently found itself in such a position. Its primary cyber security staff member quit suddenly without notice, taking along critical institutional knowledge and leaving various projects incomplete. With its key defender gone, the organisation's environment was left vulnerable. In a scarce talent market, the organisation faced a long hiring process to find a replacement — too long to leave its digital estate unattended. It needed expertise, and quickly.

According to a 2021 ESG report, 57% of organisations have been impacted by the global cyber security skills crisis. Seventy-six percent say it's difficult to recruit and hire security professionals. The biggest effects of this shortage are increasing workloads, positions open for weeks or months, and high cyber security staff burnout and attrition.

In this climate, more companies are turning to third parties for cyber security staff reinforcement. According to a NewtonX study, 56% of organisations are now subcontracting up to a quarter of their cyber security staff. Sixty-nine percent of companies rely on third-party expertise to assist in mitigating the risk of ransomware — up from 58% in 2017 — per a study by Ponemon and CBI, a Converge Company.

One way that companies gain this additional support is via third-party staff augmentation and consulting services. Cyber security staff augmentation, or strategic staffing, entails trained external consultants acting as an extension of an organisation's security team in a residency. Engagements can be anywhere from a few weeks to a few years, and roles can range from analysts and engineers to architects, compliance specialists, and virtual CISOs.

https://www.darkreading.com/operations/easing-the-cyber-skills-crisis-with-staff-augmentation

• Mailchimp Suffers Second Breach In 4 Months

Mailchimp suffered another data breach earlier this month, and this one cost it a client.

In a statement Friday, Mailchimp disclosed that a security incident involving phishing and social engineering tactics had targeted cryptocurrency and blockchain companies using the email marketing platform. It was the second Mailchimp breach to target cryptocurrency customers in a four-month span.

Though Mailchimp said it has suspended accounts where suspicious activity was detected while an investigation is ongoing, it did not reveal the source of the breach or scope of the attack.

More details were provided Sunday by one of the affected customers, DigitalOcean, which cut ties with Mailchimp on Aug. 9.

The cloud hosting provider observed suspicious activity beginning Aug. 8, when threat actors used its Mailchimp account for "a small number of attempted compromises" of DigitalOcean customer accounts -- specifically cryptocurrency platforms.

While it is not clear whether any DigitalOcean accounts were compromised, the company did confirm that some email addresses were exposed. More importantly, the statement attributed a potential source of the most recent Mailchimp breach.

https://www.techtarget.com/searchsecurity/news/252523911/Mailchimp-suffers-second-breach-in-4-months

• Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack

A Minnesota computer store suing its cyber insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.

SJ Computers alleged in a November lawsuit that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.

According to its website, SJ Computers is a Microsoft Authorised Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.

Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted with prejudice last Friday.

In the dismissal order, the US District Court for Minnesota found that the two policy agreements are mutually exclusive, as well as finding SJ's claim fell squarely into its social engineering fraud agreement with Travelers, which has a cap of $100,000.

When SJ filed its claim with Travelers, the court noted, it did so only under the social engineering fraud agreement. After realising the policy limit on computer fraud was 10 times higher, "SJ Computers then made a series of arguments – ranging from creative to desperate – to try to persuade Travelers that its loss was not the result of social-engineering-fraud (as SJ Computers itself had initially said) but instead the result of computer fraud," the district judge wrote in the order.

https://www.theregister.com/2022/08/16/social_engineering_cyber_crime_insurance/

Threats

Ransomware

• Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust | SecurityWeek.Com

• Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data (informationsecuritybuzz.com)

• Ransomware is still on the rise. Here's what you need to do to stay safe from hackers | ZDNET

• Russian Man Extradited to US for Laundering Ryuk Ransomware Money | SecurityWeek.Com

• ‘Coopetition’ a growing trend among ransomware gangs (computerweekly.com)

• Hackers Attack UK Water Supplier, Sends Ransom Demand to the Wrong Company (gizmodo.com)

• SOVA malware adds ransomware feature to encrypt Android devices (bleepingcomputer.com)

• BlackByte ransomware v2 is out with new extortion novelties - Security Affairs

• Ransomware is back, healthcare sector most targeted - Help Net Security

• Why Hackers Are Now Targeting Electric Car Charging Stations (nocamels.com)

• BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (darkreading.com)

• Ski-Doo maker BRP resumes operations following cyber attack; shares fluctuate - MarketWatch

• Argentina's Judiciary of Córdoba hit by PLAY ransomware attack (bleepingcomputer.com)

BEC – Business Email Compromise

• Three Extradited from UK to US on $5m BEC Charges - Infosecurity Magazine

Phishing & Email Based Attacks

• Response-based attacks make up 41% of all email-based scams - Help Net Security

• PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on Security

• Microsoft admits it can't stop scammers fooling you with their latest tricks | ZDNET

Other Social Engineering; SMishing, Vishing, etc

• This is the lamest Microsoft Office security threat we've ever seen - but people will still fall for it | TechRadar

Malware

• Hackers Deploy Bumblebee Loader to Breach Target Networks - Infosecurity Magazine

• 'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections (darkreading.com)

• Malicious browser extensions targeted almost 7 million people (bleepingcomputer.com)

• DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (thehackernews.com)

• Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox (darkreading.com)

• This String of Emojis Is Actually Malware (vice.com)

Mobile

• SOVA Android malware now also encrypts victims' files - Security Affairs

• Malware devs already bypassed Android 13's new security feature (bleepingcomputer.com)

• Google releases Android 13 with improved privacy and security features - Help Net Security

• Android malware apps with 2 million installs found on Google Play (bleepingcomputer.com)

• Researchers Find 35 Adware Apps on Google Play - Infosecurity Magazine

• Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (thehackernews.com)

Internet of Things – IoT

• How attackers are exploiting corporate IoT - Help Net Security

• ‘Ask all the time: why do I need this?’ How to stop your vacuum from spying on you | Smart homes | The Guardian

• Amazon fixes Ring Android app flaw exposing camera recordings (bleepingcomputer.com)

Data Breaches/Leaks

• Digital Ocean dumps Mailchimp after security breach • The Register

Organised Crime & Criminal Actors

• How Do Hackers Steal Credit Card Information? | TechTarget

• IT security worker who hacked businesses caught out by neighbour's Wi-Fi - Manchester Evening News

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• With Plunge in Value, Cryptocurrency Crimes Decline in 2022 (darkreading.com)

• Microsoft: Cryptojackers Continue to Evolve to Be Stealthier and Spread Faster - Infosecurity Magazine

• Hardware-based threat defence against increasingly complex cryptojackers - Microsoft Security Blog

Insider Risk and Insider Threats

• Ex-HP manager jailed for $5m company card shopping spree • The Register

• Microsoft Employees Exposed Own Company’s Internal Logins (vice.com)

Fraud, Scams & Financial Crime

• SEC claims $1.3m pump-and-dump scam used hacked accounts • The Register

AML/CFT/Sanctions

• Alleged Russian Money Launderer Extradited from the Netherlands to U.S. | OPA | Department of Justice

Insurance

• Organisations are losing cyber insurance as an important risk management tool - Help Net Security

• For cyber insurance, some technology leads to higher premiums (techtarget.com)

• New Study Reveals Serious Cyber-Insurance Shortfalls - Infosecurity Magazine

Supply Chain and Third Parties

• Expert On Report Showing 297% Increase in US Breaches Tied To Supply Chain (informationsecuritybuzz.com)

• Transitioning From VPNs to Zero-Trust Access Requires Shoring Up Third-Party Risk Management (darkreading.com)

• How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Denial of Service DoS/DDoS

• Google blocked the largest Layer 7 DDoS reported to date - Security Affairs

Cloud/SaaS

• Organisations Struggle to Fend Off Cloud and Web Attacks - Infosecurity Magazine

• Incident response in the cloud can be simple if you are prepared - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Credential Theft Is (Still) A Top Attack Method (thehackernews.com)

• FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks | SecurityWeek.Com

• Over 9,000 VNC servers exposed online without a password (bleepingcomputer.com)

Privacy

• Google fined $60 million over Android location data collection (bleepingcomputer.com)

• New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (thehackernews.com)

• ‘Ask all the time: why do I need this?’ How to stop your vacuum from spying on you | Smart homes | The Guardian

• Period and pregnancy tracking apps have bad privacy protections, report finds - The Verge

Regulations, Fines and Legislation

• Financial Services & Cyber Security Regulations: New York Making Changes? - MSSP Alert

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• 5 Russia-Linked Groups Target Ukraine in Cyberwar (darkreading.com)

• Russia-linked Gamaredon APT continues to target Ukraine - Security Affairs

• Microsoft shuts down accounts linked to Russian spies • The Register

• State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (darkreading.com)

• Estonia Repels Biggest Cyber-Attack Since 2007 - Infosecurity Magazine

• Spyware Scandals Are Ripping Through Europe | WIRED

• US Cyber Command deploys defensive operators to Croatia to hunt for malicious cyber activity - Help Net Security

• NHS cyber attacks hit record levels in four in five trusts after Russian invasion (telegraph.co.uk)

• Spyware Hunters Are Expanding Their Tool Set | WIRED

Nation State Actors

Nation State Actors – Russia

• Microsoft disrupts Russian hackers' operation on NATO targets (bleepingcomputer.com)

• Russian APT29 hackers abuse Azure services to hack Microsoft 365 users (bleepingcomputer.com)

• Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign (darkreading.com)

• Russian hackers target Ukraine with default Word template hijacker (bleepingcomputer.com)

• Estonia says it repelled major cyber attack after removing Soviet monuments | Reuters

Nation State Actors – China

• Western companies wake up to China risk | Financial Times (ft.com)

• China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year (thehackernews.com)

• China-linked RedAlpha behind multi-year credential theft campaign - Security Affairs

• Chinese Cyberspy Group 'RedAlpha' Targeting Governments, Humanitarian Entities | SecurityWeek.Com

• China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (darkreading.com)

• Chinese takeover of tech company blocked over security fears (telegraph.co.uk)

• 3 ways China's access to TikTok data is a security risk | CSO Online

• Montana flagged bugs in cow app exploited in alleged China hack | Business and Economy | Al Jazeera

• APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques - Help Net Security

Nation State Actors – North Korea

• North Korean hackers use signed macOS malware to target IT job seekers (bleepingcomputer.com)

• Mac Attack: North Korea's Lazarus APT Targets Apple's M1 Chip (darkreading.com)

Vulnerability Management

• Zero Day Initiative seeing an increase in failed patches (techtarget.com)

• Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches | SecurityWeek.Com

• Which Security Bugs Will Be Exploited? Researchers Create an ML Model to Find Out (darkreading.com)

Vulnerabilities

• CISA adds 7 vulnerabilities to list of bugs exploited by hackers (bleepingcomputer.com)

• Google patches yet another Chrome zero-day vulnerability (techtarget.com)

• Chrome browser gets 11 security fixes with 1 zero-day – update now! – Naked Security (sophos.com)

• Cisco fixes High-Severity bug in Secure Web Appliance - Security Affairs

• Exploit out for critical Realtek flaw affecting many networking devices (bleepingcomputer.com)

• Software Patches Flaw on macOS Could Let Hackers Bypass All Security Levels - Infosecurity Magazine (infosecurity-magazine.com)

• Safari 15.6.1 fixes a zero-day flaw actively exploited in the wild - Security Affairs

• Rapid7: Cisco ASA and ASDM flaws went unpatched for months (techtarget.com)

• Windows Vulnerability Could Crack DC Server Credentials Open (darkreading.com)

• ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors (thehackernews.com)

• PoC exploit code for the critical Realtek RCE flaw released online - Security Affairs

Other News

• Exploiting stolen session cookies to bypass multi-factor authentication (MFA) - Help Net Security

• The Future of Endpoint Management | SecurityWeek.Com

• Janet Jackson music video given CVE for crashing laptops • The Register

• More Evil Markets | How It's Never Been Easier To Buy Initial Access To Compromised Networks - SentinelOne

• How aware are organisations of the importance of endpoint management security? - Help Net Security

• The Future of Cyber Security is Prevention | SecurityWeek.Com

• Signal/Twilio Incident - How Secure Are SMS Verifications? Experts Weigh (informationsecuritybuzz.com)

• DigitalOcean Discloses Impact From Recent Mailchimp Cyber Attack | SecurityWeek.Com

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.