Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 28th July 2023
Black Arrow Cyber Threat Briefing 28 July 2023:
-Half of UK businesses Struggle to Fill Cyber Security Skills Gap as Companies Encounter Months-long Delays in Filling Critical Security Positions
-Deloitte Joins fellow Big Four MOVEit victims PWC, EY as MOVEit Victims Exceeds 500
-Why Cyber Security Should Be Part of Your ESG Strategy
-Lawyers Take Frontline Role in Business Response to Cyber Attacks
-Organisations Face Record $4.5M Per Data Breach Incident
-Cryptojacking Soars as Cyber Attacks Diversify
-Ransomware Attacks Skyrocket in 2023
-Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
-Protect Your Data Like Your Reputation Depends on It (Because it Does)
-Why CISOs Should Get Involved with Cyber Insurance Negotiation
-Companies Must Have Corporate Cyber Security Experts, SEC Says
-Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Half of UK Businesses Struggle to Fill Cyber Security Skills Gap
Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.
In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.
With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.
https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725
https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/
Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500
The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.
Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.
https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/
https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/
Why Cyber Security Should Be Part of Your ESG Strategy
Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.
Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.
https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy
Lawyers Take Frontline Role in Business Response to Cyber Attacks
Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.
In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.
https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331
Organisations Face Record $4.5M Per Data Breach Incident
In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.
https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident
Cryptojacking Soars as Cyber Attacks Diversify
According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.
https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/
Ransomware Attacks Skyrocket in 2023
Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.
The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.
https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/
Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk
Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.
Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.
https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/
https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt
https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/
Protect Your Data Like Your Reputation Depends on It (Because it Does)
Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.
It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.
Why CISOs Should Get Involved with Cyber Insurance Negotiation
Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.
Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.
Companies Must Have Corporate Cyber Security Experts, SEC Says
A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.
The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.
The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.
Over 400,000 Corporate Credentials Stolen by Info-stealing Malware
Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.
With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.
https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023
Governance, Risk and Compliance
Data Breaches Cost Businesses $4.5M on Average (darkreading.com)
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Companies encounter months-long delays in filling critical security positions - Help Net Security
Enterprises should layer-up security to avoid legal repercussions - Help Net Security
Explaining risk maturity models and how they work | TechTarget
Why cyber security should be part of your ESG strategy | Computer Weekly
The old “trust but verify” adage should be the motto for every CISO | CSO Online
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security
The critical cyber security backup plan too many companies are ignoring (cnbc.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)
Why whistleblowers in cyber security are important and need support | CSO Online
Threats
Ransomware, Extortion and Destructive Attacks
Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)
Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Millions of people's healthcare files accessed by Clop gang • The Register
Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)
Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek
The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop
Risk & Repeat: Are data extortion attacks ransomware? | TechTarget
ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)
Ransomware: Sophos says most universities pay | Times Higher Education (THE)
Ransomware Victims
PwC has data leaked on the clear web - Cyber Security Connect
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Millions of people's healthcare files accessed by Clop gang • The Register
Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek
Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)
Phishing & Email Based Attacks
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
BEC – Business Email Compromise
Artificial Intelligence
Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security
UN Security Council to hold first talks on AI risks | Reuters
Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security
ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)
Lots of sensitive data is still being posted to ChatGPT | TechRadar
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
The Good, the Bad and the Ugly of Generative AI - SecurityWeek
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Intel's deepfake detector tested on real and fake videos - BBC News
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Malware
Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)
Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)
The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)
Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)
New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)
Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security
Mobile
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch
Botnets
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Denial of Service/DoS/DDOS
Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
BYOD
Internet of Things – IoT
Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek
Data Breaches/Leaks
Capita breach class action nears 1,000 sign-ups • The Register
VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register
Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews
NATO investigating apparent breach of unclassified information sharing platform | CyberScoop
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs
Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)
Organised Crime & Criminal Actors
The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Cryptojacking soars as cyber attacks increase, diversify - Help Net Security
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)
Consumers demand more from businesses when it comes to security - Help Net Security
CISOs gear up to combat the rising threat of B2B fraud - Help Net Security
MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian
Insurance
Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)
Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal
Dark Web
BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)
How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)
Supply Chain and Third Parties
Capita breach class action nears 1,000 sign-ups • The Register
DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)
The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)
Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
Strengthening the weakest links in the digital supply chain - Help Net Security
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)
Software Supply Chain
Cloud/SaaS
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Shadow IT
Encryption
Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)
Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)
API
Open Source
New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)
Rust-based malware used to hack both Windows and Linux servers - Neowin
Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)
New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)
Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
How to avoid LinkedIn phishing attacks in the enterprise | TechTarget
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Training, Education and Awareness
Travel
Parental Controls and Child Safety
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Stanford researchers find Mastodon has a massive child abuse material problem - The Verge
Regulations, Fines and Legislation
SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)
Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop
Data Protection
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)
Careers, Working in Cyber and Information Security
Companies encounter months-long delays in filling critical security positions - Help Net Security
Bridging the cyber security skills gap through cyber range training - Help Net Security
Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)
Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)
Russian court jails cyber security executive for 14 years in treason case | Reuters
Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian
69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica
China
Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop
China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED
Stolen Microsoft key may have opened up more than inboxes • The Register
Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)
The Chinese groups accused of hacking the US and others | Reuters
Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek
Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert
China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek
North Korea
North Korean Cyber spies Target GitHub Developers (darkreading.com)
JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)
GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)
Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)
Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)
Misc/Other/Unknown
Vulnerability Management
Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget
CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)
Want to live dangerously? Try running Windows XP in 2023 • The Register
A step-by-step guide for patching software vulnerabilities - Help Net Security
Vulnerabilities
Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek
A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs
Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)
Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)
Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica
Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)
Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)
Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)
VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)
Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)
Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)
Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)
China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)
Study reveals silent Python package security fixes • The Register
Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)
Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek
Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek
Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)
WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)
Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs
Tools and Controls
Why cyber security should be part of your ESG strategy | Computer Weekly
Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)
Explaining risk maturity models and how they work | TechTarget
Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)
Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)
Zero trust rated as highly effective by businesses worldwide - Help Net Security
50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)
Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)
Why are computer security guidelines so confusing? - Help Net Security
Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)
Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)
Converging networking and security with SASE - Help Net Security
Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)
Key factors for effective security automation - Help Net Security
Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)
The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)
CISOs consider zero trust a hot security ticket - Help Net Security
How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)
Reports Published in the Last Week
Other News
Maritime Cyber attack Database Launched by Dutch University - SecurityWeek
Google’s new security pilot program will ban employee Internet access | Ars Technica
macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)
Why whistleblowers in cyber security are important and need support | CSO Online
World's most internetty firm tries life off the net • The Register
Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)
Companies Need to Prove They Can Be Trusted with Technology (hbr.org)
Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)
Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 29 July 2022
Black Arrow Cyber Threat Briefing 29 July 2022
-1 in 3 Employees Don’t Understand Why Cyber Security Is Important
-As Companies Calculate Cyber Risk, The Right Data Makes a Big Difference
-Only 25% Of Organizations Consider Their Biggest Threat to Be from Inside the Business
-The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million
-Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed
-Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline
-Phishers Targeted Financial Services Most During H1 2022
-HR Emails Dupe Employees the Most – KnowBe4 research reveals
-84% Of Organizations Experienced an Identity-Related Breach In The Past 18 Months
-Economic Downturn Raises Risk of Insiders Going Rogue
-5 Trends Making Cyber Security Threats Riskier and More Expensive
-Ransomware: Publicly Reported Incidents Are Only the Tip of the Iceberg
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
1 in 3 Employees Don’t Understand Why Cyber Security Is Important
According to a new Tessian report, 30% of employees do not think they personally play a role in maintaining their company’s cyber security posture.
What’s more, only 39% of employees say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42% of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cyber security to mention it.
Virtually all IT and security leaders agreed that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organisation’s security 8 out 10, on average, three-quarters of organisations experienced a security incident in the last 12 months.
The report suggests this could stem from a reliance on traditional training programs: 48% of security leaders say training is one of the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. With recent headlines depicting how phishing simulations can go awry, negative experiences like these further alienate employees and decrease engagement.
https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/
As Companies Calculate Cyber Risk, the Right Data Makes a Big Difference
The proposed US Securities and Exchange Commission’s stronger rules for reporting cyber attacks will have ramifications beyond increased disclosure of attacks to the public. By requiring not just quick reporting of incidents, but also disclosure of cyber policies and risk management, such regulation will ultimately bring more accountability for cyber security to the highest levels of corporate leadership. Other jurisdictions will very likely follow the US in requiring more stringent cyber controls and governance.
This means that boards and executives everywhere will need to increase their understanding of cyber security, not only from a tech point of view, but from a risk and business exposure point of view. The CFO, CMO and the rest of the C-suite and board will want and need to know what financial exposure the business faces from a data breach, and how likely it is that breaches will happen. This is the only way they will be able to develop cyber policies and plans and react properly to the proposed regulations.
Companies will therefore need to be able to calculate and put a dollar value on their exposure to cyber risk. This is the starting point for the ability to make cyber security decisions not in a vacuum, but as part of overall business decisions. To accurately quantify cyber security exposure, companies need to understand what the threats are and which data and business assets are at risk, and they then need to multiply the cost of a breach by the probability that such an event will take place in order to put a dollar figure on their exposure.
While there are many automated tools, including those that use artificial intelligence (AI), that can help with this, the key to doing this well is to make sure calculations are rooted in real and relevant data – which is different for each company or organisation.
Only 25% Of Organisations Consider Their Biggest Threat to Be from Inside the Business
A worrying 73.5% of organisations feel they have wasted the majority of their cyber security budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul.
Only 25% of organisations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cyber security challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.
The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33% of respondents stating that it still takes their organisation days and weeks to detect threats, with 6% not being able to detect them at all.
https://www.helpnetsecurity.com/2022/07/28/biggest-threat-inside-the-business/
The Global Average Cost of a Data Breach Reaches an All-Time High of $4.35 Million
IBM Security released the 2022 Cost of a Data Breach Report, revealing costlier and higher-impact data breaches than ever before, with the global average cost of a data breach reaching an all-time high of $4.35 million for studied organisations.
With breach costs increasing nearly 13% over the last two years of the report, the findings suggest these incidents may also be contributing to rising costs of goods and services. In fact, 60% of studied organisations raised their product or services prices due to the breach, when the cost of goods is already soaring worldwide amid inflation and supply chain issues.
The perpetuality of cyber attacks is also shedding light on the “haunting effect” data breaches are having on businesses, with the IBM report finding 83% of studied organisations have experienced more than one data breach in their lifetime. Another factor rising over time is the after-effects of breaches on these organisations, which linger long after they occur, as nearly 50% of breach costs are incurred more than a year after the breach.
The 2022 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.
https://www.helpnetsecurity.com/2022/07/27/2022-cost-of-a-data-breach-report/
Race Against Time: Hackers Start Hunting for Victims Just 15 Minutes After a Bug Is Disclosed
Attackers are becoming faster at exploiting previously undisclosed zero-day flaws, according to Palo Alto Networks. This means that the amount of time that system admins have to patch systems before exploitation happens is shrinking fast..
The company warns in its 2022 report covering 600 incident response (IR) cases that attackers typically start scanning for vulnerabilities within 15 minutes of one being announced.
Among this group are 2021's most significant flaws, including the Exchange Server ProxyShell and ProxyLogon sets of flaws, the persistent Apache Log4j flaws aka Log4Shell, the SonicWall zero-day flaws, and Zoho ManageEngine ADSelfService Plus.
While phishing remains the biggest method for initial access, accounting for 37% of IR cases, software vulnerabilities accounted of 31%. Brute-force credential attacks (like password spraying) accounted for 9%, while smaller categories included previously compromised credentials (6%), insider threat (5%), social engineering (5%), and abuse of trusted relationships/tools (4%).
Over 87% of the flaws identified as the source of initial access fell into one of six vulnerability categories.
Ransomware-as-a-Service Groups Forced to Change Tack as Payments Decline
Ransomware-as-a-service (RaaS) operators are evolving their tactics yet again in response to more aggressive law enforcement efforts, in a move that is reducing their profits but also making affiliates harder to track, according to Coveware.
The security vendor’s Q2 2022 ransomware report revealed that concerted efforts to crack down on groups like Conti and DarkSide have forced threat actors to adapt yet again.
It identified three characteristics of RaaS operations that used to be beneficial, but are increasingly seen as a hinderance.
The first is RaaS branding, which has helped to cement the reputation of some groups and improve the chances of victims paying, according to Coveware. However, branding also makes attribution easier and can draw the unwanted attention of law enforcement, it said.
“RaaS groups are keeping a lower profile and vetting affiliates and their victims more thoroughly,” Coveware explained.
“More RaaS groups have formed, resulting in less concentration among the top few variants. Affiliates are frequently shifting between RaaS variants on different attacks, making attribution beyond the variant more challenging.”
In some cases, affiliates are also using “unbranded” malware to make attribution more difficult, it added.
The second evolution in RaaS involves back-end infrastructure, which used to enable scale and increase profitability. However, it also means a larger attack surface and a digital footprint that’s more expensive and challenging to maintain.
As a result, RaaS developers are being forced to invest more in obfuscation and redundancy, which is hitting profits and reducing the amount of resources available for expansion, Coveware claimed.
Finally, RaaS shared services used to help affiliates with initial access, stolen data storage, negotiation management and leak site support.
https://www.infosecurity-magazine.com/news/raas-groups-forced-change-payments/
Phishers Targeted Financial Services Most During H1 2022
Banks received the lion’s share of phishing attacks during the first half of 2022, according to figures published by cyber security company Vade.
The analysis also found that attackers were most likely to send their phishing emails on weekdays, with most arriving between Monday and Wednesday. Attacks tapered off towards the end of the week, Vade said.
While financial services scored highest on a per-sector basis, Microsoft was the most impersonated brand overall. The company’s Microsoft 365 cloud productivity services are a huge draw for cyber-criminals hoping to access accounts using phishing attacks.
Phishing attacks on Microsoft customers have become more creative, according to Vade, which identified several phone-based attacks. It highlighted a campaign impersonating Microsoft’s Defender anti-malware product, fraudulently warning that the company had debited a subscription fee. It encouraged victims to fix the problem by phone.
Facebook came a close second, followed by financial services company Crédit Agricole, WhatsApp and Orange.
https://www.infosecurity-magazine.com/news/phishers-financial-services-h1-2022/
HR Emails Dupe Employees the Most – KnowBe4 research reveals
In phishing tests conducted on business emails, more than half of the subject lines clicked imitated Human Resources communications.
New research has revealed the top email subjects clicked on in phishing tests were those related to or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.
KnowBe4’s CEO commented “More than 80% of company data breaches globally come from human error, so security awareness training for your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”
This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category.
84% Of Organisations Experienced an Identity-Related Breach in the Past 18 Months
60% of IT security decision makers believe their overall security strategy does not keep pace with the threat landscape, and that they are either lagging behind (20%), treading water (13%), or merely running to keep up (27%), according to a survey by Sapio Research.
The report also highlights differences between the perceived and actual effectiveness of security strategies. While 40% of respondents believe they have the right strategy in place, 84% of organisations reported that they have experienced an identity-related breach or an attack using stolen credentials during the previous year and a half.
Promisingly, many organisations are hungry to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents state that their organisations fully recognise the importance of identity security in enabling them to achieve their business goals, and 87% say that it is one of the most important security priorities for the next 12 months.
However, 75% of IT and security professionals also believe that they’ll fall short of protecting privileged identities because they won’t get the support they need. This is largely due to a lack of budget and executive alignment, with 63% of respondents saying that their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks. This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cyber criminals looking to discover privileged accounts and abuse them.
https://www.helpnetsecurity.com/2022/07/28/identity-related-breach/
Economic Downturn Raises Risk of Insiders Going Rogue
Declining economic conditions could make insiders more susceptible to recruitment offers from threat actors looking for allies to assist them in carrying out various attacks.
Enterprise security teams need to be aware of the heightened risk and strengthen measures for protecting against, detecting, and responding to insider threats, researchers from Palo Alto Network's Unit 42 threat intelligence team recommended in a report this week.
The security vendor's report highlighted several other important takeaways for security operations teams, including the fact that ransomware and business email compromise attacks continue to dominate incident response cases and vulnerability exploits — accounting for nearly one-third of all breaches.
Unit 42 researchers analysed data from a sampling of over 600 incident response engagements between April 2021 and May 2022 and determined that difficult economic times could lure more actors to cyber crime. This could include both people with technical skills looking to make a fast buck, as well as financially stressed insiders with legitimate access to valuable enterprise data and IT assets. The prevalence of remote and hybrid work models has created an environment where it's easier for workers to steal intellectual property or carry out other malicious activity, the researchers found.
https://www.darkreading.com/risk/economic-downturn-raises-the-risk-of-insiders-going-rogue
5 Trends Making Cyber Security Threats Riskier and More Expensive
Since the pandemic the cyber world has become a far riskier place. According to the Hiscox Cyber Readiness Report 2022, almost half (48%) of organisations across the US and Europe experienced a cyber attack in the past 12 months. Even more alarming is that these attacks are happening despite businesses doubling down on their cyber security spend.
Cyber security is at a critical inflection point where five megatrends are making the threat landscape riskier, more complicated, and costlier to manage than previously reported. To better understand the evolution of this threat landscape, let’s examine these trends in more detail.
Everything becomes digital
Organisations become ecosystems
Physical and digital worlds collide
New technologies bring new risks
Regulations become more complex
Organisations can follow these best practices to elevate cyber security performance:
Identify, prioritise, and implement controls around risks.
Adopt a framework such as ISO 27001 or NIST Cyber Security Framework.
Develop human-layered cyber security.
Fortify your supply chain.
Avoid using too many tools.
Prioritise protection of critical assets.
Automate where you can.
Monitor security metrics regularly to help business leaders get insight into security effectiveness, regulatory compliance, and levels of security awareness in the organisation.
Cyber security will always be a work in progress. The key to effective risk management is having proactive visibility and context across the entire attack surface. This helps to understand which vulnerabilities, if exploited, can cause the greatest harm to the business. Not all risks can be mitigated; some risks will have to be accepted and trade-offs will have to be negotiated.
Ransomware: Publicly Reported Incidents Are Only the Tip of the Iceberg
The threat landscape report on ransomware attacks published this week by the European Union Agency for Cybersecurity (ENISA) uncovers the shortcomings of the current reporting mechanisms across the EU.
As one of the most devastating types of cyber security attacks over the last decade, ransomware, has grown to impact organisations of all sizes across the globe.
This threat landscape report analysed a total of 623 ransomware incidents across the EU, the United Kingdom and the United States for a reporting period from May 2021 to June 2022. The data was gathered from governments' and security companies' reports, from the press, verified blogs and in some cases using related sources from the dark web.
Between May 2021 and June 2022 about 10 terabytes of data were stolen each month by ransomware threat actors. 58.2% of the data stolen included employees' personal data.
At least 47 unique ransomware threat actors were found.
For 94.2% of incidents, we do not know whether the company paid the ransom or not. However, when the negotiation fails, the attackers usually expose and make the data available on their webpages. This is what happens in general and is a reality for 37.88% of incidents.
We can therefore conclude that the remaining 62.12% of companies either came to an agreement with the attackers or found another solution.
The study also shows that companies of every size and from all sectors are affected.
The figures in the report can however only portray a part of the overall picture. In reality, the study reveals that the total number of ransomware attacks is much larger. At present this total is impossible to capture since too many organisations still do not make their incidents public or do not report on them to the relevant authorities.
Threats
Ransomware
LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top (darkreading.com)
Ransomware looms large over the cyber insurance industry - Help Net Security
800,000 businesses fall victim to ransomware each year (komando.com)
Business services top target of ransomware attacks (securitybrief.co.nz)
How Crypto is Driving the Ransomware Epidemic | Cryptoland Roundtable - YouTube
On security researcher's newsletter, exposing cyber criminals behind ransomware - CyberScoop
LockBit ransomware abuses Windows Defender to load Cobalt Strike (bleepingcomputer.com)
Mailing List Provider WordFly Scrambling to Recover Following Ransomware Attack | SecurityWeek.Com
No More Ransom helps millions of ransomware victims in 6 years (bleepingcomputer.com)
Lockbit ransomware gang claims to have breached the Italian Revenue Agency - Security Affairs
Lockbit Ramps Up Attacks on Public Sector - Infosecurity Magazine (infosecurity-magazine.com)
A ‘Top Tier’ Hacking Gang Is Likely To Be Behind Entrust Ransomware (informationsecuritybuzz.com)
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices (darkreading.com)
Ransomware caused American Dental Association outage, led to stolen data (scmagazine.com)
The road to ransomware recovery starts before an attack • The Register
BEC – Business Email Compromise
Phishing & Email Based Attacks
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands | Threatpost
Phishing scam targeting Bank of America, Citi and Wells Fargo customers (komando.com)
APT-Like Phishing Threat Mirrors Landing Pages (darkreading.com)
New Callback Malware Campaign Impersonates Legitimate Cyber Security Providers - MSSP Alert
Phishing Attacks: Microsoft Leads Top 25 of Impersonated Brands - MSSP Alert
1,000s of Phishing Attacks Blast Off From InterPlanetary File System (darkreading.com)
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo (bleepingcomputer.com)
Other Social Engineering; SMishing, Vishing, etc
Malware
Cisco Incident Response Report: Commodity Malware Top Threat in Q2 - MSSP Alert
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us | Ars Technica
As Microsoft blocks Office macros, hackers find new attack vectors (bleepingcomputer.com)
Microsoft Links Raspberry Robin USB Worm to Russian Evil Corp Hackers (thehackernews.com)
Microsoft links Raspberry Robin malware to Evil Corp attacks (bleepingcomputer.com)
Malware-laced npm packages used to target Discord users - Security Affairs
CosmicStrand UEFI malware found in Gigabyte, ASUS motherboards (bleepingcomputer.com)
Sophisticated UEFI rootkit of Chinese origin shows up again in the wild after 3 years | CSO Online
Attackers are slowly abandoning malicious macros - Help Net Security
One of the most beloved Windows tools could actually be a huge security risk | TechRadar
QBot phishing uses Windows Calculator DLL hijacking to infect devices (bleepingcomputer.com)
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike (trendmicro.com)
Microsoft: Austrian company DSIRF selling Subzero malware (techtarget.com)
Threat actors leverages DLL-SideLoading to spread Qakbot - Security Affairs
Rare 'CosmicStrand' UEFI Rootkit Swings into Cyber crime Orbit (darkreading.com)
Mobile
Here are the top phone security threats in 2022 and how to avoid them | ZDNet
New Android malware apps installed 10 million times from Google Play (bleepingcomputer.com)
Roaming Mantis Financial Hackers Targeting Android and iPhone Users in France (thehackernews.com)
Facebook ads push Android adware with 7 million installs on Google Play (bleepingcomputer.com)
Millions of Android devices infected with wallet-draining malware | TechRadar
Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware (thehackernews.com)
Internet of Things – IoT
IoT Botnets Fuels DDoS Attacks – Are You Prepared? | Threatpost
Dahua IP Camera Vulnerability Could Let Attackers Take Full Control Over Devices (thehackernews.com)
Data Breaches/Leaks
US court system suffered ‘incredibly significant attack’ • The Register
Congress Warns of US Court Records System Breach - Infosecurity Magazine (infosecurity-magazine.com)
Uber admits covering up massive 2016 data breach in settlement with US prosecutors - The Verge
T-Mobile to pay $500M for one of the largest data breaches in US history [Updated] | Ars Technica
Data Stolen in Breach at Security Company Entrust | SecurityWeek.Com
Fallout from massive Shanghai Police data breach reverberates on dark web - CyberScoop
Big Questions Remain Around Massive Shanghai Police Data Breach (darkreading.com)
Organised Crime & Criminal Actors
Cyber-mercenaries represent shifting criminal business model • The Register
Messaging Apps Tapped as Platform for Cyber Criminal Activity | Threatpost
Teenager Jailed for Snapchat Blackmail Cyber Crimes- IT Security Guru
DUCKTAIL operation targets Facebook’s Business and Ad accounts - Security Affairs
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto fraud on the rise as consumers fall for fake celebrity endorsements | Cybernews
Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection (thehackernews.com)
NFT Hacking Group Attacks On The Rise, Report Finds- IT Security Guru
Hackers steal $6 million from blockchain music platform Audius (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Major shifts and the growing risk of identity fraud - Help Net Security
JPMorgan, UBS accused of shoddy identity theft protection • The Register
Euro Police Bust €3m Internet Fraud Gang - Infosecurity Magazine (infosecurity-magazine.com)
Romance scammers jailed after tricking Irish OAP out of €250k (bitdefender.com)
What the Titanic Can Teach Us About Fraud? | SecurityWeek.Com
AML/CFT/Sanctions
Insurance
Dark Web
Cyber crime goods and services are cheap and plentiful - Help Net Security
Hackers Selling Malware on Dark Web Underground Market (cybersecuritynews.com)
Supply Chain and Third Parties
Software Supply Chain
Denial of Service DoS/DDoS
Akamai blocked the largest DDoS attack ever on its European customers - Security Affairs
DDoS Attack Trends in 2022: Ultrashort, Powerful, Multivector Attacks (bleepingcomputer.com)
Cloud/SaaS
Kansas MSP shuts down cloud services to fend off cyber attack (bleepingcomputer.com)
Organisations are struggling with SaaS security. Why? - Help Net Security
Attack Surface Management
Identity and Access Management
Encryption
Transport Layer Security (TLS): Issues & Protocol (trendmicro.com)
SSH2 vs. SSH1 and why SSH versions still matter (techtarget.com)
Passwords, Credential Stuffing & Brute Force Attacks
Using Account Lockout policies to block Windows Brute Force Attacks (bleepingcomputer.com)
Stop Putting Your Accounts At Risk, and Start Using a Password Manager (thehackernews.com)
Social Media
Facebook security cracked by Malware made in Vietnam • The Register
Cyber-Criminal Offers 5.4m Twitter Users’ Data - Infosecurity Magazine (infosecurity-magazine.com)
Training, Education and Awareness
Privacy
Law Enforcement Action and Take Downs
UK Seizes Nearly $27m in Crypto-Assets - Infosecurity Magazine (infosecurity-magazine.com)
European Cops Helped 1.5 Million People Decrypt Their Ransomwared Computers (vice.com)
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Cyberspies use Google Chrome extension to steal emails undetected (bleepingcomputer.com)
Microsoft says it caught an Austrian spyware group using Windows 0-day exploits - The Verge
Pegasus spyware: Just 'tip of the iceberg' seen so far • The Register
Cyber attacks by Iran and Israel now target critical infrastructure. - The Washington Post
US and Ukraine Sign Agreement to Deepen Cyber security Operational Collaboration - MSSP Alert
CISA, Ukrainian cyber agency deepen partnership to combat Russian threat - CyberScoop
How is Anonymous attacking Russia? The top six ways ranked (cnbc.com)
European Lawmaker Targeted With Cytrox Predator Surveillance Spyware | SecurityWeek.Com
Nation State Actors
Nation State Actors – Russia
Russia is quietly ramping up its Internet censorship machine | Ars Technica
Apple network traffic takes mysterious detour through Russia • The Register
Nation State Actors – China
Chinese APTs: Interlinked networks and side hustles – Intrusion Truth (wordpress.com)
OneWeb sale risks giving China a stake in ‘Five Eyes’ spying tech (telegraph.co.uk)
Nation State Actors – North Korea
North Korean Hackers Using Malicious Browser Extension to Spy on Email Accounts (thehackernews.com)
North Korean hackers attack EU targets with Konni RAT malware (bleepingcomputer.com)
US puts $10 million bounty on North Korean threat groups • The Register
Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37? Security Affairs
Nation State Actors – Iran
Vulnerability Management
Hackers scan for vulnerabilities within 15 minutes of disclosure (bleepingcomputer.com)
Attackers Have 'Favourite' Vulnerabilities to Exploit (darkreading.com)
Taking the Risk-Based Approach to Vulnerability Patching (thehackernews.com)
Organisations struggle to manage devices and stay ahead of vulnerabilities - Help Net Security
2022 Unit 42 Incident Response Report: How Attackers Exploit Zero-Days (paloaltonetworks.com)
Security Teams Overwhelmed With Bugs, Bitten by Patch Prioritization (darkreading.com)
Time between vuln disclosures, exploits is getting smaller • The Register
Vulnerabilities
Critical Samba bug could let anyone become Domain Admin – patch now! – Naked Security (sophos.com)
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware (darkreading.com)
How to Fix CVE-2022-30190 vulnerability using Microsoft Intune - CloudInfra
CISA releases IOCs for attacks exploiting Log4Shell in VMware Horizon and UAG | CSO Online
Critical FileWave MDM Flaws Open Organisation-Managed Devices to Remote Hackers (thehackernews.com)
Hackers are abusing IIS extensions to establish covert backdoors - Security Affairs
FileWave fixes bugs that left 1,000+ orgs open to ransomware • The Register
Google Chrome Zero-day Vulnerability Discovered By Avast (informationsecuritybuzz.com)
LibreOffice fixed 3 flaws, including a code execution issue - Security Affairs
Drupal developers fixed a code execution flaw in the popular CMS - Security Affairs
LibreOffice Releases Software Update to Patch 3 New Vulnerabilities (thehackernews.com)
Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores (thehackernews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
Reports Published in the Last Week
Other News
A Retrospective on the 2015 Ashley Madison Breach – Krebs on Security
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications (darkreading.com)
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office | Threatpost
Microsoft again reverses course, will block macros by default (scmagazine.com)
Is Your Home or Small Business Built on Secure Foundations? Think Again… (darkreading.com)
Infosec pros want more industry cooperation and support for open standards - Help Net Security
We pass cyber attack costs onto customers, businesses admit • The Register
How to Combat the Biggest Security Risks Posed by Machine Identities (thehackernews.com)
Discord, Telegram Services Hijacked to Launch Array of Cyber Attacks (darkreading.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 February 2022
Black Arrow Cyber Threat Briefing 11 February 2022:
-UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected
-Ransomware Groups and APT Actors Laser-Focused on Financial Services
-Why the C-Suite Should Focus on Understanding Cybersecurity and Investing Appropriately
-Almost $1.3bn Paid to Ransomware Actors Since 2020
-Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence
-Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defenses
-LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
-2021 Was The Most Prolific Year On Record For Data Breaches
-$1.3 Billion Lost to Romance Scams in the Past Five Years
-Cyber Security Compliance Still Not A Priority For Many
-The World is Falling Victim to the Growing Trickbot Attacks in 2022
-“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
UK, US, Australia Issue Joint Advisory: Ransomware on the Loose, Critical National Infrastructure Affected
Firms shelled out $5bn in Bitcoin in 6 months
Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre (NCSC) has warned.
In a joint UK-US-Australia advisory issued this week, the three countries said they had "observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organisations globally."
The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West – though today's note insists there was a move by criminals away from "big game hunting" against US targets.
Among the main threats facing Western organisations were the use of "cybercriminal services-for-hire". These, as detailed in the advisory, include "independent services to negotiate payments, assist victims with making payments, and arbitrate payment disputes between themselves and other cyber criminals."
https://www.theregister.com/2022/02/09/uk_us_au_ransomware_warning/
Ransomware Groups and APT Actors Laser-Focused on Financial Services
Trellix released a report, examining cybercriminal behaviour and activity related to cyber threats in the third quarter (Q3) of 2021. Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.
“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Trellix.
https://www.helpnetsecurity.com/2022/02/07/cyber-threats-q3-2021/
Why the C-Suite Should Focus on Understanding Cyber Security and Investing Appropriately
Trend Micro has published a research revealing that persistently low IT/C-suite engagement may imperil investments and expose organisations to increased cyber risk. Over 90% of the IT and business decision makers surveyed expressed particular concern about ransomware attacks.
Despite widespread concern over spiralling threats, the study found that only 57% of responding IT teams discuss cyber risks with the C-suite at least weekly.
Vulnerabilities used to go months or even years before being exploited after their discovery.
“Now it can be hours, or even sooner. More executives than ever understand that they have a responsibility to be informed, but they often feel overwhelmed by how rapidly the cyber security landscape evolves. IT leaders need to communicate with their board in such a way that they can understand where the organisation’s risk is and how they can best manage it.”
https://www.helpnetsecurity.com/2022/02/10/c-suite-engagement/
Almost $1.3bn Paid to Ransomware Actors Since 2020
Cryptocurrency experts have identified $602m of ransomware payments made in 2021, but warned the real figure will likely surpass the $692m paid to cybercrime groups in 2020.
The findings come from the Ransomware Crypto Crime Report produced by blockchain investigations and analytics company Chainalysis. It reveals some fascinating insight into current industry trends.
Average payment size has soared over recent years, from $25,000 in 2019 to $88,000 a year later and $118,000 in 2021. That’s due in part to a surge in targeted attacks on major organisations, known as “big-game hunting,” which can net threat actors tens of millions in a single compromise.
“This big-game hunting strategy is enabled in part by ransomware attackers’ usage of tools provided by third-party providers to make their attacks more effective,” the report explained. “Usage of these services by ransomware operators spiked to its highest ever levels in 2021.”
https://www.infosecurity-magazine.com/news/almost-13bn-paid-to-ransomware/
Cyber Crooks Frame Targets by Planting Fabricated Digital Evidence
The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs.
Threat actors are hijacking the devices of India’s human rights lawyers, activists and defenders, planting incriminating evidence to set them up for arrest, researchers warn.
The actor, dubbed ModifiedElephant, has been at it for at least 10 years, and it’s still active. It’s been shafting targets since 2012, if not sooner, going after hundreds of groups and individuals – some repeatedly – according to SentinelLabs researchers.
The operators aren’t what you’d call technical prodigies, but that doesn’t matter. Threat researchers at SentinelOne, said that the advanced persistent threat (APT) group – which may be tied to the commercial surveillance industry – has been muddling along just fine using rudimentary hacking tools such as commercially available remote-access trojans (RATs)
https://threatpost.com/cybercrooks-frame-targets-plant-incriminating-evidence/178384/
Highly Evasive Adaptive Threats (HEAT) Bypassing Traditional Security Defences
Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defences.
HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.
In an analysis of almost 500,000 malicious domains, the research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, there was a 224% increase in HEAT attacks.
“With the abrupt move to remote working in 2020, every organisation had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Menlo Security.
https://www.helpnetsecurity.com/2022/02/08/cyberthreats-bypass-security-defences/
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
Law enforcement, C-suite executives and the cyber security community at-large have been laser-focused on stopping the expensive and disruptive barrage of ransomware attacks — and it appears to be working, at least to some extent. Nonetheless, recent moves from the LockBit 2.0 and BlackCat gangs, plus this weekend’s hit on the Swissport airport ground-logistics company, shows the scourge is far from over.
It’s more expensive and riskier than ever to launch ransomware attacks, and ransomware groups have responded by mounting fewer attacks with higher ransomware demands, Coveware has reported, finding that the average ransomware payment in the fourth quarter of last year climbed by 130 percent to reach $322,168. Likewise, Coveware found a 63 percent jump in the median ransom payment, up to $117,116.
“Average and median ransom payments increased dramatically during Q4, but we believe this change was driven by a subtle tactical shift by ransomware-as-a-service (RaaS) operations that reflected the increasing costs and risks previously described,” Coveware analysts said. “The tactical shift involves a deliberate attempt to extort companies that are large enough to pay a ‘big game’ ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low.”
https://threatpost.com/lockbit-blackcat-swissport-ransomware-activity/178261/
2021 Was The Most Prolific Year On Record For Data Breaches
Spirion released a guide which provides a detailed look at sensitive data breaches in 2021 derived from analysis conducted against the Identity Theft Resource Center (ITRC) database of publicly reported data breaches in the United States.
The guide is based on the analysis of more than 1,500 data incidents that occurred in the United States during 2021 that specifically involved sensitive data, including personally identifiable information (PII). The report identifies the top sensitive data breaches by the number of individuals impacted, number of records compromised, threat actor, exposure vector, and types of sensitive data exposed by industry sector.
2021 was the most prolific year on record for data breaches, surpassing 2017’s all-time high. Last year a total of 1,862 data compromises were reported by US organisations—a 68 percent increase over 2020. ITRC data revealed that 83% of the year’s incidents exposed 889 million sensitive data records that impacted more than 150 million individuals.
https://www.helpnetsecurity.com/2022/02/09/2021-sensitive-data-breaches/
$1.3 Billion Lost to Romance Scams in the Past Five Years
Romance scams are reaching record-highs, regulators warn.
Netflix's new documentary, The Tinder Swindler, is a wild ride.
The show examines how an alleged fraudster impacted the lives of multiple women, matching with them on Tinder and treating them to expensive dates to gain their trust -- and eventually asking for huge sums of money.
While you may watch the show and wonder how someone -- no matter their gender -- could allow themselves to be swindled out of their savings, romance scams are common, breaking hearts and wiping bank balances around the world every day.
We've moved on from the days of "lonely hearts" columns to dating apps, and they're popular channels to conduct fraud.
Fake profiles, stolen photos and videos, and sob stories from fraudsters (their car has broken down, they can't afford to meet a match, or, in The Tinder Swindler's case, their "enemies" are after them) are all weapons designed to secure interest and sympathy.
https://www.zdnet.com/article/1-3-billion-lost-to-romance-scams-in-the-past-five-years-ftc/
Cyber Security Compliance Still Not A Priority For Many
IBM survey suggests that cyber security still isn't a priority for many companies
The most consistent data point in the IBM i Marketplace Survey Results over recent years has been the ever-present cyber security threat. This year is no exception. The study shows that 62% of organisations consider cyber security a number one concern as they plan their IT infrastructure. 22% cite regulations and compliance in their top five. While companies that prioritise security seem to be implementing multiple solutions, it’s still alarming that nearly half of them do not plan to implement them.
The complexity of cyber security often leaves industry leaders confused and overwhelmed, unable to produce the sound, proactive stance that is so essential.
Cyber security standards can be confusing, but they are necessary. Tighter security can be encouraged with an understanding of cyber security guidelines
For many organisations, cyber security standards are just too complex to wrap their hands around, but that doesn’t mean it’s not necessary. Understanding how cyber security guidelines affect companies’ legal standing can help encourage tighter security.
https://www.itsecurityguru.org/2022/02/07/cybersecurity-compliance-still-not-a-priority-for-many/
The World is Falling Victim to the Growing Trickbot Attacks in 2022
The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defence to slip past antimalware products.
TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that’s employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a “Trickboot” module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.
Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat’s capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.
“We Absolutely Do Not Care About You”: Sugar Ransomware Targets Individuals
Ransomware tends to target organisations. Corporations not only house a trove of valuable data they can’t function without, but they are also expected to cough up a considerable amount of ransom money in exchange for their encrypted files. And while corporations struggle to keep up with attacks, ransomware groups have left the average consumer relatively untouched—until now.
Sugar ransomware, a new strain recently discovered by the Walmart Security Team, is a ransomware-as-a-service (RaaS) that targets single computers and (likely) small businesses, too. Sugar, also known to many as Encoded01, has been in operation since November 2021.
Threats
Ransomware
NCSC Joins US and Australian Partners to Reveal Latest Ransomware Trends - NCSC.GOV.UK
Russian Ransomware Attacks Increased During 2021, Joint Review Finds | Cybercrime | The Guardian
FBI: Watch Out For LockBit 2.0 Ransomware, Here's How To Reduce The Risk To Your Network | ZDNet
Law Enforcement Action Push Ransomware Gangs To Surgical Attacks (bleepingcomputer.com)
Europe's Biggest Car Dealer Hit With Ransomware Attack | ZDNet
Swissport Ransomware Incident Delayed Flights - Infosecurity Magazine
How a Texas Hack Changed the Ransomware Business Forever - The Record by Recorded Future
Puma Hit By Data Breach After Kronos Ransomware Attack (bleepingcomputer.com)
Vodafone Portugal Hit By A Massive Cyber Attack - Security Affairs
Fortune 500 Service Provider Says Ransomware Attack Led To Leak Of More Than 500k SSNs | ZDNet
Phishing
Hackers Using Fake Job Offers in Latest Catfishing Scheme - ClearanceJobs
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks (darkreading.com)
ICO Hit by 2650% Rise in Email Attacks - Infosecurity Magazine
Other Social Engineering
Roaming Mantis SMSishing Campaign Now Targets Europe - Security Affairs
FBI: SIM Swapping Attacks Have Surged Five-Fold - Infosecurity Magazine
Malware
Qbot Needs Only 30 Minutes To Steal Your Credentials, Emails (bleepingcomputer.com)
Linux Malware Attacks Are On The Rise, And Businesses Aren't Ready For It | ZDNet
This Password-Stealing Malware Posed As A Windows 11 Download | ZDNet
Several Malware Families Using Pay-Per-Install Service to Expand Their Targets (thehackernews.com)
Qbot, Lokibot Malware Switch Back To Windows Regsvr32 Delivery (bleepingcomputer.com)
Mobile
Medusa Malware Joins Flubot's Android Distribution Network | Threatpost
Critical Android 12 Bug Fixed In February Security Patches • The Register
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Supply Chain
DoS/DDoS
Nation State Actors
Russian APT Steps Up Malicious Cyber Activity in Ukraine (darkreading.com)
Iran Malware in HPE Server Stuns Cyber Security Experts - Bloomberg
Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign (thehackernews.com)
Cloud
Privacy
Meta Threatens to Shut Down Facebook and Instagram in Europe | The Independent
Facebook Exposes 'God Mode' Token Miscreants Could Use • The Register
Spyware, Espionage & Cyber Warfare
Vulnerabilities
Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog | ZDNet
CISA Says 'HiveNightmare' Windows Vulnerability Exploited in Attacks | SecurityWeek.Com
Microsoft Fixes Defender Flaw Letting Hackers Bypass Antivirus Scans (bleepingcomputer.com)
Microsoft and Other Major Software Firms Release February 2022 Patch Updates (thehackernews.com)
Apple Patches New Zero-Day Exploited To Hack iPhones, iPads, Macs (bleepingcomputer.com)
CISA Urges Orgs To Patch Actively Exploited Windows SeriousSAM Bug (bleepingcomputer.com)
CISA Warns Admins To Patch Maximum Severity SAP Vulnerability (bleepingcomputer.com)
Adobe Patches 13 Vulnerabilities in Illustrator | SecurityWeek.Com
PHP Everywhere RCE Flaws Threaten Thousands of WordPress Sites (bleepingcomputer.com)
Sector Specific
Financial Services Sector
Defence
Health/Medical/Pharma Sector
Retail/eCommerce
Wave of MageCart Attacks Target Hundreds Of Outdated Magento Sites (bleepingcomputer.com)
Threat Actors Compromised +500 Magento-Based E-Stores With E-Skimmers - Security Affairs
Transport and Aviation
Education and Academia
Other News
A "light" February 2022 Patch Tuesday That Should Not Be Ignored - Help Net Security
Organisations Still Struggling To Use APIs Effectively - Help Net Security
Threat Hunting: Your Best Defence Against Unknown Threats - MSSP Alert
UK Foreign and Commonwealth Office Suffered Serious Cyber Attack Earlier This Year | Reuters
European Police Flag 500+ Pieces of “Terrorist” Content - Infosecurity Magazine
A Quarter of New Online Accounts Are Fake – Report - Infosecurity Magazine
Microsoft To Make Enabling 'Untrusted' Office Macros Tougher In The Name Of Security | ZDNet
Cyber Terrorism Is a Growing Threat & Governments Must Take Action (darkreading.com)
Hackers Have Begun Adapting To Wider Use Of Multi-Factor Authentication | TechRepublic
The Race To Save The Internet From Quantum Hackers (nature.com)
Disaster Recovery Is Critical For Business Continuity - Help Net Security
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.