Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

A “Ridiculously Weak“ Password Causes Disaster for Spain’s Number 2 Mobile Carrier

Spain’s second largest mobile operator, Orange España, suffered a major outage after an unknown party obtained a “ridiculously weak” password and used it to access an account for managing the network that delivers the company’s internet traffic. The attacker had posted the account they had compromised, and researchers found that the associated system had been infected with a Raccoon type infostealer back in September of 2023. The compromised account was Orange’s RIPE administrator account, with the password “ripeadmin”. The incident led to a 50% drop in connections for a 4 hour period, and  underscores the critical importance of robust cyber security measures, including strong passwords, and serves as a stark reminder that even seemingly minor oversights can lead to significant disruptions.

Source: [Ars Technica]

Russia Kyivstar Hack Should Alarm the West, Ukraine Security Chief Warns

If Ukraine's core telephone network can be taken out, organisations in the West could easily be next, Ukraine's SBU chief says. December's cyber attack on Ukrainian telecommunications operator Kyivstar by Russian-backed threat actor ‘Sandworm’ dealt a catastrophic blow to the telecoms provider, according to Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cyber security department. It is believed that although the attack took place in December 2023, the threat actors likely had access to Kyivstar systems since May 2023.

Source: [Dark Reading]

23andMe Tells Victims It’s Their Fault Their Data Was Breached

A cyber incident at DNA data firm 23andMe started with credential stuffing 14,000 user accounts. Credential stuffing is the process by which a malicious actor uses previously harvested usernames and passwords from earlier unrelated breaches to break into other sites and services. Many of the 14,000 accounts had opted-in for a feature whereby information is shared with relatives, which meant that once compromised, attackers had access to 6.9 million users: nearly half of the user base.

Facing over 30 lawsuits from victims, 23andMe is now blaming victims, according to letters seen by victims. 23andMe stated “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe”. This has caused divide in the cyber world; on one side, recycling and failing to update passwords is poor cyber hygiene and on the other hand, there are technical controls that could have better prevented this type of well known and common attack.

Source: [TechCrunch] [The Register]

Financial Sector Faces More Cyber Attacks Than Other Sectors

A recent study found that more than three-quarters (77%) of financial organisations detected an attack on their infrastructures in 2023, compared with around two-thirds (68%) of other sectors. In particular, the study found that financial workers were at a higher than average risk of phishing compared to other workers. Despite their target attractiveness, only three-quarters (73%) of the financial sector respondents said that they have a cyber security policy in place or will do so within the next year. A separate report from Kaspersky stated that the financial sector is poised to experience an influx of artificial intelligence based attacks 2024, adding to the fire.

Sources: [SC Media] [TechRadar ]

An Innocent-Looking Instagram Trend Could Be a Gift to Hackers

A recent trend that has picked up traction at the end of December on social media apps such as Instagram and TikTok, encourages their followers to “get to know them better”. This trend gets people to answer a popular template, freely giving away personal information such as their height, date of birth, and various details that they feel strongly about including favourite food and phobias. While these questions may seem harmless, these sorts of personal details are used by companies for security questions, for example when a person wants to reset their password. Hackers can use this information to easily social engineer victims or impersonate them to get access to their accounts.

Source: [Business Insider]

Cyber Criminals Shared Millions of Stolen Records During Holiday Break

While many people unwind and enjoy their time off during the festive season, cyber criminals remain active. In fact, they leaked approximately 50 million records containing sensitive personal information during this period. These data breaches were not limited to the West; they had a global impact, affecting individuals in various countries such as Peru, Australia, South Africa, and more. It is important to note that not all the data leaks were recent; some appeared to be remnants of older incidents. For instance, some of the leaked data belonged to customers of the credit company Klarna, which was rumoured to have experienced a breach back in 2022, although it was never publicly confirmed. This ‘Free Leaksmas’ event, as it’s been dubbed, underscores the extensive global reach and serious consequences of these cyber criminal activities.

Sources: [Security Affairs] [Dark Reading]

Law Firm that Handles Data Breaches was Itself Hit by Data Breach

Orrick, Herrington & Sutcliffe, a law firm specialising in managing security incidents for other companies, has disclosed more details of the cyber attack it itself experienced in March 2023. The breach compromised the sensitive health and personal information of over 637,000 individuals. The stolen data was linked to client organisations and included the names of individuals alongside their social security numbers, medical details, and financial information. Despite the firm's expertise in cyber security, the attack highlights the pervasive risk of data breaches, even among those who advise on such matters. Orrick's delayed response and subsequent legal settlements underscore the importance of proactive security measures and swift action in the wake of a breach. This incident serves as a stark reminder to all organisations of the need for robust cyber defences and transparent communication strategies in today's digital landscape. The law firm has recently settled in principle to resolve four class action lawsuits that accused Orrick of failing to inform victims of the breach until months after the incident.

Source: [TechCrunch]

Nigerian Hacker Arrested for Stealing Millions from Charities

A Nigerian national, Olusegun Samson Adejorin, has been arrested for charges relating to business email compromise attacks that caused a charitable organisation in the US to lose more than $7.5 million. Adejorin had purchased a credential harvesting tool to steal login credentials, which were used to send emails to the charity’s financial service provider. The emails requested and authorised a transfer of $7.5 million, which the investment services provider believed it was paying to the charity whereas it was paying into a bank account controlled by the attacker.

Source: [Bleeping Computer]

Cyber Criminals Implemented Artificial Intelligence for Invoice Fraud

A cyber criminal gang known as GXC Team has been seen selling an artificial intelligence tool for creating fraudulent invoices. The tool, known as Business Invoice Swapper, scrutinises compromised emails that are fed to it, looking for emails which mention invoices or include invoice attachments. It then alters the details of the intended recipient to details specified by the perpetrator. This altered invoice then either replaces the compromised one, or is sent to a predetermined set of contacts.

Source: [Security Affairs]

Shadow IT Threatens Corporate Cyber Security, Study Reveals

With remote working becoming more and more prevalent, organisations are finding themselves at risk of cyber threats due to what is known as shadow IT; this is any software, hardware or IT resource used without the IT department’s approval, knowledge or oversight. A study by Kaspersky found of the 77% of companies that had suffered from cyber incidents over the past two years, 11% of these were directly caused by the unauthorised use of shadow IT.

Source: [Security Brief]

Escalating Cyber Threats: Bots, Fraud Farms, and Cryptojacking Surge

In the constantly evolving cyber threat landscape, 2023 has witnessed a notable surge in the use of bots, fraud farms, and cryptojacking. A new report found that 73% of web and app traffic this year has been attributed to malicious bots and fraud farms, indicating a significant shift towards automated cyber attacks. This trend poses a heightened risk to the ecommerce sector, where cyber criminals exploit API connections and third-party dependencies.

Furthermore, the surge in cryptojacking, marked by a 399% increase, reveals a diversifying strategy among cyber criminals, targeting critical infrastructure with sophisticated methods. These developments serve as a crucial reminder for organisations to bolster their cyber defences and adopt a proactive stance against these emerging and increasingly automated threats.

Source: [Help Net Security]

Putin has Declared a Cyber War on Britain

This year over 2 billion people will vote for new governments across the world, and it is crucial to be aware of upcoming threats to these elections from foreign powers. In particular, Russia is notorious for deploying bots, trolls, and deepfakes, which are techniques used to manipulate information and influence public opinion. These malicious actors are adept at spreading misinformation and disinformation, often with the goal of interfering in elections. With the upcoming UK General Election in 2024 and the US Presidential Election also falling this year, it is imperative to exercise caution and discernment when consuming online content. Not everything we see can be taken at face value.

Source: [Telegraph]

Governance, Risk and Compliance

• Thoughts for Boards: Key Issues in Corporate Governance for 2024 (harvard.edu)

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

• Facts and misconceptions about cyber security budgets - Help Net Security

• Budget cuts take a toll on IT decision makers' mental health - Help Net Security

• Consumers prepared to ditch brands after cyber security issues - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Firms urged to stop ransomware payments as attacks become “astronomical” (emergingrisks.co.uk)

• How ransomware could cripple countries, not just companies (economist.com)

• New Black Basta decryptor exploits ransomware flaw to recover files (bleepingcomputer.com)

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Sophos reports spike in ransomware groups using remote encryption (securitybrief.co.nz)

• Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop (securityaffairs.com)

• Police locate missing Chinese student who was victim of ‘cyber kidnapping’ (msn.com)

• Kai Zhuang: Cyber kidnapping in US illustrates growing crime trend - BBC News

• Ban on ransomware payments? The alternative isn't working • The Register

• December ransomware attacks disrupt healthcare organisations | TechTarget

• Ransomware's deadly toll: Hacking is killing patient as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Study: Ransomware Is Actually Killing One American Per Month (tech.co)

• Zeppelin ransomware source code sold for $500 on hacking forum (bleepingcomputer.com)

Ransomware Victims

• Cyber attack on Massachusetts hospital disrupted records system, emergency services (therecord.media)

• Hospitals ask courts to force cloud storage firm to return stolen data (bleepingcomputer.com)

• Ransomware's deadly toll: Hacking is killing patients as errors and delays plague healthcare systems, as 2,200 hospitals, schools and government entities were hit in 2023 | Daily Mail Online

• Software Used by Hundreds of Museums Taken Down by Ransomware Attack (pcmag.com)

• CTS cyber attack: Disruption to home sales now over - BBC News

• Xerox says subsidiary XBS US breached after ransomware gang leaks data (bleepingcomputer.com)

• Cyber attackers breach trove of Victoria court recordings • The Register

• Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyber Attack (huntress.com)

• Estes refuses to pay off ransomware crew, says data stolen • The Register

Phishing & Email Based Attacks

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails (thehackernews.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

Artificial Intelligence

• Cyber Criminals Implemented Artificial Intelligence (AI) for Invoice Fraud (securityaffairs.com)

• The Imperative of Cyber Security in the Era of AI (thefastmode.com)

• Finance orgs to face increasingly prevalent AI cyber attacks | SC Media (scmagazine.com)

• Enterprise cyber security in 2024: The AI play comes to the fore - Verdict

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

• NIST Identifies Types of Cyber Attacks That Manipulate Behaviour of AI Systems | NIST

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

• Use of generative AI in the legal profession accelerating despite accuracy concerns | ITPro

• A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless. - POLITICO

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• CISO Planning for 2024 May Struggle When It Comes to AI (darkreading.com)

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

• Cyber resilience in the age of AI | TechRadar

• Legal, compliance and privacy leaders anxious about rapid GenAI adoption - Help Net Security

• AI Is Driving a Silent Cyber Security Arms Race (govtech.com)

Malware

• Google accounts may be vulnerable to new hack, changing password won’t help | Cybernews

• Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts (bleepingcomputer.com)

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• Microsoft disables Windows app installation, again • The Register

• CISA warns of a nasty flaw abusing Excel | TechRadar

• New Version of Meduza Stealer Released in Dark Web (securityaffairs.com)

• Weak password and infostealer blamed for Orange Spain outage • The Register

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Activity of Rugmi malware loader spikes | SC Media (scmagazine.com)

• Kronos Malware Reemerges with Increased Functionality (securityintelligence.com)

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections (thehackernews.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

• Google password resets not enough to stop this malware • The Register

• 21 New Mac Malware Families Emerged in 2023 - Security Week

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

• New Bandook RAT Variant Resurfaces, Targeting Windows Machines (thehackernews.com)

Mobile

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• How to prevent hackers from breaking into your Android, stealing bank info (nypost.com)

• QR code hacking: How to protect yourself from rogue QR codes (androidpolice.com)

• 29 malware families target 1,800 banking apps worldwide - Help Net Security

Denial of Service/DoS/DDOS

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Busting three common DDoS myths (betanews.com)

Internet of Things – IoT

• Study Finds IoT Cyber Security Risk Increased 400 Percent Last Year - RFID JOURNAL

• 4 essential smart home cameras tips to protect your sensitive data

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

Data Breaches/Leaks

• Cyber Criminals launched 'Leaksmas' event in the Dark Web exposing massive volumes of leaked PII and compromised data (securityaffairs.com)

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• Law firm that handles data breaches was hit by data breach | TechCrunch

• Europe's Largest Parking App Provider Informs Customers of Data Breach - Security Week

• Here we go again: 2023’s badly handled data breaches | TechCrunch

• Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service - Security Week

• Data breach at healthcare tech firm impacts 4.5 million patients (bleepingcomputer.com)

• Highlands Oncology Group Notifies Patients of September 2023 Data Breach | Console and Associates, P.C. - JDSupra

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Accounting Firm Battling Cyber Security Lawsuit Seeks Dismissal (bloomberglaw.com)

Organised Crime & Criminal Actors

• Nigerian hacker arrested for stealing $7.5M from charities (bleepingcomputer.com)

• Hackers employ nuanced tactics to evade detection - Help Net Security

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• What’s It Like to Be the Victim of Cyber Crimes? (govtech.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention - Help Net Security

• Beware: Scam-as-a-Service Aiding Cyber Criminals in Crypto Wallet-Draining Attacks (thehackernews.com)

• Crypto phishing scams took almost $300M from 324K victims in 2023: Report (cointelegraph.com)

• Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam | Tripwire

• Cyber criminals set their sights on crypto markets - Help Net Security

• Orbit Chain loses $86 million in the last fintech hack of 2023 (bleepingcomputer.com)

• Crypto-crook Sam Bankman-Fried spared a second trial • The Register

• Bitconned review — Netflix documentary about a fortune built on brazen lies

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

Insurance

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Cyber insurance should go hand in hand with cyber resilience | Insurance Business America (insurancebusinessmag.com)

• Law Firms Taken Aback By The Impact Of AI And The Rise Of Exclusions On Their Cyber Insurance Policies - Above the Law

Supply Chain and Third Parties

• Online museum collections down after cyber attack on service provider (bleepingcomputer.com)

• A new framework for third-party risk in the European Union | ITPro

Cloud/SaaS

• This company made a significant Google Drive security error that could put a million users at risk | TechRadar

• 5 Ways to Reduce SaaS Security Risks (thehackernews.com)

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

Identity and Access Management

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Encryption

• Quantum Risks and Rewards: Forward-Defending Cyber Security (govinfosecurity.com)

• Saving Schrödinger’s Cat: Getting serious about post-quantum encryption in 2024 - Breaking Defence

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

Linux and Open Source

• 2023: The Year Open Source Security Supply Chain Grew Up - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• A “ridiculously weak“ password causes disaster for Spain’s No. 2 mobile carrier | Ars Technica

• 23andMe tells victims it’s their fault that their data was breached | TechCrunch

• The password identity crisis: Evolving authentication methods in 2024 and beyond | VentureBeat

• Using Stronger Passwords Among Top 2024 Digital Resolutions - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Instagram Trend Could Be a Gift to Hackers (businessinsider.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

• Cyber Attackers Target Nuclear Waste Company via LinkedIn (darkreading.com)

• Cyber Criminals Flood Dark Web with X (Twitter) Gold Accounts (darkreading.com)

• Hackers hijack govt and business accounts on X for crypto scams (bleepingcomputer.com)

• Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com)

Malvertising

• Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ - Security Week

• Google Just Disabled Cookies for 30 Million Chrome Users. Here’s How to Tell If You’re One of Them. (gizmodo.com)

• Social media made $11 billion in US ad sales from minors and therefore has 'overwhelming financial incentives' to avoid protecting children, study finds | Fortune

Regulations, Fines and Legislation

• New risk management framework helps with SEC mandate compliance | CSO Online

• A new framework for third-party risk in the European Union | ITPro

• Finding The Silver Lining In Cyber Regulations (forbes.com)

• Navigating the New Age of Cyber Security Enforcement (darkreading.com)

Models, Frameworks and Standards

• An Overview Of The Defence Department’s Long-awaited Proposed Regulations For Its Cyber Security Maturity Model Certification Program | Morrison & Foerster LLP - Government Contracts Insights - JDSupra

Careers, Working in Cyber and Information Security

• Cyber security skills gap poses threat to business protection measures (securitybrief.co.nz)

• Many cyber security workers feel burnt out and worry about understaffing | TechRadar

Law Enforcement Action and Take Downs

• Police investigate virtual sex assault on girl's avatar - BBC News

• The law enforcement operations targeting cyber crime in 2023 (bleepingcomputer.com)

• Additional cyber agents to be deployed by FBI | SC Media (scmagazine.com)

Misinformation, Disinformation and Propaganda

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• AI watermarking could be exploited by bad actors to spread misinformation. But experts say the tech still must be adopted quickly | FedScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

Nation State Actors

China

• CISA warns of a nasty flaw abusing Excel | TechRadar

• BT Miss Deadline to Remove All Huawei Kit from UK Core Network UPDATE - ISPreview UK

• ChatGPT-aided ransomware in China results in four arrests as AI raises cyber security concerns | South China Morning Post (scmp.com)

• Three Chinese balloons float near Taiwanese airbase • The Register

Russia

• Russia Kyivstar Hack Should Alarm West, Ukraine Security Chief Warns (darkreading.com)

• Russian hackers were inside Ukraine telecoms giant for months – cyber spy chief – Euractiv

• Ukraine says Russia hacked web cameras to spy on targets in Kyiv (therecord.media)

• UK exposes Russia for attempted political interference (ukdefencejournal.org.uk)

• Vladimir Putin has declared a cyber war on Britain (telegraph.co.uk)

• Russia's APT28 used new malware in a recent phishing campaign (securityaffairs.com)

• Russian Military Intelligence Blamed for Blitzkrieg Hacks (inforisktoday.com)

• CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK (thehackernews.com)

• Massive missile strike disrupts Kyiv's internet and power supply (therecord.media)

• The "Tallinn Mechanism" is Designed to Enhance Civilian Cyber Assistance to Ukraine

• UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (thehackernews.com)

Iran

• Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania (securityaffairs.com)

• Multiple organisations in Iran breached by a mysterious hacker (securityaffairs.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online (darkreading.com)

North Korea

• Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks (thehackernews.com)

• Numerous backdoors deployed in new Kimsuky spear-phishing attacks | SC Media (scmagazine.com)

• Analysing DPRK's SpectralBlur

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• 'Everything on the internet is monitored': Israel's cyber security head - The Week

• 'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month (darkreading.com)

• Israel Battles Spike in Wartime Hacktivist, OT Cyber Attacks (darkreading.com)

• Field spy or electronic espionage: Lebanon’s cyber security challenge against Israeli security breach - Lebanon News (lbcgroup.tv)

Vulnerability Management

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerability management remains a moving target | SC Media (scmagazine.com)

Vulnerabilities

• Microsoft patches critical vulnerability used to install malware on Windows PCs - MSPoweruser

• CISA warns of a nasty flaw abusing Excel | TechRadar

• Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Security Week

• Apache ERP Zero-Day Underscores Dangers of Incomplete Patches (darkreading.com)

• Ivanti warns critical EPM bug lets hackers hijack enrolled devices (bleepingcomputer.com)

• 10 of the biggest zero-day attacks of 2023 | TechTarget

• Vulnerabilities in Google Kubernetes Engine Could Allow Cluster Takeover - Security Week

• Malware attacks exploiting app installation protocol prompt deactivation | SC Media (scmagazine.com)

• Qualcomm chip vulnerability enables remote attack by voice call | SC Media (scmagazine.com)

• Nearly 11 million SSH servers vulnerable to new Terrapin attacks (bleepingcomputer.com)

• WordPress Google Fonts Plugin Vulnerability Affects Up To +300,000 Sites (searchenginejournal.com)

• January Android Security Bulletin Arrives, So Does Pixel Update (droid-life.com)

Tools and Controls

• Why training LLMs with endpoint data will strengthen cyber security | VentureBeat

• Cyber security challenges emerge in the wake of API expansion - Help Net Security

• 6 Cyber Security Insurance Requirements | Proofpoint US

• Are Security Appliances fit for Purpose in a Decentralized Workplace? - Security Week

• Guarding against DDoS attacks during high-traffic periods | CSO Online

• Cyber resilience in the age of AI | TechRadar

• 8 Hybrid Cloud Security Challenges and How to Manage Them (techtarget.com)

• Active Directory Infiltration Methods Employed by Cyber Criminals (gbhackers.com)

Other News

• Over 100 European Banks Face Cyber Resilience Test - Infosecurity Magazine (infosecurity-magazine.com)

• Can We Protect the Ballot Box? Global Guide to Election Cyber Threats - Infosecurity Magazine (infosecurity-magazine.com)

• ‘Lazy’ broadband engineers blamed for exposing hospitals and banks to cyber attacks (telegraph.co.uk)

• IT and OT cyber security: A holistic approach (securityintelligence.com)

• The FBI is adding more cyber focused agents to US embassies | CyberScoop

• Hackers hit Australian state's court recording database | Reuters

• Cyber Attacks Are Back in Hollywood. Did Sony Hack Teach Us Nothing? (variety.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Firm responsible for burying the UK’s nuclear waste faces repeated cyber attacks | Engineering and Technology Magazine (theiet.org)

• Securing the Defence Industrial Base | AFCEA International

• Reflecting on Defence and Security Strategies in the AI Era: A New Perspective for Modern Nations - Modern Diplomacy

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Attacks More Likely Than Fire or Theft, as Fifth of UK Businesses Fallen Victim To Cyber Attack in Past Year

A survey of more than 1,200 UK businesses of all sizes across multiple industries conducted by Aviva found that a fifth of UK businesses were victims to cyber attacks in the past year. The report found that businesses were 67% more likely to have experienced a cyber incident than a physical theft and five times more likely to have experienced a cyber attack than a fire.

When it came to the fallout from a cyber attack, 31% of businesses experienced operational disruption and 20% admit to not being confident in knowing what to do should this happen. This lack of confidence rises to more than a quarter (27%) for small businesses, who appear to be the most vulnerable to such a risk. Financially, the average incident was found to cost £21,000, however this figure is likely to be more given the further implications that result from a cyber attack.

Sources: [Insurance Age] [theHRD] [Infosecurity Magazine]

Russia Hacking: 'FSB in Years-Long Cyber Attacks on UK', Says UK Government

The UK government has accused Russia's Federal Security Service (FSB), successor to the KGB, of conducting a prolonged cyber hacking campaign since at least 2015, targeting politicians, journalists, academics, and others through sophisticated attacks that included the creation of false accounts. This accusation, part of a coordinated effort with the US, aims to disrupt FSB operations and raise awareness ahead of major elections. This comes as a recent report by Palo Alto Networks' Unit 42 found that the Russia-linked APT28 group, also known as “Forest Blizzard” or “Fancybear,” has exploited a Microsoft Outlook vulnerability to target European NATO members. Active since 2007 and linked to the Russian military, APT28's recent campaigns have focused on government, energy, transportation, and NGOs in the US, Europe, and the Middle East. These incidents highlight the critical need for enhanced cyber security measures and international cooperation to counter sophisticated and evolving cyber threats, ensuring the security of sensitive sectors and the integrity of global democratic processes.

Sources: [BBC News] [ Security Affairs]

NCSC CTO: Cyber Security is Essential, Not Optional

Ollie Whitehouse, Chief Technology Officer (CTO) of the UK’s NCSC has argued in a recent keynote that extra security features should not be a premium feature, highlighting the importance of vendors adopting a secure-by-design method, rather than implementing security upcharges where vendors charge extra for users to secure their product.

The speech also noted that organisations should utilise the tools that are already available to them, on top of maintaining a focus on user awareness.

Sources:  [Infosecurity Magazine] [Dark Reading]

69% of Organisations Paid Ransoms, contributing to Inflation as Firms Increase Costs

According to a survey, 75% of respondents reported being targeted by ransomware in the past year, and of those, 69% paid the ransom. 54% of those who paid the ransom, suffered financial ramifications of $100,000 or more. It is unclear whether the research includes further implications such as regulatory fines, loss of work, reputational damage, and cost of down-time.

A separate study found that ransomware attacks costs are directly contributing to rising inflation in the UK, as businesses face an average increase of 17% to their costs following an attack. Cumulatively, 68% of the companies represented in the survey reported they had increased prices by at least 11% as a direct result of suffering an attack. In addition, of those falling victim to ransomware, 70% believed their business would have to close if they suffered another attack. When it came to the time lost to dealing with ransomware, companies took an average of two months to recover from an attack and 16% took between three and six months.

Sources: [ITPro] [Beta News] [Security Magazine]

75% of Sports Related Passwords are Reused Across Accounts

According to a recent Bitwarden report, 33% of Americans have used a sports-themed password. This figure rose to 49% for those ages 18-34. Of those, 75% admitted to using it across multiple accounts. Password re-use a common issue globally: by re-using passwords, users are multiplying the likelihood of being breached by an attacker. Additionally, this can crossover to the corporate environment, where users’ personal breached credentials can be utilised to get into their corporate account.

Sources:  [Security Magazine] [Help Net Security]

Ransomware in 2024: Anticipated Impact, Targets, and Landscape Shift

As ransomware continues to rise, we can expect groups to evolve their attacks, operating on a larger scale for bigger profits, especially following large-scale supply chain attacks in the past 12 months. Ransomware has solidified its position as the predominant security threat in 2023, with a record number of victims. A recent report highlighted a 46% increase in cyber extortion and ransomware attacks compared to previous years. This trend shows ransomware evolving into a profitable microcosm, akin to a startup ecosystem, with more groups emerging as disruptors and newcomers. In response, organisations are increasingly turning to services that lend-out cryptocurrency, a frequent ransomware payment method. With changing tactics and the formation of new groups, it's crucial for leaders to prepare their 2024 security strategies now, ensuring they have a robust plan in place to counter ransomware threats to their organisations.

Sources: [Barrons] [Help Net Security] [Computer Weekly]

Ransomware, Vendor Hacks Push Breach Number to Record High

The world is experiencing a significant rise in data breaches, reaching a record high with more than 360 million individuals affected in the first eight months of 2023 in the US alone, according to a joint report from Apple and an MIT researcher. This alarming increase includes a notable surge in ransomware attacks, which have escalated by nearly 70% compared to 2022. The healthcare sector is particularly vulnerable, with 60% of organisations reporting ransomware attacks in 2023, an increase from 34% in 2021. The largest health data breach this year impacted 11 million people at HCA Healthcare. A critical factor in these breaches is the exploitation of third-party vendors, as seen in attacks on Progress Software's MOVEit and Fortra's GoAnywhere applications. These incidents highlight the urgent need for organisations to prioritise data security, especially in managing relationships with vendors, to protect sensitive information and mitigate the growing threat of cyber attacks.

Source: [Info Risk Today]

Nuclear Hack Creates Rising Fears of Cyber Vulnerability in Critical Infrastructure

News of one of the UK’s most high profile nuclear power stations, Sellafield, being hacked, with fears that highly sensitive information has been accessible for years, has led to new calls for the UK to tighten up security of its vital infrastructure. Rather worryingly, The Guardian have added that it discovered that authorities were unaware of its first compromise, but it has been detected as far back as 2015.

Sources: [Emerging Risks]

Thousands of House Purchases Frozen by Cyber Attack; Will They Complete Before Christmas?

Conveyancing firms across the UK faced significant disruption when they discovered blank screens on their computers due to a problem originating from CTS, a cloud hosting provider widely used for legal applications. This unexpected issue led many within these affected firms to hastily purchase new laptops to regain partial access to emails and documents, but their case management systems remained largely inaccessible. Firms had to devise manual workarounds to keep transactions moving, amidst concerns about the safety of client data and funds. While most firms have found ways to progress with exchanges and completions, the reliance on cumbersome manual processes and limited access to client data and financial systems has more than doubled the workload. This situation raises several questions about the preparedness and resilience of paperless (or paper-light) office environments, the adequacy of backup systems, and potential compensation for those inconvenienced. The immediate focus, however, is on collaborative efforts to ensure as many clients as possible can move into their new homes before Christmas.

Source: [Property Industry Eye]

US Government Agency Was Hacked Thanks to 'End of Life' Software

The US Cyber security and Infrastructure Security Agency (CISA) recently issued a warning about two cyber attacks on an undisclosed federal agency, exploiting a vulnerability in outdated Adobe ColdFusion software. This software, now end-of-life, no longer receives updates, leaving the agency vulnerable and unable to apply security patches. The attacks, which occurred in June and July, appeared to be reconnaissance efforts to map the agency's network, with no evidence of malware installation or data exfiltration. However, it's unclear if the same hackers were behind both incidents. Microsoft Defender for Endpoint detected and limited the hackers' activities. This situation underscores the significant risks associated with running end-of-life software, highlighting the need for organisations to update or replace such software to protect against potential cyber threats.

Source:[ TechCrunch]

Digital Transformation, Security Implications, and their Effects on The Modern Workplace

The vast majority of digital transformation projects will have implications for your cyber security, yet too often this is overlooked with the focus on delivery of the project or the functionality it will bring. Thinking about security after the fact is not only more expensive and less efficient, but can also mean dangerous gaps remaining open in the meantime. In this era, where remote work and public network access are prevalent, the lack of a robust cyber security framework significantly undermines the digital transformation process. Continuous employee education on digital threats and proactive cyber security measures are not just add-ons but essential components of a successful digital transformation. As businesses move towards 2024, integrating advanced cyber security practices is as crucial as adopting new technologies for a truly effective and secure digital transformation.

Source:[ Forbes]

Third Party Breaches Shake up Energy Sector, with 90% Suffering from Third-Party Breach

With 90% of the largest energy companies globally experiencing a third-party breach in the past 12 months, it is no wonder the sector is shaken. In the US, 100% of the top 10 US energy providers suffered a breach and in total, 98% of the organisations in the research used at least one third party vendor that had experienced a breach in the last two years.

Third-party breaches are a concern for any organisation. It is important to know who has access to your organisation’s data, and what security controls they have in place to protect it. Organisations can benefit from firstly identifying who has their information and then conducting supply chain risk assessments to understand what information is held and how it is protected.

Sources: [Help Net Security]

Report Reveals Sorry State of Cyber Security at UK Football Clubs

A new report reveals a concerning lack of cyber resilience within UK football clubs, extending from the Premier League downwards. The industry, increasingly targeted by cyber attacks, suffers from a disconnect between the perceived and actual risk levels. Key findings include a general lack of cyber maturity, outdated approaches to cyber security, and a scarcity of dedicated IT and cyber security roles, including Chief Information Security Officers (CISOs). Despite significant financial investments in players, there's reluctance from club boards to allocate sufficient resources for cyber security. The report underscores the need for comprehensive training, increased awareness of security risks across all levels of club operations, and the hiring of dedicated cyber security professionals. This situation calls for an industry-wide standard for cyber security budgets, scaled according to the club's size and turnover, to adequately address these emerging digital threats.

Source: [Computer Weekly]

Governance, Risk and Compliance

• A fifth of UK businesses victims of cyber attacks in past year - Insurance Age

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• NCSC's Ollie Whitehouse on Why Cyber Security is Essential, Not Optional - Infosecurity Magazine (infosecurity-magazine.com)

• Digital Transformation And Its Effects On The Modern Workplace (forbes.com)

• UK Cyber CTO: Vendors' Security Failings Are Rampant (darkreading.com)

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Cyber security is a Team Sport (darkreading.com)

• 2024 will see wave after wave of cyber attacks | theHRD (thehrdirector.com)

• Doing More With Less: Cyber Security Tools And Budget Efficiency (forbes.com)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

• CISOs are getting more help after cyber attacks, but often it isn't helping | TechRadar

• Maximizing cyber security on a budget - Help Net Security

• Cyber and remote working: How Covid moved the cursor | Computer Weekly

• Why effective cyber security is more important than ever for European family offices | Campden FB

• Liability Fears Damaging CISO Role, Says Former Uber CISO - Infosecurity Magazine (infosecurity-magazine.com)

• Building cyber-resilience: Security, compliance, governance, and privacy - Digital Journal

• Massive Consolidated Lawsuit Blazes Trail for Hacking Litigation (bloomberglaw.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 69% of organisations facing ransomware attacks paid the ransom | Security Magazine

• 2023 may have seen highest ransomware ‘body count’ yet | Computer Weekly

• Cyber attacks surge in 2023, as millions fall victim to ransomware: Report (yahoo.com)

• Ransomware attack costs are driving up inflation in the UK | ITPro

• Ransomware ramped up against private sector in November | TechTarget

• BlackCat threatens to directly extort vendor's customers • The Register

• New wave of ransomware attacks plague US critical infrastructure post-Thanksgiving (axios.com)

• How Ransomware Gangs Are Fueling a New Cyber Security Arms Race - Barron's (barrons.com)

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• Expert warns of Turtle macOS ransomware (securityaffairs.com)

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

• Linux version of Qilin ransomware focuses on VMware ESXi (bleepingcomputer.com)

• 75% of the Industrial Sector Experienced a Ransomware Attack in the Past Year, Claroty Study Finds (prnewswire.com)

• LockBit Remains Top Global Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Wanted: top three most prolific ransomware gangs revealed! (techinformed.com)

• BlackSuit ransomware - what you need to know | Tripwire

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

Ransomware Victims

• Staples Confirms System Outage Was Due to Cyber Attack, Raising the Possibility of a Data Breach | Console and Associates, P.C. - JDSupra

• 60 US credit unions offline after cloud ransomware infection • The Register

• 'Thousands' affected by cyber attack on conveyancing platform (thenegotiator.co.uk)

• News focus: Cyber-attack on law firm IT provider CTS hits conveyancing firms – what lessons need to be learned? | Law Gazette

• Hackers extorting fintech unicorn Tipalti, threaten to leak data of clients Roblox an | Ctech (calcalistech.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Western Isles Council 'counting cost' of November's cyber attack - BBC News

• Austal USA Investigates Cyber Attack Claimed by Ransomware Group (darkreading.com)

• Nissan Restoring Systems After Cyber Attack - SecurityWeek

• Almost 440K individuals affected by cyber attack on Proliance Surgeons (WA) | HealthLeaders Media

• Phishing & Email Based Attacks

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• Black Friday phishing attacks, and other cyber security news | World Economic Forum (weforum.org)

• Cyber Criminals Escalate Microsoft Office Attacks By 53% in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• US aerospace firm downed by spearphishing attack | SC Media (scmagazine.com)

• Booking.com users angry at firm's response to hacks - BBC News

• Hershey warns of data breach following phishing attack (therecord.media)

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Disney+ Cyber Scheme Exposes New Impersonation Attack Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• ChatGPT builder helps create scam and hack campaigns - BBC News

Artificial Intelligence

• Cyber criminals are exploiting AI tools like ChatGPT to craft more convincing phishing attacks, alarming cyber security experts | TechRadar

• ChatGPT builder helps create scam and hack campaigns - BBC News

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Put guardrails around AI use to protect your org, but be open to changes - Help Net Security

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• 2024 cyber security outlook: The rise of AI voice chatbots and prompt engineering innovations - Help Net Security

• Proliferation of AI-driven Attacks Anticipated in 2024 (itsecuritywire.com)

• Artificial Intelligence: How It Can Target Your Firm’s Cyber Security Defences - Above the Law

• Researchers automated jailbreaking of LLMs with other LLMs - Help Net Security

Malware

• Fake WordPress security advisory pushes backdoor plugin (bleepingcomputer.com)

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Kaspersky malware report for Q3 2023 | Securelist

• PC malware statistics, Q3 2023 | Securelist

• Agent Racoon Backdoor Targets Organisations in Middle East, Africa, and US (thehackernews.com)

• Mac users are being targeted again with dangerous malware - here's what to know | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• New Stealthy 'Krasue' Linux Trojan Targeting Telecom Firms in Thailand (thehackernews.com)

• Hackers switch from email attacks to downloads (therecord.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

Mobile

• Android users warned about new threat after one victim loses $280K - PhoneArena

• Mobile malware statistics, Q3 2023 | Securelist

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android with December 2023 Security Updates - SecurityWeek

• Top mobile password managers could be exposing user details | TechRadar

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Hackers have found a sneaky new way to spy on iPhone users — here’s how | Tom's Guide (tomsguide.com)

• SpyLoan Android malware on Google Play downloaded 12 million times (bleepingcomputer.com)

• Trojan-Proxy Threat Expands Across macOS, Android and Windows - Infosecurity Magazine (infosecurity-magazine.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Denial of Service/DoS/DDOS

• ENISA published ENISA Threat Landscape for DoS Attacks (securityaffairs.com)

Internet of Things – IoT

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• Customizing Cyber Security For Critical Infrastructure In Smart Cities (forbes.com)

• The importance of Cyber Secure EV Charging stations – making the connection more secure (csl-group.com)

Data Breaches/Leaks

• 23andMe to Book Up to $2M in Cyber Security Breach Expenses - MarketWatch

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe updates user agreement to prevent data breach lawsuits (bleepingcomputer.com)

• 23andMe confirms hackers stole ancestry data on 6.9 million users | TechCrunch

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Data breach debacle hits yet another UK public sector org • The Register

• Fortune-telling website WeMystic exposes 13M+ user records (securityaffairs.com)

• Ninety Percent of Energy Companies Suffer Supplier Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Blue Shield of California customer data stolen in cyber attack | Tacoma News Tribune (thenewstribune.com)

• Hackers Claim to Have Stolen Data From Naval Shipyard Austal USA (maritime-executive.com)

• Hershey warns of data breach following phishing attack (therecord.media)

• Nissan is investigating cyber attack and potential data breach (bleepingcomputer.com)

• GST Invoice Billing Inventory exposes sensitive data to threat actors (securityaffairs.com)

• Ransomware, Data Breaches Inundate OT & Industrial Sector (darkreading.com)

• Millions of patient scans and health records spilling online thanks to decades-old protocol bug | TechCrunch

Organised Crime & Criminal Actors

• Record-breaking 2023 highlights constant cyber threat (emergingrisks.co.uk)

• Police Arrests 1000 Suspected Money Mules - Infosecurity Magazine (infosecurity-magazine.com)

• Online crime risks are doubling: Are cyber criminal groups starting to merge? - Digital Journal

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• Platypus exploiters walk free after claiming to be ‘ethical hackers’ (cointelegraph.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Insider Risk and Insider Threats

• Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defence' (thehackernews.com)

Insurance

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How do security leaders view AI and cyber risk insurance? • Foundry (foundryco.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Hot Topics to Consider for 2024 D&O Questionnaires | Bryan Cave Leighton Paisner - JDSupra

Supply Chain and Third Parties

• Third-party breaches shake the foundations of the energy sector - Help Net Security

• Thousands of house purchases frozen by cyber attack and so will they complete before Christmas? - Property Industry Eye

• Ransomware, Vendor Hacks Push Breach Number to Record High (inforisktoday.com)

• 60 US credit unions offline after cloud ransomware infection • The Register

• How TUI Group Strengthened its Third-Party Risk Management - Infosecurity Magazine (infosecurity-magazine.com)

• Tipalti investigates claims of data stolen in ransomware attack (bleepingcomputer.com)

• What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. | by Kevin Beaumont | Dec, 2023 | DoublePulsar

• Major Organisations Using 'Hugging Face' AI Tools Put at Risk by Leaked API Tokens - SecurityWeek

• BlackCat threatens to directly extort vendor's customers • The Register

Cloud/SaaS

• 60 US credit unions offline after cloud ransomware infection • The Register

• Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk (thehackernews.com)

• Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts (thehackernews.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• How can SMBs protect against fraud in the cloud? | ITPro

Encryption

• Cracking Weak Cryptography Before Quantum Computing Does (darkreading.com)

• HSBC tests protecting FX trading from quantum computer attacks (yahoo.com)

• Apple Commissions Data Breach Study to Highlight Need for End-to-End Encryption - SecurityWeek

Linux and Open Source

• New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices (thehackernews.com)

• Apple and some Linux distros are open to Bluetooth attack • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 75% of sports-related passwords are reused across accounts | Security Magazine

• New Relic admits attack on staging systems, user accounts • The Register

• After hack, 23andMe gives users 30 days to opt out of class-action waiver | Ars Technica

• 23andMe: Data Breach Was a Credential-Stuffing Attack (darkreading.com)

• Vulns in Android WebView, Password Managers Can Leak User Credentials (darkreading.com)

• Top mobile password managers could be exposing user details | TechRadar

Malvertising

• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (thehackernews.com)

Training, Education and Awareness

• Are companies falling behind on cyber security awareness training? | CTV News

Regulations, Fines and Legislation

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

• EU gets tough on cyber threat with sweeping security agreement (emergingrisks.co.uk)

• SEC Cyber Security Rules Go Live in Days. Companies Still Aren't Sure What to Expect | Corporate Counsel (law.com)

• More oversight needed for cloud in banking, say regulators - Tech Monitor

• Bank of England Will Review the Risks That AI Poses to UK Financial Stability - SecurityWeek

• SolarWinds lawsuit by SEC puts CISOs in the hot seat | SC Media (scmagazine.com)

Models, Frameworks and Standards

• NIST Cyber Security Framework Update – Adding the Sixth Pillar - ClearanceJobs

Data Protection

• Deutsche Wohnen Ruling Set to Drive Up GDPR Fines - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Alert fatigue puts pressure on security and development teams - Help Net Security

Law Enforcement Action and Take Downs

• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (thehackernews.com)

• Interpol Arrests Smuggler With New Biometric Screening Database (darkreading.com)

• Russian pleads guilty to running crypto-exchange used by ransomware gangs (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Exploring the impact of generative AI in the 2024 presidential election - Help Net Security

• Russian AI-generated propaganda struggles to find an audience  | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Deputy Prime Minister speech on cyber operations - GOV.UK (www.gov.uk)

• Establishing New Rules for Cyber Warfare (darkreading.com)

• Cyber Security: The Fifth Battlefield (forbes.com)

• 10 Of The Most Advanced Cyber Warfare Tools (slashgear.com)

Nation State Actors

China

• Sellafield nuclear site 'hit by cyber attacks from Russian and Chinese hackers' - Tech Monitor

• Sellafield nuclear site under ‘robust scrutiny’ over cyber security fears (telegraph.co.uk)

• UK government denies China/Russia nuke plant hack claim • The Register

Russia

• Russia hacking: 'FSB in years-long cyber attacks on UK', says government - BBC News

• NCSC exposes Russian cyber attacks on UK political processes | Computer Weekly

• UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador (therecord.media)

• 2 Russian intel officers charged with hacking into US and British government agencies (nbcnews.com)

• Russian hackers have plenty of data left to leak - and the timing could be a serious problem | Science & Tech News | Sky News

• Russia's APT8 exploited Outlook 0day to target EU NATO members (securityaffairs.com)

• Fancy Bear goes phishing in US, European high-value networks • The Register

• This huge Russian phishing campaign is hitting targets across the world | TechRadar

• Russian hacker pleads guilty to Trickbot malware conspiracy (bitdefender.com)

• Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics (thehackernews.com)

• Russian hackers accused of targeting US intelligence community with spear phishing campaign - CBS News

• Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 (forbes.com)

• Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability (thehackernews.com)

Iran

• Breaches by Iran-Affiliated Hackers Spanned Multiple US States, Federal Agencies Say - SecurityWeek

• US, Israel Warn of Iranian-Linked Cyber Attacks on Water Systems - Bloomberg

• Iranian hackers attempt to damage critical infrastructure through Israeli Unitronics | Ctech (calcalistech.com)

North Korea

• North Korea's state hackers stole $3 billion in crypto since 2017 (bleepingcomputer.com)

• S.Korea, US, Japan hold 1st trilateral working-level talks on N.Korea's cyber threats | MorungExpress | morungexpress.com

• North Korean hackers stole anti-aircraft system data from South Korean firm (therecord.media)

• $10 million up for grabs in fight against North Korean hackers (bitdefender.com)

Vulnerability Management

• CISA says US government agency was hacked thanks to ‘end of life’ software | TechCrunch

• CISA's Goldstein wants to ditch 'patch faster, fix faster' model | CyberScoop

• Key drivers of software security for financial services - Help Net Security

• 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities | CSO Online

Vulnerabilities

• 20,000 Microsoft Exchange servers have reached end-of-life and are vulnerable to attack | SC Media (scmagazine.com)

• Sticking With Windows 10 Instead Of Upgrading? Get Ready To Pay For Security Updates (slashgear.com)

• Quick: Update iPhones and Macs – WebKit security hole found • The Register

• VMware Patches Critical Authentication Bypass Bug | Decipher (duo.com)

• Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs (darkreading.com)

• Notepad++ Input Validation Flaw Leads Search Path Vulnerability (cybersecuritynews.com)

• December Android updates fix critical zero-click RCE flaw (bleepingcomputer.com)

• 94 Vulnerabilities Patched in Android With December 2023 Security Updates - SecurityWeek

• Adobe ColdFusion flaw exploited in US government agency attacks (stackdiary.com)

• Chrome 120 launches with security updates, password sharing and automatic Safety Checks - gHacks Tech News

• Atlassian reveals four fresh critical flaws • The Register

• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks (thehackernews.com)

• Dangerous vulnerability in fleet management software seemingly ignored by vendor | CyberScoop

• Future Intel, AMD and Arm CPUs Vulnerable to New 'SLAM' Attack: Researchers - SecurityWeek

Tools and Controls

• Cyber Attacks More Likely Than Fire or Theft - Infosecurity Magazine (infosecurity-magazine.com)

• How to recover systems in the event of a cyber attack | Computer Weekly

• Five tips for recovering | Professional Security

• How Financial Institutions Can Navigate the ‘Operational Resilience' imperative (finextra.com)

• 78% of CISOs Concerned About AppSec Manageability - Infosecurity Magazine (infosecurity-magazine.com)

• How to solve 2 MFA challenges: SIM swapping and MFA fatigue | TechTarget

• Why you should create a physical security standard for your company (securitybrief.co.nz)

• Why Invest? Building a Case for Increasing Cyber Security Budgets | UpGuard

• Comparing SOAR and XDR for MSSPs | MSSP Alert

• The reality behind bypassing EDR attempts | TechTarget

• New 'Pool Party' Process Injection Techniques Undetected by EDR Solutions - SecurityWeek

• Best 10 Best Cyber Attack Maps - 2024 (cybersecuritynews.com)

• Maximizing cyber security on a budget - Help Net Security

• Modern Attack Surface Management for CISOs (trendmicro.com)

• Brokers urged to deliver cyber threat message (emergingrisks.co.uk)

• Proactive, not reactive: the path to ensuring operational resilience in cyber security | CSO Online

• Cyber Security: How to Demonstrate Resilience and Hygiene - Techopedia

• Cyber Security Insurance: Once Optional, Now Essential (informationweek.com)

• When Should You Replace A Cyber Security Vendor? (forbes.com)

• Are companies falling behind on cyber security awareness training? | CTV News

Other News

• NATO’s Flagship Cyber Exercise Concludes In Estonia – Eurasia Review

• Ofcom publishes UK age verification proposals • The Register

• Microsoft Hires New CISO in Major Security Shakeup - SecurityWeek

• US aerospace companies are facing dangerous new cyber attacks | TechRadar

• Cyber security: MEPs back plans to increase cooperation against threats | News | European Parliament (europa.eu)

• Report reveals sorry state of cyber security at UK football clubs | Computer Weekly

• Porn Age Checks Threaten Security and Privacy, Report Warns - Infosecurity Magazine (infosecurity-magazine.com)

• 2023’s Dark Horse Cyber Story: Critical Infrastructure Attacks (govtech.com)

• Nuclear hack creates rising fears of cyber vulnerability in critical services (emergingrisks.co.uk)

• Mayor of London funds cyber crime service | UKAuthority

• The World Depends on 60-Year-Old Code No One Knows Anymore | PCMag

• Public sector has misplaced confidence in cyber security (securitybrief.co.nz)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber threat intelligence experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Strategic Cyber Stories of the Last Week

Law Firms Face Surge in Targeted Attacks as Hundreds Impacted by Single Attack

An estimated 80 to 200 law firms across the UK were impacted by a cyber attack on a third party firm in their supply chain. The attack was on managed service supplier CTS, who provide services to hundreds of law firms across the UK, especially those with conveyancing departments, and many property sales were impacted nationwide as a result of the attack.

This is against a sharp increase in the number of law firms being singled out by cyber threat actors; only recently, magic circle firm Allen & Overy confirmed themselves as a victim of ransomware.

Sources: [SC Media] [Lawyer Monthly] [Scottish Legal News] [Law Gazette] [Dark Reading]

Approach Cyber Security Awareness Training by Engaging People at All Levels

In the cyber security landscape, human-related factors like social engineering, compromised credentials, and errors are the top causes of breaches. Increased investment in threat detection doesn't guarantee foolproof security. Organisations need a proactive strategy focusing on human risks, a security mindset in employees, and a security culture. According to IBM’s latest data security report, high levels of security training can significantly reduce the impact, cost, and frequency of data breaches.

However, most employee training programmes fail due to staff resistance and lack of management support. The key is convincing leadership of its value. To achieve a successful and impactful security awareness programme, it is important that security teams understand their audiences (leaders, managers, and employees), address their requirements, and effectively communicate the benefits of security training.

Source: [CPO Magazine]

Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks

A recent report found that despite 95% of Chief Information Security Officers (CISOs) receiving budgetary and other support from their organisation after a cyber attack, this largely fails to prevent future incidents, with over half admitting they have experienced multiple “major cyber security incidents” in the last five years.

The report revealed that after an attack 46% of CISOs were given a bigger tech budget, 42% revised their security strategy, 41% adopted new frameworks, and 38% created new roles. However, incidents come with hidden consequences such as revenue loss, rising insurance premiums and declining reputation. CISOs need to have support from the board and executives from the start so that investments can be made in the right technology, processes, and tools. In doing so, a culture of security and vigilance can be instilled from the top down to help protect organisations against evolving threats.

Sources: [Business Wire] [Silicon UK]

Ransomware Attacks Surge 81% in October as New Threat Actors Emerge

The NCC Group revealed that ransomware attacks have surged by 81% in October 2023, compared to the same period in the previous year. Ransomware gangs have already victimised over 50% more individuals and enterprises in 2023 than during the entirety of 2022. As artificial intelligence, phishing kits and ransomware-as-a-service has improved, so too has the number of threat actors; those who were previously stunted by their technical know-how are now able to gain access to sophisticated attacks.

Source: [Security Brief]

Hacked Microsoft Word Documents Being Used to Trick Windows Users

Active campaigns carried out by cyber criminals are again using macros within Word documents to deploy malware, in spite of Microsoft’s efforts to stop these types of attacks. Most of the time the actor delivers the Word document via phishing emails, with the aim of convincing the user to click and run the macro. Once run, the malware has then achieved its goal of establishing itself on the victims’ machine and executing its malicious payload.

Source: [TechRadar]

Mitigating Deepfake Threats in The Corporate World

Deepfakes are synthetic media that are created or manipulated with the desired outcome of convincing the recipient of their legitimacy; and it’s entering the corporate world. Deepfake technology has already been used to impersonate Presidents and financial experts, however there has been an uprise in the number of these attacks. This has left the corporate world questioning existing operational procedures such as callbacks and how they will need to adjust to encompass the changing landscape.

Some of the ways a corporation can mitigate this, is to promote awareness within the workplace, adjust operational procedures to reflect the current landscape, and utilise advanced detection tools.

Source: [MSSP Alert]

Black Basta Ransomware Made Over $100 Million From Extortion Alone

The cyber crime operator “Black Basta” has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022. In total, 329 victims worldwide were targeted and research has estimated that at least 35% paid a ransom, with multiple payments over $1 million. Black Basta uses double extortion techniques, where data is both ransomed and exfiltrated. This way, victims are forced to pay to get their data back and not have it published online; the latter itself can lead to regulatory fines.

Source: [Bleeping Computer]

Long Recovery Times After Cyber Attacks Could Annihilate Your Organisation

In the evolving cyber security landscape, organisations are increasingly investing in detection and prevention measures. However, there's a growing trend of neglecting post-attack recovery. While advanced security tools and technologies are crucial, recent ransomware incidents have shown that recovery is equally vital. Organisations have faced substantial downtime and financial losses due to attacks. Cyber resilience, the ability to bounce back quickly after an attack, is crucial, especially with the rise of remote work.

Budgets often prioritise prevention, leaving organisations ill-prepared for recovery. In 2023, a significant number of companies paid ransoms to regain data. To achieve true cyber resilience, a rebalance in approach is essential, focusing on preparation, response, and recovery alongside detection and prevention, ensuring rapid recovery and safeguarding of valuable assets.

Source: [TechRadar]

Booking.com Customers Scammed in Novel Social Engineering Campaign

According to new research by SecureWorks, Booking.com customers are being targeted by a novel social engineering campaign that is “paying serious dividends” for cyber criminals. Researchers believe the campaign has gone on for at least a year and it begins by deploying the Vidar infostealer to gain access partner hotels’ Booking.com credentials. This information is then used to send phishing emails to Booking.com customers and trick them into handing over their payment details, in many cases leading to money being stolen. The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2,000 in two cyber crime forums.

Source: [Infosecurity Magazine]

Stop Panic Buying Your Security Products and Start Prioritising

In the cyber security landscape, impulse buying can lead to costly mistakes. Breaches are now more expensive than ever, underscoring the need to assess cyber security investments. Fear-driven tactics and the quest for a "silver bullet" solution can push organisations, especially smaller ones, into impulsive investments. These decisions may introduce even more risk by failing to integrate with existing systems, or buying systems but failing to configure them properly or utilising them to the fullest extent, leading to a false sense of security. The consequences can be severe, with breaches now costing organisations millions. To navigate this landscape, organisations must assess the real value of cyber security investments. Calculating risk by evaluating likelihood and impact can guide us in making informed decisions. Instead of impulse buying, assign a monetary value to cyber risks for strategic budget decisions in these economic times, ensuring investments align with security and business goals.

Source: [Help Net Security]

A Fifth of UK SMBs Unable to Spot Scams

New data from UK Finance reveals that 17% of UK small and medium-sized businesses (SMBs) struggle to identify online fraud and scam indicators. This is particularly alarming given the rise in authorised push payment (APP) scams in the UK, where fraudsters impersonate trusted entities to deceive victims into transferring money to controlled accounts. In the first half of 2023 alone, criminals stole a reported £42.6 million through such scams, with total losses including consumer impacts reaching £239 million. SMBs are increasingly targeted due to typically fewer anti-fraud and other countermeasures and controls, compared to larger and better protected larger firms. It is important for SMBs to be vigilant and verify payment details directly with suppliers to help avoid these types of scams.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks | Business Wire

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Enterprises prepare for the inevitable cyber attack - Help Net Security

• Board Support Critical For Cyber Security Defence | Silicon UK

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• The Role of the CISO in Digital Transformation (darkreading.com)

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security—Do We See Risks Increasing? | ETF Trends

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• The rise of Ransomware attacks within the Legal Industry (lawyer-monthly.com)

• Ransomware attacks surge 81% in October, new threat actors emerge (securitybrief.co.nz)

• Allianz cyber head warns ransomware is "back with a vengeance" | Insurance Business America (insurancebusinessmag.com)

• Black Basta ransomware made over $100 million from extortion (bleepingcomputer.com)

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• The crazy world of ransomware • Graham Cluley

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (databreaches.net)

• DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software (thehackernews.com)

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• When does it make sense to pay the ransom? | SC Media (scmagazine.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

• Only 4% of UK housing associations feel sector is fully prepared for ransomware attack | Scottish Housing News

• Ransomware Attacks Strike South Africa, Decline in UAE (darkreading.com)

Ransomware Victims

• Law firm A&O silent on whether it paid ransom to cyber criminals | Law Gazette

• Allen & Overy Removed From Ransomware Website With One Day Remaining | Law.com International

• Potentially hundreds of UK law firms affected by cyber attack on IT provider CTS (therecord.media)

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• London & Zurich ransomware attack sparks financial crisis for businesses (computing.co.uk)

• British Library contacts users after Rhysida leaks data • The Register

• Ransomware attacks hit Stanford University and Nassau Bay in Texas - NotebookCheck.net News

• Notorious ransomware gang takes credit for cyber attack on Fidelity National Financial (therecord.media)

• University of Manchester CISO Speaks Out on Summer Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Slovenia's largest power provider HSE hit by ransomware attack (bleepingcomputer.com)

• GCHQ investigates cyber attack on hospital to the royals after data stolen (telegraph.co.uk)

• English council spent £1.1 million recovering from ransomware attack (therecord.media)

• More councils at risk from hackers, warns boss as 'it's a case of when not if' cyber attacks land - Gloucestershire Live

• Healthcare giant Henry Schein hit twice by BlackCat ransomware (bleepingcomputer.com)

• Qilin ransomware claims attack on automotive giant Yanfeng (bleepingcomputer.com)

• New cyber criminal group outed after British Library attack - Emerging Risks Media Ltd

• Cyber attack closes hospital emergency rooms in three US states | US healthcare | The Guardian

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• Two Hackensack Meridian hospital ERs diverting patients after a ransomware attack (msn.com)

• Ardent Health Services Grapples With Ransomware Disruption - Infosecurity Magazine (infosecurity-magazine.com)

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Top instant money provider service hacked, over a million users possibly affected | TechRadar

• Staples confirms cyber attack behind service outages, delivery issues (bleepingcomputer.com)

Phishing & Email Based Attacks

• Black Friday: Phishing Emails Soar 237% - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing makes up 43% of email attacks | Security Magazine

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• Organisations can't ignore the surge in malicious web links - Help Net Security

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Booking.com Customers Scammed in Novel Social Engineering Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Criminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• What custom GPTs mean for the future of phishing - Help Net Security

• A reality check on email security threats in healthcare (securitybrief.co.nz)

Artificial Intelligence

• Released: AI security guidelines backed by 18 countries - Help Net Security

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• CISA and NCSC lead efforts to raise AI security standards • The Register

• Security leaders on high alert as GenAI poses privacy and security risks - Help Net Security

• AI like ChatGPT is creating huge increase in malicious phishing email (cnbc.com)

• A year after ChatGPT’s debut, is GenAI a boon or the bane of the CISO’s existence? | CSO Online

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• 4 key takeaways from new global AI security guidelines | SC Media (scmagazine.com)

• Securing generative AI across the technology stack | TechCrunch

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• What custom GPTs mean for the future of phishing - Help Net Security

• 8 Tips on Leveraging AI Tools Without Compromising Security (darkreading.com)

Malware

• Implications of “malware free” attacks on SMBs (databreaches.net)

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Hacked Microsoft Word documents being used to trick Windows users | TechRadar

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool - Infosecurity Magazine (infosecurity-magazine.com)

• A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets (darkreading.com)

• LogoFAIL bugs in UEFI code allow planting bootkits via images (bleepingcomputer.com)

Mobile

• Busting 6 Myths About Mobile Device Security | MSSP Alert

• Surge in counterfeit app risk as cyber crime exploits rising digital consumption (securitybrief.co.nz)

• NameDrop in iOS 17 is not a privacy nightmare – here’s how to control it (msn.com)

• 200+ Malicious Android Apps Targeting Iranian Banks: Experts Warn (thehackernews.com)

Denial of Service/DoS/DDOS

• Same threat, new stakes: DDoS in an evolving telecoms sector

Internet of Things – IoT

• Cyber pros avoid smart devices: there is a good reason | Cybernews

• Navigating IoT security in a connected world - EDN

• IoT Security Labeling Improving, But More Collaboration Needed - EE Times

Data Breaches/Leaks

• Okta security breach much worse than originally disclosed – all customers' data potentially affected | Mashable

• Nuclear lab faces niche cyber threat (computing.co.uk)

• App used by hundreds of schools leaking children's data (securityaffairs.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Gulf Air exposed to data breach, 'vital operations not affected' | Reuters

• General Electric investigates claims of cyber attack, data theft (bleepingcomputer.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Hackers spent 2+ years looting secrets of chipmaker NXP before being detected | Ars Technica

• Medical test company’s ‘serious and systemic failures’ led to cyber attack, watchdog says | Business | The Guardian

• DP World confirms data stolen in cyber attack, no ransomware used (bleepingcomputer.com)

• Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds (darkreading.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Dollar Tree hit by third-party data breach impacting 2 million people (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Leader of Killnet 'unmasked' by Russian state media • The Register

• A Fifth of UK SMBs Can’t Spot Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

• Security official: Romania is an exporter of cyber security in its part of the word (stiripesurse.ro)

• I'm a hacker who was jailed for a decade for heading up a cyber criminal organisation - I started the group to fight back against bullies but got hooked on the power | Daily Mail Online

• How a Teenage Saudi Hacker Went From Lockpicking to Ransomware (darkreading.com)

• Founder of spyware maker Hacking Team arrested for attempted murder: local media | TechCrunch

• US imprisons Ukrainian SSNDOB administrator for 8 years • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• KyberSwap Says Hackers Stole $55m in Crypto - Infosecurity Magazine (infosecurity-magazine.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Insurance

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

Supply Chain and Third Parties

• Cyber attack on managed service provider potentially affects hundreds of law firms | Scottish Legal News

• Cyber Attack Disrupts UK Property Deals - Infosecurity Magazine (infosecurity-magazine.com)

• Telecom Industry Association Advances Supply Chain Security | MSSP Alert

Cloud/SaaS

• SysJoker Malware Attacking Windows, Linux and Mac Users Abusing OneDrive - Cyber Security News

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories (thehackernews.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• How Hackers Phish for Your Users' Credentials and Sell Them (thehackernews.com)

• Top file-sharing service hit with embarrassing security bug that reveals admin passwords | TechRadar

• Weak & Strong Password Examples: Study Reveals Most Hackable Words (tech.co)

• Despite Hype, the Password-Free Workplace Is Still a Long Way Off (darkreading.com)

• Navigating the Stormy Seas of Cyber security: The Power of High-Entropy Passwords | HackerNoon

• 90+ Key Password Breach Statistics in 2023 (techreport.com)

Social Media

• Google, Meta, allege China cyber attacks • The Register

Training, Education and Awareness

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

Regulations, Fines and Legislation

• European Commission Failing to Tackle Spyware, Lawmakers Say (inforisktoday.com)

• Released: AI security guidelines backed by 18 countries - Help Net Security

• Guidance for Securing AI Issued by NSA, NCSC-UK, CISA, and Partners > National Security Agency/Central Security Service > Press Release View

• EU considers widening scope of cyber security regulation (finextra.com)

• Newly-proposed cyber security rules could affect cloud banking services in the EU - PaymentExpert.com

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

• 5 resolutions to prepare for SEC's new cyber disclosure rules - Help Net Security

• The SEC’s Fraud Suit Against SolarWinds: 3 Cyber security Action Items for Companies to Consider | Orrick, Herrington & Sutcliffe LLP - JDSupra

• False Claims Act Meets Cyber security Compliance in Government Contracting - ClearanceJobs

Models, Frameworks and Standards

• CISA Launches Project to Assess Effectiveness of Security Controls - Infosecurity Magazine (infosecurity-magazine.com)

• The challenge of adding governance as a pillar of cyber security (c4isrnet.com)

Data Protection

• Thought GDPR Compliance Was Hard? Buckle Up (darkreading.com)

Careers, Working in Cyber and Information Security

• Information overload puts cyber security at risk (betanews.com)

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• More than half admit to ignoring cyber security alerts (itsecuritywire.com)

• Fewer cyber pros are getting fired immediately after an incident: Trellix survey (axios.com)

• Unhappy network professionals juggling more with less - Help Net Security

Law Enforcement Action and Take Downs

• International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war | Europol (europa.eu)

• Police dismantle ransomware group behind attacks in 71 countries (bleepingcomputer.com)

• CoLP launches strategy for fraud, economic and cyber crime | UK Police News - Police Oracle

• Los Angeles SIM Swapper Sentenced to 8 Years in Prison - Security Week

• New York Fines First American $1 Million for Cyber Breach (1) (bloomberglaw.com)

• Ex-Motorola tech pleads guilty to cyber crime, passport fraud • The Register

Misinformation, Disinformation and Propaganda

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Ahead of 2024 election, Meta worries about lack of information on top-tier nation-state covert operations | CyberScoop

Nation State Actors

China

• Deloitte and KPMG ask staff to use burner phones for Hong Kong trips

• Google, Meta, allege China cyber attacks • The Register

Russia

• Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns – POLITICO

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• Ukraine says it hacked Russian aviation agency, leaks data (bleepingcomputer.com)

• Leader of Killnet 'unmasked' by Russian state media • The Register

Iran

• Pennsylvania water facility hit by Iran-linked hackers | CyberScoop

• North Texas water utility serving 2 million hit with cyber attack (therecord.media)

• Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium

North Korea

• North Korean hackers are carrying out even more cyber attacks than previously thought | TechRadar

• North Korean Hackers Amass $3bn in Cryptocurrency Heists - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea-linked Konni APT uses Russian-language documents (securityaffairs.com)

• N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection (thehackernews.com)

• US Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Hamas-linked APT uses Rust-based SysJoker backdoor against Israel (securityaffairs.com)

• Shadowy hacking group targeting Israel shows outsized capabilities | CyberScoop

• SysJoker Malware: Hamas-Related Threat Expands With Rust Variant - Infosecurity Magazine (infosecurity-magazine.com)

• Data dump from Radware hack raises cyber eyebrows for the future of warfare | Ctech (calcalistech.com)

• Israel’s national water company sees increase in cyber attacks since beginning of war | Ctech (calcalistech.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

Vulnerability Management

• Why it’s the perfect time to reflect on your software update policy - Help Net Security

Vulnerabilities

• Apple fixes two new iOS zero-days in emergency updates (bleepingcomputer.com)

• Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability (thehackernews.com)

• Design flaw leaves Google Workspace vulnerable for takeover - Help Net Security

• Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices - Security Week

• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (hackread.com)

• Why the MOVEit breach still lives rent free in the minds of IT leaders | ITPro

• Hackers start exploiting critical ownCloud flaw, patch now (bleepingcomputer.com)

• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches (thehackernews.com)

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! - Help Net Security

• PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) - Help Net Security

• Unpatched Critical Vulnerabilities Open AI Models to Takeover (darkreading.com)

• Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads (darkreading.com)

• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (thehackernews.com)

Tools and Controls

• Approach Cyber Security Awareness Training by Engaging People at All Levels - CPO Magazine

• 8 Cyber Security Topics to Include in Your Training Program | Proofpoint US

• 40% of Cyber Security Departments Want More Budget to Upskill Employees - IT Security Guru

• 3 Simple Ways to Teach Your Teammates to Have a Security-First Mindset Today | Inc.com

• Long recovery times after cyber attacks could annihilate your organisation | TechRadar

• Stop panic buying your security products and start prioritizing - Help Net Security

• Cyber Security Spend Among UK Top 10 Legal Firms Jumps 21% as Threats Become Priority | Law.com International

• Enable 256-bit Bitlocker encryption on Windows 11 to boost security - gHacks Tech News

• Building cyber resilience for tomorrow’s threats - Help Net Security

• Volume of unique malware samples threatens to overwhelm defenders | Computer Weekly

• Global Cyber Security Insurance Market Size To Exceed USD (globenewswire.com)

• AI Boosts Malware Detection Rates by 70% - Infosecurity Magazine (infosecurity-magazine.com)

• Is cyber insurance worth the effort? | SC Media UK (scmagazineuk.com)

• What cyber security pros can learn from first responders (securityintelligence.com)

• Why are Organisations Failing to Detect Cyber security Threats? | MSSP Alert

• Vulnerability disclosure: Legal risks and ethical considerations for researchers - Help Net Security

• Researcher flags OpenCart security issue, founder rages • The Register

• Bridging the risk exposure gap with strategies for internal auditors - Help Net Security

Reports Published in the Last Week

• 2023 Zscaler ThreatLabz State of Phishing Report | Zscaler

Other News

• Cyber attack On A&O Highlights Perils Of Law Firm Mergers - Law360

• Law Firms & Legal Departments Singled Out for Cyber attacks (darkreading.com)

• Hacktivism: What’s in a Name… It May be More Than You Expect - Security Week

• Microsoft is at the Heart of US National Security Systems and It’s Vulnerable: Cyber Security Expert | NTD

• Implications of “malware free” attacks on SMBs (databreaches.net)

• Reading Borough Council apologises for dodgy infosec advice • The Register

• Holiday Season Increases Cyber security Risks (forbes.com)

• Only 1 in 6 Brits are concerned about cyberthreats at home - Home of Direct Commerce

• Security flaws in court record systems used in five US states exposed sensitive legal documents | TechCrunch

• Paris water agency targeted in cyber attack - Emerging Risks Media Ltd

• Why Utilities Need to Supercharge Their Approach to Cyber security (powermag.com)

• No plain sailing: modern pirates hack superyachts' cyber security | Euronews

• Hackers Hijack Industrial Control System at US Water Utility  - Security Week

• How to Keep Cyber attacks From Taking Off (darkreading.com)

• Estate agents warned to have measures in place to prevent cyber attacks (thenegotiator.co.uk)

• Japan’s space agency suffers cyber attack • The Register

• CISA to Congress: US Under Threat of Chemical Attacks (darkreading.com)

• New BLUFFS attack lets attackers hijack Bluetooth connections (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Executive summary

A cyber attack on CTS, who are a leading IT provider for law firms, conveyancers, and others within the UK’s legal sector, has resulted in a significant outage across 80-200 UK law firms. This comes as major law firm Allen and Overy were removed from a ransomware website one day before the deadline.

What’s the risk to me or my business?

If you use or have previously used CTS as a provider, the confidentiality, integrity and availability of your data may be compromised. Some firms have already felt the impact, being left unable to work due to outages. At current, there is no indication as to when availability will resume.

What can I do?

Black Arrow recommends firms check whether they are using CTS or have used CTS as a provider. In addition, firms should also be extra vigilant when communicating with other UK law firms as their may be an increased risk of phishing.

Black Arrow offer a free, no-obligation, introductory consultation to help you gain an unbiased perspective on your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Further information and guidance can be found here:

https://www.computing.co.uk/news/4150671/law-firm-service-provider-cts-hit-major-cyberattack

https://www.law.com/international-edition/2023/11/27/allen-overy-removed-from-ransomware-website-1-day-before-deadline/

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatalert #threatintelligence #cybersecurity