Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 29 September 2023
Black Arrow Cyber Threat Intelligence Briefing 29 September 2023:
-Ransomware Groups Are Shifting Their Focus Away From Larger Targets
-Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
-Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
-Attacks on SME’s Surged in The First Half of 2023
-The CISO Carousel and Its Effect on Enterprise Cyber Security
-Bermuda Struggles to Recover from Ransomware Attack
-Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
-Business Leaders More Anxious About Ransomware Than Recession as Tally from One Attack Alone Surpasses 2,000 Victim Organisations
-Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
-Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
-Boards Still Lack Cyber Security Expertise
-4 Legal Surprises You May Encounter After a Cyber Security Incident
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Ransomware Groups Are Shifting Their Focus Away from Larger Targets
Ransomware groups are once again prioritising attacks on smaller organisations as they look to target those with less mature security capabilities. Analysis from Trend Micro has shown that ransomware groups such as Lockbit, Cl0p and Black Cat are slowing down attacks against “big game” targets, such as multinationals, and are focusing their attention on smaller organisations. It was found that the overall ransomware attack victim numbers increased by 47% from H2 2022.
Organisations “of up to 200 employees”, those within the small-to-medium-sized range, accounted for the majority (575) of attacks using LockBit’s ransomware across H1 2023. Similar trends were observed with rivals in the ransomware-as-a-service (RaaS) space. Nearly half (45%) of Black Cat victims were in the same size range. There are many underlying factors in the recent surge of attacks on smaller organisations, however one big cause is the economic factor and the perception that smaller organisations are not going to be as well protected.
Sources: [Techcentral] [Helpnet Security]
Cover-ups Still the Norm as Half of Cyber Attacks go Unreported
A report found that 48% of organisations that experience critical cyber incidents and disasters such as ransomware attacks do not report it to the appropriate authorities, and 41% do not even disclose cyber attacks to their boards. Alarmingly, 32% simply “forgot” and 22% self-reported that there wasn’t a system in place to report it. In the UK, failure to report a breach within 72 hours could make a company eligible for a fine up to €10 million or 2% of annual global turnover if deemed a lower-level infringement, and up to €20 million or 4% of annual global turnover for higher-level infringements.
The lack of reporting also has a knock-on effect: a significant number of cyber attacks go un-reported and therefore this skews statistics, meaning the current numbers of known cyber attacks are likely much lower than the actual figure.
Sources: [Computer Weekly] [InfoSecurity Magazine]
Reported Cyber Security Breaches Increase Threefold for Financial Services Firms
New research shows that cyber security breaches for UK financial service firms have increased threefold from 187 attacks (2021-2022) to 640 attacks (2022-2023). This comes as the pensions sector reported the biggest jump in breaches rising from 6 to 246 in the same period, a concerning large increase of 4,000%. These patterns are not only relevant to the UK however, with separate reports highlighting an 119% increase in attacks on financial sector cyber attacks globally from 2022 to 2023.
Trustees can be liable for failures in managing cyber risk, so any business looking to protect itself from the impact of a cyber attack should invest in understanding its cyber footprint, the risks it poses, and have the right policies/procedures in place.
Sources: [CIR Magazine] [PensionsAge] [CityAM] [TechRadar]
Attacks on SME’s Surged in The First Half of 2023
According to Kaspersky, small and medium enterprises (SMEs) dealt with more attacks during the first half of the year compared to the same time the year previous. Worryingly, a separate report found that over three quarters of SME leaders could not confidently identify a cyber incident at work and 50% of respondents felt they were unable to identify the difference between a phishing email and real email.
An outcome of the study was the identification of a need for effective user training. SMEs do not have the budget to have a wide range of tools, however they can strengthen their users’ security practices. Black Arrow enables SMEs to strengthen their people controls through bespoke and affordable education and awareness training for all levels of the organisation.
Sources: [Inquirer] [HelpNet Security] [Insurance Times]
The CISO Carousel and Its Effect on Enterprise Cyber Security
The average tenure of a Chief Information Security Officer (CISO) is said to sit between 18 to 24 months; research highlights the reasons including the strain of the role, the perceived lack of leadership support, and the attraction of more money from a different employer. There is often a gap while the replacement is recruited, during which there is nobody looking after the organisation’s security.
In some cases, organisations may look to outsource by using the services of a virtual CISO (vCISO) with cost savings and greater stability and flexibility. The Black Arrow vCISO team are experienced world-class specialists, providing independent, impartial and objective expertise across the wide range of essential CISO skills with significant advantages compared to an internal resource.
Source: [Security Week]
Bermuda Struggles to Recover from Ransomware Attack
The Bermudan Government this week suffered what they referred to as a significant cyber incident. Workers were cut off from email and telephone systems, with affected departments resorting to manual processes and issuing of paper based cheques. The Government was unable to make payroll payments, and parcels could not be sent from the Island’s Post Offices. It is noted that while not all systems were affected, the government took everything offline out of precaution. It is believed that some other regional governments have also been impacted.
The attack has been attributed to Russia or Russian-based actors, but attribution in cases like this can be difficult. It should be noted that, if involvement from Russia were confirmed, both Russian state actors and Russian based cyber criminals work closely in a symbiotic relationship that benefits both parties. Using cyber crime groups as fronts provides nation state actors with a level of deniability, while also allowing them to direct the operation and benefit from it. Equally, cyber crime groups get to do their thing with the blessing, whether tacit or explicit, of the national authorities in their country. In general, countries where this happens (such as Russia, North Korea and China) have no interest in cooperating with Western authorities, so the cyber criminals essentially work with impunity.
Sources: [Duo] [GovInfo Security] [Bleeping Computer]
Businesses Remain Unprepared Despite Cyber Threats Remaining a Top Concern
A report found cyber threats continue to rank among the top three business concerns for a wide spectrum of companies. Despite it being such a concern, a significant percentage of businesses admitted to not conducting cyber assessments for vendors (57%) or customers’ assets (56%), having an incident response plan (50%), or implementing multifactor authentication for remote access (44%). Phishing scams were of particular concern, with companies reporting a notable increase in incidents, jumping from 14% to 27% over the past year.
Cyber attacks are a certainly a sobering reality, with nearly 23% of survey participants disclosing that their company had fallen victim to a cyber attack and 49% of these incidents occurred within the past year.
Source: [Reinsurance News]
Business Leaders More Anxious About Ransomware Than Recession as Victims from Single Attack Surpasses 2,000 Organisations
According to a recent study, half of business leaders are more worried about falling victim to a ransomware attack than macroeconomic hardship. Over 60% of businesses who had suffered a ransomware attack reported concerns about the prospect of a second ransomware attack, and 71% of leaders admitted their businesses wouldn’t be able to withstand it. 56% said they had increased hiring costs, nearly half experienced increased customer complaints, and 47% reported team stress. This comes as the tally of victims from the MOVEit attack alone surpasses 2,000 organisations. To make matters worse, the FBI has described dual ransomware attacks taking place, with the second attack less than 48 hours after the first.
Source: [Tech Informed] [Helpnet Security] [Helpnet Security] [BleepComputer]
Hotel Hackers Redirect Guests to Fake Booking[.]com Site in Major Phishing Campaign
Booking.com users have become the focus of a new, large-scale phishing campaign that involved hackers taking control of the hotel’s Booking[.]com account. Once in control, the attackers were then able to utilise personal information and craft messages, tailored to victims.
With many organisations using sites such as Booking[.]com, it is imperative that staff are trained effectively, to reduce the risk of them falling victim to a phishing campaign.
Sources: [BleepingComputer] [Inforsecurity Magazine]
Cyber Leaders Worry That AI Will Overwhelm Cyber Defences
A survey of 250 leaders found that 85% worry that AI will overwhelm cyber defences while almost two thirds (61%) have already seen an increase in cyber attack complexity due to AI. Overall 80% view AI as the single biggest cyber threat their business faces, and seven out of 10 are investing in more resilient measures to improve their detection and response protocols.
AI can certainly be overwhelming, but with the right expertise, organisations can navigate their way to improving their AI defences. Black Arrow’s expert team helps your leadership to understand and manage AI-based risks, and safely adopt artificial intelligence in your organisation.
Source: [Management Issues]
Boards Still Lack Cyber Security Expertise
A study by the US National Association of Corporate Directors (NACD) and the Internet Security Alliance (ISA) found that just 12% of S&P 500 companies have board directors with relevant cyber credentials, showing that there is still a lack of expertise at the board level. Boards can improve their expertise by engaging with training that is tailored to leadership. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident. Source: [Wallstreet Journal]
4 Legal Surprises You May Encounter After a Cyber Security Incident
In the event of a cyber incident, there are a number of problems that emerge, but some you may not be aware of. These may include investigations by auditors, a freeze on payments by banks, and uncertainty about notifying third parties including customers. Your insurance provide may also launch a review of the cyber security controls that you had in place before the incident, to determine the payout.
Ideally, you will never have to face a cyber incident, but it can happen and it’s best to ensure you are well placed to deal with it, by understanding what needs to be done and how to respond. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.
Source: [Dark Reading]
Governance, Risk and Compliance
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Businesses Unprepared for Cyber Attacks Despite Steady Concern (insurancejournal.com)
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
Majority of UK SME c-suites lacking awareness of cyber risks | Insurance Times
Business leaders most anxious about ransomware attacks (techinformed.com)
Cyber security incident response: Your company's ICU (channelweb.co.uk)
Cover-ups still the norm in the wake of a cyber incident | Computer Weekly
Many firms aren't reporting breaches to the proper authorities | TechRadar
Half of Cyber-Attacks Go Unreported - Infosecurity Magazine (infosecurity-magazine.com)
CISOs are struggling to get cyber security budgets: Report | CSO Online
CISOs are spending more on cyber security - but it might not be enough | TechRadar
Cyber threats remain top concern for businesses in 2023: Travelers Risk Index - Reinsurance News
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
The Hot Seat: CISO Accountability in a New Era of SEC Regulation (darkreading.com)
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modeling - Security Week
Financial crime compliance costs exceed $206 billion - Help Net Security
Threats
Ransomware, Extortion and Destructive Attacks
Ransomware soars as enterprises struggle to respond - Verdict
Ransomware groups are shifting their focus away from larger targets - Help Net Security
Business leaders most anxious about ransomware attacks (techinformed.com)
Why is Ransomware Such a Prevalent Threat and Popular Tool for Attackers? | MSSP Alert
ShadowSyndicate: A New Cyber Crime Group Linked to 7 Ransomware Families (thehackernews.com)
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
FBI: Dual ransomware attack victims now get hit within 48 hours (bleepingcomputer.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
MOVEit cyber attack is pause for concern | Ary Rosenbaum - The Rosenbaum Law Firm P.C. - JDSupra
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
Youth hacking ring at the center of cyber crime spree | CyberScoop
Current ransomware defencs efforts are not working - Help Net Security
VMware users anxious about costs and ransomware threats - Help Net Security
MSP shares details of Kaseya VSA ransomware attack, recovery | TechTarget
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Trend Micro Report Reveals Increase of LockBit Ransomware Attacks in US (thedefensepost.com)
Hospital Ransomware Attacks Go Beyond Health Care Data (securityintelligence.com)
Patient Care at Risk as Hospitals Increasingly on Frontlines of Ransomware Attacks | The Epoch Times
Ransomware Victims
Bermuda Struggles to Recover From Cyber Attack (govinfosecurity.com)
Cl0p's MOVEit attack tally surpasses 2,000 victim organisations - Help Net Security
Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels (darkreading.com)
MGM, Caesars Cyber Attack Responses Required Brutal Choices (darkreading.com)
Ransomware Group Claims to Have Breached 'All of Sony Systems' (vgchartz.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Youth hacking ring at the center of cyber crime spree | CyberScoop
MGM Resorts and Caesars face class action lawsuits over September cyber attacks By Investing.com
UK logistics firm blames ransomware attack for insolvency, 730 redundancies (therecord.media)
Ransomware group demands $51 million from Johnson Controls after cyber attack (bitdefender.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
Leekes cyber attack? NoEscape ransomware gang claims breach (techmonitor.ai)
Phishing & Email Based Attacks
This devious phishing scam makes it look like dodgy emails are actually safe | TechRadar
New AtlasCross hackers use American Red Cross as phishing lure (bleepingcomputer.com)
BEC – Business Email Compromise
Nigerian man pleads guilty to attempted $6 million BEC email heist (bleepingcomputer.com)
BEC Attacks Increase By 279% in Healthcare - Infosecurity Magazine (infosecurity-magazine.com)
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
Cyber leaders worry that AI will overwhelm cyber defences (management-issues.com)
Google is working to keep Bard chats out of Search • The Register
New working group to probe AI risks and applications | CyberScoop
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
How should organisations navigate the risks and opportunities of AI? - Help Net Security
Malware
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
'Culturestreak' Malware Lurks Inside GitLab Python Package (darkreading.com)
Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics (thehackernews.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
A powerful new malware backdoor is targeting governments across the world | TechRadar
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Mobile
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
iOS 17 update secretly changed your privacy settings; here's how to set them back (bitdefender.com)
Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks - Security Week
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Botnets
Bot Swarm: Attacks From Middle East & Africa Are Notably Up (darkreading.com)
New variant of BBTok Trojan targets users of +40 banks in LATAM (securityaffairs.com)
Asian banks are a favorite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Denial of Service/DoS/DDOS
Internet of Things – IoT
If You Have An Amazon Alexa Device, You Need To Check This Security Update List (slashgear.com)
Researchers uncover thriving market for malware targeting IoT devices - The Hindu
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Data Breaches/Leaks
UK pension schemes reveal 4,000% rise in cyber security breaches - Pensions Age Magazine
Reported cyber security breaches increase threefold for financial services firms (cityam.com)
British charities warn supporters their personal data has been breached • Graham Cluley
Air Canada discloses data breach of employee and 'certain records' (bleepingcomputer.com)
National Student Clearinghouse data breach impacts 890 schools (bleepingcomputer.com)
BORN Ontario child registry data breach affects 3.4 million people (bleepingcomputer.com)
900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse - Security Week
Regulator Warns Breaches Can Cost Lives - Infosecurity Magazine (infosecurity-magazine.com)
Hospital alert as 24,000 letters meant for GPs lost in computer error - Mirror Online
Organised Crime & Criminal Actors
'Power, influence, notoriety': The Gen-Z hackers who struck MGM and Caesars - The Japan Times
Asian banks are a favourite target of cyber cooks, and malicious bots their preferred tool | ZDNET
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Gozi strikes again, targeting banks, cryptocurrency and more (securityintelligence.com)
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher stopped at US border for investigating crypto scam (bleepingcomputer.com)
Insider Risk and Insider Threats
75% who didn't report cyber attack to leadership, felt guilty about it | Security Magazine
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Despite rising insider risk costs, budgets are being wasted in the wrong places - Help Net Security
Fraud, Scams & Financial Crime
Hotel hackers redirect guests to fake Booking.com to steal cards (bleepingcomputer.com)
Beware: fraud and smishing scams targeting students | Bournemouth University
Yet another hack hits NFT marketplace OpenSea - SiliconANGLE
Crooks stole $200 million worth of assets from Mixin Network (securityaffairs.com)
Fraud prevention forces scammers to up their game - Help Net Security
Why young people are more prone to online scams than boomers are (news5cleveland.com)
Bitcoin scammer who was snared by victims sentenced - BBC News
Security researcher warns of chilling effect after feds search phone at airport | TechCrunch
AML/CFT/Sanctions
Study Reveals Conti Affiliates Money Laundering Practices (inforisktoday.com)
Financial crime compliance costs exceed $206 billion - Help Net Security
Insurance
Dark Web
Supply Chain and Third Parties
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
How the Okta Cross-Tenant Impersonation Attacks Succeeded (darkreading.com)
Lawsuits Allege MGM, Caesars Neglected Cyber Security Preparedness (skift.com)
3 phases of the third-party risk management lifecycle | TechTarget
Cloud/SaaS
Containers
Encryption
The UK just passed an online safety law that could make people less safe (theconversation.com)
Regulators Are 'Hurting Their Own Country' in Seeking Encryption Backdoors: Nym CEO - Decrypt
Open Source
Where Linux is in your home, and how to protect Linux devices from hacking | Kaspersky official blog
Akira Ransomware Mutates to Target Linux Systems, Adds TTPs (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Why Shouldn’t You Use the Same Password Everywhere Online (makeuseof.com)
Are You Willing to Pay the High Cost of Compromised Credentials? (thehackernews.com)
Biometrics
Social Media
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
X scraps tool to report electoral fake news - researchers - BBC News
Malvertising
Training, Education and Awareness
Travel
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms | Techdirt
The UK just passed an online safety law that could make people less safe (theconversation.com)
Are we about to lose the last pillar of our digital security? | Euronews
New working group to probe AI risks and applications | CyberScoop
Why California's Delete Act matters for the whole country - Help Net Security
Financial crime compliance costs exceed $206 billion - Help Net Security
Models, Frameworks and Standards
Why It’s Wrong To Judge SIEM Success Only Against The ATT&CK Framework (forbes.com)
Urgent actions for protecting utilities against cyber-attack: Navigating NIS 2 - Utility Week
Careers, Working in Cyber and Information Security
The CISO Carousel and Its Effect on Enterprise Cyber Security - Security Week
Demand for cyber security staff trebled since 2019 | Business Post
Cyber security and staffing issues key risks for companies | Accountancy Daily
Cyber security skills employers are desperate to find in 2023 - Help Net Security
Preventing security professionals from ‘quietly quitting’ due to alert fatigue (securitybrief.co.nz)
Law Enforcement Action and Take Downs
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
Russia’s APT29 intensifies espionage operations | SC Media (scmagazine.com)
Russian hacking operations target Ukrainian law enforcement | CyberScoop
Government of Bermuda blames Russian threat actors for the cyber attack (securityaffairs.com)
Bermuda probes major cyber attack as officials slowly bring operations back online (thestar.com)
Ukraine war: Cyber Attack in Crimea after Black Sea fleet HQ hit | News UK Video News | Sky News
Examining the Activities of the Turla APT Group (trendmicro.com)
Scottish Tory MSP has website hacked by 'hostile Russian group' | The National
Elon Musk’s X is biggest outlet of Russia disinformation, EU says (cnbctv18.com)
Russian Firm Willing to Pay $20 Million for iPhone, Android Zero-Day Exploits (pcmag.com)
Cyber Attack on Russian Air Booking System Sparks Flight Delays - The Moscow Times
China
Taiwan is bracing for Chinese cyber attacks, White House official says - POLITICO
China-Linked EvilBamboo Targets Mobiles - Infosecurity Magazine (infosecurity-magazine.com)
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - Security Week
China’s national security minister lists top digital threats • The Register
Misc Nation State/Cyber Warfare
Vulnerability Management
Why Zero Days Are Set for Highest Year on Record - Infosecurity Magazine (infosecurity-magazine.com)
Vulnerabilities
Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)
Cisco Warns of IOS Software Zero-Day Exploitation Attempts - Security Week
Researchers Release Details of New RCE Exploit Chain for SharePoint (darkreading.com)
High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server (thehackernews.com)
GPUs from all major suppliers are vulnerable to new pixel-stealing attack | Ars Technica
Firefox 118 Patches High-Severity Vulnerabilities - Security Week
Hackers actively exploiting Openfire flaw to encrypt servers (bleepingcomputer.com)
Trust Is Key In Cyber Security: Analysing The MOVEit Ransomware Attacks (forbes.com)
Tools and Controls
Cyber security incident response: Your company's ICU (channelweb.co.uk)
CISOs are spending more on cyber security - but it might not be enough | TechRadar
4 Legal Surprises You May Encounter After a Cyber Security Incident (darkreading.com)
The 5 most dangerous Wi-Fi attacks, and how to fight them | PCWorld
What Is a Network Security Assessment and Why You Need It | MSSP Alert
Why You Should Phish In Your Own Pond (informationsecuritybuzz.com)
The pitfalls of neglecting security ownership at the design stage - Help Net Security
A Primer On Artificial Intelligence And Cyber Security (forbes.com)
Preventing employees from becoming the gateway for cyber attacks | TechRadar
Proactive Security: What It Means for Enterprise Security Strategy (darkreading.com)
Looking Beyond the Hype Cycle of AI/ML in Cyber Security (darkreading.com)
Moving From Qualitative to Quantitative Cyber Risk Modelling - SecurityWeek
Cyber security budgets show moderate growth - Help Net Security
Exploring Cyber Insurance and its Intersection with Property Coverage | Woodruff Sawyer - JDSupra
Other News
Cyber criminals are targeting the financial sector more than ever | TechRadar
The hidden costs of neglecting cyber security for small businesses - Help Net Security
SMBs face growing cyber security threats, but basic measures can lower risks | ZDNET
Why aviation needs to prioritise cyber security – Airport World (airport-world.com)
Are Fire Departments Prepared for a Cyber Attack? | HackerNoon
Fintechs must brace for rising cyber security challenges | Mint (livemint.com)
Space Force chief says commercial satellites may need defending | Ars Technica
UK Cyber Security Council CEO reflects on a year of progress | CSO Online
Google Loophole Lets Drug Dealers Hijack Nearly Any Website to Sell Narcotics (businessinsider.com)
Cyber Hygiene: A First Line of Against Evolving Cyber Attacks (darkreading.com)
Cyber Attacks hit military, Parliament websites as India hacker group targets Canada (cheknews.ca)
KnowBe4 Finds US. Healthcare a Top Target For Cyber Attacks (prnewswire.com)
US Government Shutdown Could Bench 80% of CISA Staff - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 11 August 2023
Black Arrow Cyber Threat Intelligence Briefing 11 August 2023:
-75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
-How an Eight-Character Password Could be Cracked in Just a Few Minutes
-Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
-How Executives’ Personal Devices Threaten Business Security
-77% of Financial Firms Saw an Increase in Cyber Attack Frequency
-Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
-Managing Human Cyber Risks Matters Now More Than Ever
-Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
-UK Shaken by Major Data Breaches
-Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
-Mac Users are Facing More Dangerous Security Threats Than Ever Before
-Cyber Attack to Cost Outsourcing Firm Capita up to £25m
-Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices
Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.
Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.
Source: [Dark Reading]
How an Eight-Character Password Could be Cracked in Just a Few Minutes
Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.
Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.
Source: [Techrepublic]
Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits
The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.
In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.
The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.
Source: [Dark Reading]
How Executives’ Personal Devices Threaten Business Security
Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.
A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.
Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.
Sources: [Help Net Security] [Security Affairs]
77% of Financial Firms Saw an Increase in Cyber Attack Frequency
According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).
Source: [SecurityMagazine]
Protecting Against Sophisticated Cyber Attacks Requires Layered Defences
Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.
Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.
Source: [Forbes]
Managing Human Cyber Risks Matters Now More Than Ever
As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.
A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.
Source: [Help Net Security]
Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins
Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.
The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.
Sources: [Help Net Security] [Security Affairs]
UK Shaken by Major Data Breaches
Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.
Sources: [Telegraph] [Tech Crunch]
Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack
The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.
Sources: [ITPro] [Infosecurity Magazine]
Mac Users are Facing More Dangerous Security Threats Than Ever Before
Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.
In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.
Source: [Techradar]
Cyber Attack to Cost Outsourcing Firm Capita up to £25m
Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.
The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.
Source: [Guardian]
Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources
A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.
Source: [Financial Express]
Governance, Risk and Compliance
Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)
Managing human cyber risks matters now more than ever - Help Net Security
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian
9 common risk management failures and how to avoid them | TechTarget
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)
How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)
What happens if cyber insurance becomes unviable? - Raconteur
NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro
Cyber Security Must Focus on the Goals of Criminals (informationweek.com)
Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)
Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)
Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network
It's Time for Cyber security to Talk About Climate Change (darkreading.com)
Threats
Ransomware, Extortion and Destructive Attacks
Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert
Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online
Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro
Data exfiltration is now the go-to cyber extortion strategy - Help Net Security
Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)
Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)
Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)
Recent ransomware attacks share curiously similar tactics - Help Net Security
Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)
Navigating the gray zone of ransomware payment practices - Help Net Security
Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert
Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)
Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
Best practices for reporting ransomware attacks | TechTarget
Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)
Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com
Ransomware Victims
Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)
Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics
Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)
Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)
Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)
Phishing & Email Based Attacks
Hackers are targeting top executives to steal their work logins | TechRadar
Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security
9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar
RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online
Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)
How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
White House offers prize money for hacker-thwarting AI (techxplore.com)
AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)
In the age of ChatGPT, Macs are under malware assault | Digital Trends
AI can now steal your passwords with almost 100% accuracy | Digital Trends
Microsoft AI Red Team building future of safer AI | Microsoft Security Blog
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
AI hacking gets White House backing; some already go rogue (9to5mac.com)
OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
2FA/MFA
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News
Malware
In the age of ChatGPT, Macs are under malware assault | Digital Trends
Mac users are facing more dangerous security threats than ever before | TechRadar
Threat intelligence's key role in mitigating malware threats - Help Net Security
This PowerPoint could help hackers empty your bank account | Digital Trends
Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)
Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)
New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)
CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)
Mobile
Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)
Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International
Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)
How executives' personal devices threaten business security - Help Net Security
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week
Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)
Botnets
QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)
Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)
Denial of Service/DoS/DDOS
Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)
How to accelerate and access DDoS protection services using GRE - Help Net Security
Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica
Internet of Things – IoT
Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED
Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)
The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)
Data Breaches/Leaks
Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)
The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)
UK Electoral Commission hacked by 'hostile actors' | Reuters
PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)
Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Organised Crime & Criminal Actors
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)
Cyber security Must Focus on the Goals of Criminals (informationweek.com)
How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
BlackBerry Discloses Major Crypto-Based Malware - The Tech Report
FBI warns of phishing scams and social media account hijackers (cointelegraph.com)
Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)
Insider Risk and Insider Threats
Managing human cyber risks matters now more than ever - Help Net Security
US Navy sailors charged with stealing secret info for China • The Register
Get consent before you monitor your staff, UK MPs suggest • The Register
Fraud, Scams & Financial Crime
Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly
Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)
Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian
Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)
Impersonation Attacks
Insurance
What happens if cyber insurance becomes unviable? - Raconteur
Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)
5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
Dark Web
Dark web activity targeting the financial sector - Help Net Security
ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)
Supply Chain and Third Parties
Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)
37% of third-party applications have high-risk permissions - Help Net Security
Software Supply Chain
Unravelling the importance of software supply chain security - Help Net Security
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
37% of third-party applications have high-risk permissions - Help Net Security
Cloud/SaaS
Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)
100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com
Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD
Microsoft OneDrive is a willing 'ransomware double agent' • The Register
Managing and Securing Distributed Cloud Environments - Security Week
Microsoft 365 guests + Power Apps = security nightmare • The Register
Containers
Identity and Access Management
CrowdStrike observes massive spike in identity-based attacks | TechTarget
Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)
Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)
91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru
Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)
WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
Encryption
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)
Open Source
Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
Kemba Walden: We need to secure open source software | TechTarget
Passwords, Credential Stuffing & Brute Force Attacks
How an 8-character password could be cracked in just a few minutes (techrepublic.com)
AI can now steal your passwords with almost 100% accuracy | Digital Trends
US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)
Biometrics
Social Media
Malvertising
Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)
Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)
Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News
Training, Education and Awareness
Managing human cyber risks matters now more than ever - Help Net Security
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Travel
Parental Controls and Child Safety
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)
What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro
The Problem With Cyber security (and AI Security) Regulation (darkreading.com)
CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week
The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)
America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian
Models, Frameworks and Standards
NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST
Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack
OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)
Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru
5 steps to ensure HIPAA compliance on mobile devices | TechTarget
Data Protection
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Careers, Working in Cyber and Information Security
Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru
Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE
6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)
Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security
Law Enforcement Action and Take Downs
IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)
Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)
Privacy, Surveillance and Mass Monitoring
Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update
China drafts rules for using facial recognition data - Japan Today
Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian
ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro
Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs
Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)
SpaceX's private control of satellite internet concerns military leaders | Space
Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)
Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)
Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR
Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop
Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)
Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop
US, Ukraine cyber leaders talk resilience, collaboration | TechTarget
Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)
China
China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)
Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)
UK security must not be sacrificed to net zero (telegraph.co.uk)
Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia
China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget
Why the China cyber threat demands an airtight public-private response (federaltimes.com)
China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW
China drafts rules for using facial recognition data - Japan Today
US Navy sailors charged with stealing secret info for China • The Register
RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)
US Navy sailors charged with stealing secret info for China • The Register
Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg
Iran
North Korea
Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)
North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs
Misc/Other/Unknown
Vulnerability Management
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week
Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online
Microsoft hits back at Tenable’s criticism of its infosec • The Register
The Four Pillars of Vulnerability Management - GovInfoSecurity
Has Microsoft cut security corners once too often? | Computerworld
Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)
The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)
Vulnerabilities
Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs
Microsoft, Intel lead this month's security fix emissions • The Register
Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)
Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register
Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)
New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)
Google Chrome will get weekly security updates - gHacks Tech News
Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week
Adobe Releases Security Updates for Multiple Products | CISA
New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week
Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)
Tools and Controls
Managing human cyber risks matters now more than ever - Help Net Security
Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)
MDR: Empowering Organisations with Enhanced Security (thehackernews.com)
9 common risk management failures and how to avoid them | TechTarget
Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)
Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)
Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)
Managing and Securing Distributed Cloud Environments - Security Week
How to handle API sprawl and the security threat it poses - Help Net Security
Threat intelligence's key role in mitigating malware threats - Help Net Security
Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)
10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)
Lower Data Breach Insurance Costs with These Tips (trendmicro.com)
AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)
Other News
UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)
Budget constraints threaten cybersecurity in government bodies - Help Net Security
Threat of cyber attacks to national security compared to that of chemical weapons | ITPro
Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News
Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore
Cyber Security Threats From Online Gaming – Analysis – Eurasia Review
Cyber attack cost Interserve more than £11m | News | Building
Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 9th June 2023
Black Arrow Cyber Threat Briefing 09 June 2023:
-74% of Breaches Involve Human Element- Make Employees Your Best Asset
-Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
-CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
-Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
-BEC Volumes and Ransomware Costs Double in a Year
-Hackers are Targeting C-Suite Executives Through Their Personal Email
-Proactive Detection is Crucial as Organisations Lack Effective Threat Research
-Number of Vulnerabilities Exploited Rose by 55%
-Ransomware Behind Most Cyber Attacks, with Record-breaking May
-4 Areas of Cyber Risk That Boards Need to Address
-North Korea Makes 50% of Income from Cyber Attacks
-Going Beyond “Next Generation” Network Security
-Worldwide 2022 Email Phishing Statistics and Examples
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
74% of Breaches Involve Human Element- Make Employees Your Best Asset
Verizon’s recent data breach report analysed 16,312 security incidents and 5,199 breaches. A total of 74% of breaches involved a human element, highlighting the role of employees in achieving good cyber resilience. Organisations looking to improve their resilience should therefore consider how well and how frequently they train their users. In a recent report, Fortinet found that 90% of leaders believed that increasing their employee cyber security awareness would help decrease the occurrence of cyber attacks. Worryingly, despite 85% of leaders having an awareness and training programme in place, 50% believed their employees still lacked cyber security knowledge.
With an effective training programme, organisations can increase their employees’ cyber risk awareness and empower them in defending the organisation, laying the foundation for a strong cyber security culture.
https://www.helpnetsecurity.com/2023/06/06/verizon-data-breach-investigations-report-2023-dbir/
https://www.helpnetsecurity.com/2023/06/09/employees-cybersecurity-knowledge/
Cyber Security Agency Urges Vigilance as MOVEit Attack Impacts Major Companies Including British Airways, Boots and the BBC
The recent cyber attacks on file transfer software MOVEit have impacted a number of major companies through their supply chain. The attack, which hit UK-based HR and payroll provider Zellis has had a huge knock-on effect, with major companies such as British Airways, Boots and the BBC suffering as a result of using Zellis in their supply chain. The UK’s National Cyber Security Centre (NCSC) has emphasised the need for organisations to exercise heightened vigilance.
Organisations must be aware of supply chain risks, and how an attack on a supplier or service provider can impact their own organisation. It is important for organisations to manage supply chain security, assess third party risks, communicate with suppliers and keep on top of emerging threats; it’s no simple task.
https://www.securityweek.com/several-major-organizations-confirm-being-impacted-by-moveit-attack/
CISOs and IT Lack Confidence in Executives’ Cyber Defence Knowledge as the Spotlight Falls on the Boardroom
Nearly three-quarters of data breaches include an element of human failure, and senior business leaders were particularly at risk, according to a recent report. Not only do business leaders possess the most sensitive information, but they are often the least protected, with many organisations making security protocol exemptions for them. Such factors have pushed the boardroom into the spotlight more.
In another report, it was found that only 28% of IT professionals were confident in their executives’ ability to recognise a phishing email. The report found that as many as 71% of executives were reusing compromised passwords from personal accounts inside the company. Technology alone won’t solve the problem: user awareness training is required and this includes the boardroom.
Only 1 in 10 CISOs are Board-ready as Nearly Half of Boards Lack Cyber Expertise
A recent study has found that only 1 in 10 chief information security officers (CISOs) have all the key traits thought to be crucial for success on a corporate board, with many lacking governance skills and experience and other attributes needed for board readiness. Worryingly, nearly half of the 1,000 companies in the study lacked at least one director with cyber security expertise. This is concerning as good cyber security starts from the board: the board is responsible for understanding the business risks of a cyber incident and for endorsing whether the cyber controls in place have reduced those risks to a level that the board is happy with. Similarly, the board would not sign off financial risks without ensuring they had someone with financial experience and qualifications present. The Black Arrow vCISO service is ideal for organisations that need expertise in assessing and managing cyber risks, underpinned by governance reporting and metrics presented to enable the board to make educated and informed decisions.
https://www.csoonline.com/article/3698291/only-one-in-10-cisos-today-are-board-ready-study-says
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report. The report this year was based on analysis of 16,312 security incidents and 5,199 breaches over the past year.
Pretexting, which is commonly using in BEC attacks, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000. The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage.
https://www.infosecurity-magazine.com/news/bec-volumes-ransomware-costs/
Hackers are Targeting C-Suite Executives Through Their Personal Email
As companies rely on chief financial officers (CFOs) to mitigate risk, cyber attacks and the costs associated with them are a major concern. Now there is also a growing trend of cyber criminals targeting C-suite executives in their personal lives, where it is easier to pull off a breach as there are fewer, if any, protections, instead of targeting them through their business accounts. Once attackers have access, they then try to use this to gain entry to the corporate systems. The report found that 42% of companies have experienced cyber criminal attacks on their senior-level corporate executives, which can compromise sensitive business data. The report found that 58% of respondents stated that cyber threat prevention for executives and their digital assets are not covered in their cyber, IT and physical securities strategies and budgets.
https://fortune.com/2023/06/08/hackers-targeting-c-suite-executives-personal-email-cybersecurity
Proactive Detection is Crucial as Organisations Lack Effective Threat Research
In a recent study, it was found that CISOs are spending significantly less time on threat research and awareness, despite 58% having an increase in their budget for cyber security; the same number reported that their team is so busy, they may not detect an attack. In a different report, keeping up with threat intelligence was identified as one of the biggest challenges faced.
https://www.helpnetsecurity.com/2023/06/06/cisos-cybersecurity-spending/
Number of Vulnerabilities Exploited Rose by 55%
A recent report from Palo Alto Networks’ Unit 42 found that the number of vulnerabilities that attackers are exploiting has grown by 55% compared to 2021, with most of the increase resulting from supply chain vulnerabilities; along with this was a 25% rise in the number of CVE’s, the term used for identified vulnerabilities. Worryingly ChatGPT scams saw a 910% increase in monthly domain registrations, pointing to an exponential growth in fraudulent activities taking advantage of the widespread usage and popularity of AI-powered chatbots.
Such growth puts further strain on cyber security staff, making it even harder for organisations to keep up. A strong threat management programme is needed, to help organisations prioritise threats and use organisational resources effectively to address said threats.
https://www.infosecurity-magazine.com/news/exploitation-vulnerabilities-grew/
https://www.infosecurity-magazine.com/news/cves-surge-25-2022-another-record/
Ransomware Behind Most Cyber Attacks, with Record-breaking May
2022 saw ransomware account for nearly one in four (24%) cyber attacks, with 95% of events resulting in a loss costing upwards of $2.25 million during 2021-2022. Ransomware remains a significant threat as evidenced by a different report, which stated that May 2023 saw a 154% spike in ransomware compared to May 2022. Other key findings include unreported attacks being five times more likely than reported attacks.
4 Areas of Cyber Risk That Boards Need to Address
As technological innovations such as cloud computing, the Internet of Things, robotic process automation, and predictive analytics are integrated into organisations, it makes them increasingly susceptible to cyber threats. This means that governing and assessing cyber risks becomes a prerequisite for successful business performance. This need for transparency has been recognised by the regulators and facilitated by the new cyber security rules to ensure companies maintain adequate cyber security controls and appropriately disclose cyber-related risks and incidents.
To ensure they fulfil the requirements, organisations should focus on the following areas: position security as a strategic business enabler; continuously monitor the cyber risk capability performance; align cyber risk management with business needs through policies and standards; and proactively anticipate the changing threat landscape by utilising threat intelligence sources for emerging threats.
https://hbr.org/2023/06/4-areas-of-cyber-risk-that-boards-need-to-address
North Korea Makes 50% of Income from Cyber Attacks
The North Korean regime makes around half of its income from cyber attacks on cryptocurrency and other targets. A 2019 UN estimate claimed North Korea had amassed as much as $2bn through historic attacks on crypto firms and traditional banks.
North Korean hackers have been blamed for some of the biggest ever heists of cryptocurrency, including the $620m stolen from Sky Mavis’ Ronin Network last year and the $281m taken from KuCoin in 2020 and $35m from Atomic Wallet just this last weekend.
They are using increasingly sophisticated techniques to get what they want. The 3CX supply chain attacks, in which backdoor malware was implanted into a legitimate-looking software update from the eponymous comms provider, is thought to have been a targeted attempt at hitting crypto exchanges.
https://www.infosecurity-magazine.com/news/north-korea-makes-50-income/
Going Beyond “Next Generation” Network Security
Over a decade ago, the phrase “next generation” was used in the network security space to describe the introduction of application-layer controls with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the perimeter. A lot has happened in the last decade though, most notably, the rapid adoption of cloud and multicloud architectures and the loss of the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organisations use between two and three public Infrastructure as a Service (IaaS) clouds. On top of that, 95% of web traffic is encrypted which limits visibility. Applications are everywhere, access privileges are unstructured, increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency. What was once considered “next-generation” network security no longer cuts it.
Worldwide 2022 Email Phishing Statistics and Examples
Remote and hybrid work environments have become the new norm. The fact that email has become increasingly integral to business operations, has led malicious actors to favour email as an attack vector. According to a report by security company Egress, 92% of organisations have fallen victim to phishing attacks in 2022, a 29% increase in phishing incidents from 2021. Phishing attacks aimed at stealing info and data, also known as credential phishing, saw a 4% growth in 2022, with nearly 7 million detections. Rather worryingly, there was a 35% increase in the number of detections that related to business email compromise (BEC); these attacks mostly impersonated executives or high-ranking management personnel. With the increase in AI tools, it is expected that cyber criminals will be better able to create and deploy more sophisticated phishing attacks.
https://www.trendmicro.com/en_us/ciso/23/e/worldwide-email-phishing-stats-examples-2023.html
Governance, Risk and Compliance
CISOs, IT lack confidence in executives’ cyber-defence knowledge | CSO Online
Cyber spotlight falls on boardroom ‘privilege’ as incidents soar | Computer Weekly
CISOs focus more on business strategy than threat research - Help Net Security
Only one in 10 CISOs today are board-ready, study says | CSO Online
Employee cyber security awareness takes centre stage in defence strategies - Help Net Security
The Importance of Managing Your Data Security Posture (thehackernews.com)
How CISOs Can Manage the Intersection of Security, Privacy, And Trust (darkreading.com)
Why Companies Should Consider Developing A Chief Security Officer Position (forbes.com)
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
VeeamON 2023: When Your Nightmare Comes True - The New Stack
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
Factors influencing IT security spending - Help Net Security
How to Boost Cyber Security Through Better Communication (securityintelligence.com)
Generative AI's influence on data governance and compliance - Help Net Security
Essential Cyber security Compliance Standards (trendmicro.com)
Threats
Ransomware, Extortion and Destructive Attacks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
Ransomware Behind Most Cyber Attacks, Verizon Business Reports - MSSP Alert
Ransomware Hit New Attack Highs in May 2023, BlackFog Report Says - MSSP Alert
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
Clop ransomware likely testing MOVEit zero-day since 2021 (bleepingcomputer.com)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal (thehackernews.com)
Cyclops Ransomware group offers a multiplatform Info StealerSecurity Affairs
Royal ransomware gang adds BlackSuit encryptor to their arsenal (bleepingcomputer.com)
Ransomware Victims
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Ransomware takes down multiple municipalities in May | TechTarget
Several Major Organisations Confirm Being Impacted by MOVEit Attack - SecurityWeek
Spanish Bank Globalcaja Hit By Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Burton Snowboards discloses data breach after February attack (bleepingcomputer.com)
City of Dallas Still Clawing Back Weeks After Cyber Incident (darkreading.com)
Caribbean Island Suffers Cyber Attack, MSSP Expert Recommends Low-Code Automation - MSSP Alert
Phishing & Email Based Attacks
Fixing email security: It's still a rocky road ahead - SiliconANGLE
Worldwide 2022 Email Phishing Statistics and Examples (trendmicro.com)
New Security Warning Issued For Google's 1.8 Billion Gmail Users (forbes.com)
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Artificial Intelligence
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
The Growing Cyber Threats of Generative AI: Who's Accountable? (darkreading.com)
Consumers overestimate their deepfake detection skills - Help Net Security
Department of Defence AI principles have a place in the CISO’s playbook | CSO Online
Generative AI's influence on data governance and compliance - Help Net Security
Traditional malware increasingly takes advantage of ChatGPT for attacks | CSO Online
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Cyber crooks Scrape OpenAI API Keys to Pirate GPT-4 (darkreading.com)
2FA/MFA
Malware
High-profile malware and targeted attacks in Q1 2023 | Securelist
ChatGPT creates mutating malware that evades detection by EDR | CSO Online
Malicious Chrome extensions with 75M installs removed from Web Store (bleepingcomputer.com)
Qakbot: The trojan that just won't go away - Help Net Security
Qbot malware adapts to live another day … and another … • The Register
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
New PowerDrop Malware Targeting US Aerospace Industry (thehackernews.com)
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
Minecraft Malware Spreading Through Mods, Plug-ins (darkreading.com)
Online sellers targeted by new information-stealing malware campaign (bleepingcomputer.com)
Google puts $1M behind its mining-malware detection promise • The Register
Mobile
Over 60,000 Android apps secretly installed adware for past six months (bleepingcomputer.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
New tool scans iPhones for 'Triangulation' malware infection (bleepingcomputer.com)
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Apple announces next-level privacy and security innovations - Help Net Security
How Does Android Stack Up Vs IOS? (informationsecuritybuzz.com)
Botnets
New Horabot campaign takes over victim's Gmail, Outlook accounts (bleepingcomputer.com)
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors (thehackernews.com)
Denial of Service/DoS/DDOS
Outlook.com hit by outages as hacktivists claim DDoS attacks (bleepingcomputer.com)
Microsoft OneDrive down worldwide following claims of DDoS attacks (bleepingcomputer.com)
Internet of Things – IoT
Britain to remove Chinese surveillance gear from government sites | Surveillance | The Guardian
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
Amazon’s Ring doorbell employees spied on users’ bathrooms (telegraph.co.uk)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
New York City sues Hyundai, Kia claiming cars easy to steal • The Register
Data Breaches/Leaks
Verizon DBIR: Social Engineering Gains Lead to Spiraling Breach Costs (darkreading.com)
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Hackers launch another wave of mass-hacks targeting company file transfer tools | TechCrunch
Massive free VPN data breach exposes 360M records | Fox News
2.5M Impacted by Enzo Biochem Data Leak After Ransomware Attack (darkreading.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
Every Netherlands resident affected by data leak: watchdog | NL Times
German recruiter Pflegia leaks sensitive job seeker info- Security Affairs
What’s really changed 10 years after the Snowden revelations? | Edward Snowden | The Guardian
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft – Security Week
Google puts $1M behind its mining-malware detection promise • The Register
Insider Risk and Insider Threats
Fraud, Scams & Financial Crime
Scammers publish ads for hacking services on government websites | TechCrunch
Hackers hijack legitimate sites to host credit card stealer scripts (bleepingcomputer.com)
A new wave of sophisticated digital fraud hits Europe - Help Net Security
ID fraud a possibility forever, claims data breach lawsuit • The Register
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack (thehackernews.com)
Brazilian Cyber criminals Using LOLBaS and CMD Scripts to Drain Bank Accounts (thehackernews.com)
Virtual claims raise alarms among insurance carriers and customers - Help Net Security
UK banks to reimburse fraud victims under new rules, regulator confirms | Scams | The Guardian
Impersonation Attacks
'Picture-in-Picture' Obfuscation Spoofs Delta, Kohl's for Credential Harvesting (darkreading.com)
Gmail spoofing vulnerability sparks Google ‘Priority 1’ probe | SC Media (scmagazine.com)
Deepfakes
Sextortionists are making AI nudes from your social media images (bleepingcomputer.com)
Deepfakes being used in ‘sextortion’ scams, FBI warns • The Register
Consumers overestimate their deepfake detection skills - Help Net Security
Defenders Buckle Up for a Future of Detecting Deepfakes (darkreading.com)
Insurance
Dark Web
New Android feature drop will scan the dark web for your Gmail address | Trusted Reviews
Dissecting the Dark Web Supply Chain: Stealer Logs in Context (bleepingcomputer.com)
What is the dark web and how do you access it? (androidpolice.com)
Supply Chain and Third Parties
BA, BBC and Boots staff data hit by Russia-linked cyber attack (telegraph.co.uk)
Clop extortion gang gives MOVEit exploit victims one week to reach out | CSO Online
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 (thehackernews.com)
Hacking Spree Feared After Breach of File-Sharing Software - Bloomberg
data privacy: Swiss administration hit by cyber attack - The Economic Times (indiatimes.com)
Software Supply Chain
SBOMs - Software Supply Chain Security’s Future or Fantasy? - SecurityWeek
10 security tool categories needed to shore up software supply chain security | CSO Online
Cloud/SaaS
The Annual Report: 2024 Plans and Priorities for SaaS Security (thehackernews.com)
Cloud misconfiguration causes massive data breach at Toyota Motor | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Current SaaS security strategies don't go far enough - Help Net Security
Hybrid/Remote Working
Filling the Gaps: How to Secure the Future of Hybrid Work (darkreading.com)
Thought of Going Into Office Gives Quarter of Employees Sunday Scaries - IT Security Guru
Surveilling your employees? You could be putting your company at risk of attack - Help Net Security
Shadow IT
Encryption
API
Honda API flaws exposed customer data, dealer panels, internal docs (bleepingcomputer.com)
OWASP's 2023 API Security Top 10 Refines View of API Risks - SecurityWeek
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Hate speech is driving advertisers away from Twitter • Graham Cluley
US government's TikTok ban extended to include contractors • The Register
Training, Education and Awareness
Employee cyber security awareness takes center stage in defense strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Make Your Employees Your Best Asset in Combating Cyber crime | CISO Collective (fortinet.com)
How to Boost Cyber security Through Better Communication (securityintelligence.com)
Embracing realistic simulations in cyber security training programs - Help Net Security
Data Protection
SEC drops 42 cases after staff bungle data protection • The Register
Japan privacy watchdog warns ChatGPT-maker OpenAI on user data | Reuters
Microsoft Preps $425M Payment for LinkedIn GDPR Violations (darkreading.com)
Microsoft Fined $20M For Xbox Child Data Collection (darkreading.com)
Careers, Working in Cyber and Information Security
Privacy, Surveillance and Mass Monitoring
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Nation State Actors
A Peek Behind the Curtain: Examining the Dimensions of a National-level Cyber Program | Mandiant
North Korean APT group targets email credentials in social engineering campaign | CSO Online
UK to strip Chinese surveillance cameras from sensitive government sites | Financial Times (ft.com)
Morrisons and Tesco ban Chinese CCTV cameras over security fears (telegraph.co.uk)
US government's TikTok ban extended to include contractors • The Register
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering (thehackernews.com)
Kimsuky APT poses as journalists and broadcast writers in attacks- Security Affairs
Meet TeamT5, the Taiwanese infosec outfit taking on Beijing • The Register
China has closed unofficial ‘police stations’ in Britain, UK minister says | China | The Guardian
Lazarus hackers linked to the $35 million Atomic Wallet heist (bleepingcomputer.com)
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks (thehackernews.com)
Hostile states face contract ban amid security concerns (thetimes.co.uk)
North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft - SecurityWeek
Vulnerability Management
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
Public sector apps show higher rates of security flaws - Help Net Security
Vulnerabilities
Zyxel vulnerability under 'widespread exploitation' | TechTarget
Barracuda Urges Immediate Replacement of Hacked ESG Appliances (thehackernews.com)
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities (thehackernews.com)
High-Severity Vulnerabilities Patched in Splunk Enterprise - SecurityWeek
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update (darkreading.com)
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! (thehackernews.com)
Android security update fixes Mali GPU flaw exploited by spyware (bleepingcomputer.com)
High-risk vulnerabilities patched in ABB Aspect building management system - Help Net Security
Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover (darkreading.com)
Tools and Controls
CISOs focus more on business strategy than threat research - Help Net Security
CIOs prioritize new technologies over tech stack optimization - Help Net Security
Going Beyond “Next Generation” Network Security - Cisco Blogs
Make Your Employees Your Best Asset in Combating Cybercrime | CISO Collective (fortinet.com)
UK Organisations lack clear path to achieve threat intelligence - IT Security Guru
Employee cybersecurity awareness takes center stage in defence strategies - Help Net Security
Want Sustainable Security? Find Middle Ground Between Tech & Education (darkreading.com)
Factors influencing IT security spending - Help Net Security
Top factors driving enterprise demand for new cyber security technology - Help Net Security
How to Boost Cyber security Through Better Communication (securityintelligence.com)
MoD adopts ‘secure by design’ for cyber security | UKAuthority
Everyone is selling VPNs, and that's a problem for security | Engadget
ISMG Editors: Why Communications Skills Matter for CISOs (inforisktoday.com)
Phishing Attack Prevention Checklist - A Detailed Guide (gbhackers.com)
Ransomware Attack Prevention Checklist - 2023 (cybersecuritynews.com)
OWASP lists 10 most critical large language model vulnerabilities | CSO Online
This Google Workspace security flaw could let hackers quietly steal your Drive files | TechRadar
Embracing realistic simulations in cyber security training programs - Help Net Security
The Key to Zero Trust Identity Is Automation (darkreading.com)
What generative AI's rise means for the cyber security industry | TechTarget
Cisco spotlights generative AI in security, collaboration | Network World
10 security tool categories needed to shore up software supply chain security | CSO Online
How to Improve Your API Security Posture (thehackernews.com)
Consolidate Vendors and Products for Better Security - SecurityWeek
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.