Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Only 3% of Organisations Globally are Fully Prepared for Cyber Threats

A new report released by Cisco found that only 3% of organisations globally are considered to be at a “mature” level of readiness that is needed to be resilient against today’s cyber threats. In contrast, 80% of the companies surveyed felt moderately to very confident in their ability to defend against a threat.

Nearly three-quarters of respondents expect a cyber incident to disrupt their business in the next 12 to 24 months. For many, this was based on past experience, with more than half of respondents saying that they had experienced a cyber security incident in the last 12 months, and of those, more than half of said it cost them at least $300,000. To address this, 97% of companies expect to increase their cyber security budgets in the next 12 months.

Sources: [PR Newswire] [SiliconANGLE]

China Cyber Attacks a Reminder Beijing Poses ‘Constant and Sophisticated’ Threat to Western Cyber Security

The UK’s National Cyber Security Centre (NCSC) has now implicated a Chinese-backed hacking group, APT31, in attempts to target a group of MPs. Whilst this shows how advanced the threat from China has become, it should not be a surprise. It has been alleged that the hacking campaign targeted a broad swathe of private individuals, as well as strategically important companies and government officials. Geopolitical tensions are at an all-time high, as Conservative MP Iain Duncan Smith, one of those targeted by the campaign says, “we must now enter a new era of relations with China, dealing with the contemporary Chinese Communist party as it really is, not as we would wish it to be.”

Sources: [Sky News] [GovInfoSecurity] [The Guardian]

Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers

A recent report underscores the pivotal role of cyber security in financial performance, revealing that companies with genuinely advanced levels of cyber security maturity generate a 372% higher shareholder return compared to those with lower levels of maturity, as observed over a five-year period. Notably, companies with engaged board members and specialised risk committees achieve superior cyber security performance. Despite regulatory requirements, only 3% of UK organisations have a cyber security expert on their board, emphasising the need for greater board-level engagement in cyber risk management. Industries like healthcare and financial services lead in cyber security ratings, underscoring the correlation between regulatory environments and cyber security performance.

Source: [Business Wire] [Computer Weekly]

Hackers Hit High-Risk Individuals’ Personal Accounts

Britain’s National Cyber Security Centre (NCSC) is warning that attackers faced with well-managed corporate cyber security defences, are instead turning their efforts to compromise high-risk individuals’ devices and accounts.

A high-risk individual is anyone who has access to or influence over sensitive information. For an attacker, these individuals can present a less complex route. They already know the individual has access to the data they want, it is just a case of compromising that individual.

Source: [Gov Info Security]

Cyber Security Threats in International Relations: Are We Prepared for a Digital Pearl Harbour?

Cyber security threats have reached unprecedented levels, posing significant risks to organisations and nations worldwide, with global costs predicted to soar to $10.5 trillion annually by 2025, a significant increase from $6 trillion in 2021. Recent reports from IBM Security X-Force reveal that organisations face an average of 270 cyber attacks per year, equivalent to an attack every business day, underlining the persistent nature of the threat and reinforcing the old question of ‘when’ not 'if' an organisation will get hit.

The report warns of the possibility of large-scale, coordinated attacks, akin to a “Digital Pearl Harbor,” on vital infrastructure such as power grids and financial markets, with ransomware-based attacks being identified as a major risk. The emergence of cyber warfare blurs the distinction between espionage and acts of war, underscoring the need for international standards and agreements. Despite the focus on cyber threats, many organisations have risk management gaps.

Source: [Eurasia Review]

High Net Worths Urged to Improve Digital Hygiene in Fight Against Cyber Crime

High net worth individuals and their families are often targets for cyber criminals who seek to steal their money, identity, intellectual property and corporate data, and attacks are increasing. With the current state of the world, there is significant information that is publicly available. This, added to the fact that many high-net-worth individuals have lesser security controls than corporations, makes them a more lucrative target.

As these types of attacks continue to increase, it is important for individuals to ensure they are demonstrating good cyber hygiene through actions including the adoption of multi-factor authentication, limiting unnecessary social media from themselves and their family (including holidays) and understanding current tactics to be able to spot and mitigate them.

Source: [Financial Times]

Key Lessons from Microsoft’s Password Spray Hack: Secure Every Account

Earlier this year, Microsoft discovered they had been the victim of a hack orchestrated by Russian-state hackers. The attack was not highly sophisticated; in fact, it involved simply spraying passwords into an old, inactive account. Password spraying is a simple brute force technique, which has the attacker trying the same password against multiple accounts. In this case, it was enough to be able to allow attackers to commit further exfiltration.

Picture your organisation: can you guarantee that no account is using the password “Password123”? Whilst organisations may focus on protecting privileged accounts, the attack shows that every account needs to be secured, as they are all entry points to your organisation. To combat this, organisations should look to implement robust password policies and multi-factor authentication.

Source: [The Hacker News]

Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach

Mitigating third-party risk may seem daunting when considering the slew of incoming regulations coupled with the increasingly advanced tactics of cyber criminals. However, most organisations have more agency and flexibility than they think they do. Third-party risk management can be built on top of existing risk governance practices and security controls that are currently implemented in the organisation. Understanding the vendor landscape, categorising vendors based on criticality, and developing tailored governance plans are crucial steps. Contractual obligations, tailored to industry standards, play a pivotal role in ensuring security measures are upheld. Additionally, establishing a robust exit strategy is imperative to safeguard data integrity post-partnership. By fostering a culture of shared responsibility and continuous improvement, organisations can navigate the complexities of third-party risk management effectively.

Source: [Dark Reading]

IT Leaders Struggle to Keep up With Emerging Threats, as 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time

A recent survey of over 800 IT and security leaders highlights the escalating threat landscape fuelled by emerging technologies, with AI-powered attacks identified as the most serious and challenging. 92% of respondents report a year-over-year increase in cyber attacks with 95% noting heightened sophistication.

Organisations reported facing AI-powered attacks (51%), deepfake technology and supply chain attacks (both 36%), cloud jacking (35%), Internet of Things (IoT) attacks and 5G network exploits (both 34%), and fileless attacks (24%). But it is not just newer attacks; organisations are still contending with prevalent attacks like phishing, malware, and ransomware. The survey found that 84% of respondents say that phishing and smishing have become more difficult to detect with the rise in popularity of AI-powered tools, revealing that AI-powered phishing is their top concern (42%) when it comes to AI security.

With so many constantly evolving threats, and with new ones being added to the mix all the time, it is becoming more and more difficult for IT leaders to keep on top of these emerging threats.

Source: [Beta News] [The Fast Mode]

Only 5% of Boards Have Cyber Security Expertise

There is a concerning gap in cyber expertise on corporate boards, with only 5% of businesses having a cyber expert onboard, despite a direct correlation between strong cyber security and higher financial performance. Countries like France have 10% representation while Canada lags behind at just 1%. Integration of cyber experts into specialised risk committees significantly boosts cyber security performance. Furthermore, advanced security ratings translate to significantly better financial returns over three and five-year periods, underlining the pivotal role of cyber security in overall business health.

Source: [Infosecurity Magazine]

Google’s New AI Search Results Promotes Sites Pushing Malware and Scams

Earlier this month, Google began rolling out a feature called Google Search Generative Experience (SGE) in its search results, which provides AI-generated quick summaries, including site recommendations. These results, however, are pushing scams and malware. BleepingComputer found that the listed sites promoted by SGE tend to use the .online top level domain, the same HTML templates, and the same sites to perform redirects, stating “This similarity indicates that they are all part of the same SEO [search engine optimisation] poisoning campaign that allowed them to be part of the Google index.” When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site. This matter highlights the need for users to stay cognisant, even when using AI to improve quality of life.

Source: [Bleeping Computer]

Report Calls Out Cyber Risks to Financial Sector Fuelled by AI

A recent report by the US Department of the Treasury has identified AI-driven cyber fraud as the primary concern for financial institutions. Smaller firms, in particular, struggle with AI development, which intensifies security concerns. Despite a focus on cyber security, risk management lapses are common across institutions. The report further notes that nearly a third of these institutions are yet to address the evolving tactics of threat actors, including social engineering, malvertising, and QR code phishing. More than 2 in 5 have pointed to the increasing use of generative AI for scaling and automating attacks as a lingering risk factor. The report emphasises that, even without mandates, there’s an urgent need for financial institutions to bolster their risk management and cyber security practices to counter these AI-driven threats.

Source: [CyberScoop]

Governance, Risk and Compliance

• Hackers Hit High-Risk Individuals' Personal Accounts (govinfosecurity.com)

• Only 5% of Boards Have Cyber Security Expertise - Infosecurity Magazine (infosecurity-magazine.com)

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• How threat intelligence data maximizes business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• More than half of organisations fall victim to cyber attacks (betanews.com)

• Companies With Advanced Cyber Security Performance Deliver Nearly Four Times’ Higher Shareholder Return Than Their Peers, According to Diligent and Bitsight | Business Wire

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Shareholders win when businesses do better at cyber | Computer Weekly

• Getting Security Remediation on the Boardroom Agenda (darkreading.com)

• New Cyber Threats to Challenge Financial Services Sector in 2024 (darkreading.com)

• The cyber security skills shortage: A CISO perspective | CSO Online

• Cyber security essentials during M&A surge - Help Net Security

• Companies told cyber security has to be cross business concern (emergingrisks.co.uk)

• It's Time to Stop Measuring Security in Absolutes (darkreading.com)

• True Cost of a Cyber Security Breach for Your Business - Converge

• 35 cyber security statistics to lose sleep over in 2024 (techtarget.com)

• Changing role of CISO | Professional Security

• 3 Challenges CISOs Face in 2024 as Cyber Threats Explode | Corporate Counsel (law.com)

• Cyber security plans should centre on resilience | MIT Sloan

• Debunking compliance myths in the digital era - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware: lessons all companies can learn from the British Library attack - Exponential-e Blog

• 78% of organisations plan to increase ransomware protection | Security Magazine

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Building Resiliency in the Face of Ransomware  - Security Boulevard

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

• US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth (yahoo.com)

• Healthcare Under Ransomware Attacks - Part 1: BlackCat/AlphV - VMRay

• Healthcare Under Ransomware Attacks - Part 2: LockBit - VMRay

• Healthcare Under Ransomware Attacks - Part 3: Rhysida - VMRay

Ransomware Victims

• Hackers threaten to publish huge cache of NHS Scotland data - BBC News

• Alleged sale of Communication Workers Union’s users data (marcoramilli.com)

• Scullion LAW becomes victim of cyber attack | Scottish Legal News

• Panera Bread experiencing nationwide IT outage since Saturday (bleepingcomputer.com)

• Clorox audit flagged systemic flaws in cyber security at manufacturing plants (detroitnews.com)

• Big Issue working with NCSC, NCA and Met Police to investigate cyber incident - IT Security Guru

• Western Isles council tax bills delayed due to cyber attack - BBC News

• Vietnam Securities Broker Suffered Cyber Attack That Suspended Trading (darkreading.com)

Phishing & Email Based Attacks

• 'Darcula' Phishing-as-a-Service Operation Bleeds Victims Worldwide (darkreading.com)

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in EU. and US (thehackernews.com)

• ThreatLabz 2023 Phishing Report | ITPro

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

Artificial Intelligence

• Treasury report calls out cyber risks to financial sector fuelled by AI | CyberScoop

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• Four generative AI cyber risks that keep CISOs up at night — and how to combat them - SiliconANGLE

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Artificial intelligence now the biggest cyber threat - study (emergingrisks.co.uk)

• Microsoft: 87% of UK Businesses Are Unprepared for Cyber Attacks (techrepublic.com)

• 92% of IT Leaders Say Cyber Threats Are on the Rise, 51% See AI Attacks for the First Time (thefastmode.com)

• Scammers exploit tax season anxiety with AI tools - Help Net Security

• Experts Warn of Cyber Risk Due to Rapid AI Tool Evolution (govinfosecurity.com)

• AI Regulation at a Crossroads - Security Boulevard

• Over A Third of IT Leaders Are Ill-Equipped to Cope With AI-Powered Attacks - IT Security Guru

• Beware of rogue chatbot hacking incidents (securityintelligence.com)

• The Unique AI Cyber Security Challenges in the Financial Sector | Decipher (duo.com)

• AI weaponisation becomes a hot topic on underground forums - Help Net Security

• AI bots hallucinate software packages and devs download them • The Register

• Threat Report: Examining the Use of AI in Attack Techniques (darkreading.com)

• Hackers exploit Ray framework flaw to breach servers, hijack resources (bleepingcomputer.com)AWS CISO: Pay Attention to How AI Uses Your Data (darkreading.com)

2FA/MFA

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (bleepingcomputer.com)

• Apple customers are being targeted by "MFA Bombing" password reset attack (xda-developers.com)

Malware

• New StrelaStealer Phishing Attacks Hit Over 100 Organisations in E.U. and US. (thehackernews.com)

• Google's new AI search results promotes sites pushing malware, scams (bleepingcomputer.com)

• 39,000 Websites Infected in 'Sign1' Malware Campaign - SecurityWeek

• ConnectWise ScreenConnect attacks deliver malware | SC Media (scmagazine.com)

• US organisations targeted with emails delivering NetSupport RAT - Help Net Security

• Hunter-killer malware: How to prevent it from undermining security controls | SC Media (scmagazine.com)

• Python devs are being targeted by this massive infostealing malware campaign | TechRadar

• TheMoon bot infected 40,000 devices in January and February (securityaffairs.com)

• Viruses are the most popular type of malware - and Apple devices are most at risk | TechRadar

• New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (thehackernews.com)

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

• DarkGate Malware Campaign Exploits Patched Microsoft Flaw - Security Boulevard

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

• AI bots hallucinate software packages and devs download them • The Register

Mobile

• In-app browsers still a privacy, security, and choice issue • The Register

• Thousands of phones and routers swept into proxy service, unbeknownst to users | Ars Technica

• Apple lawsuit: US officials say iPhone ‘monopoly’ undermines security | SC Media (scmagazine.com)

Internet of Things – IoT

• Hackers Reveal Method to Bypass Hotel Keycard Locks in Seconds • iPhone in Canada Blog

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Data Breaches/Leaks

• AT&T won’t say how its customers’ data spilled online | TechCrunch

• SpyCloud Report: 61% of Data Breaches in 2023 Were Malware Related | Business Wire

Organised Crime & Criminal Actors

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

• Scammers steal millions from FTX, BlockFi claimants - Help Net Security

Insider Risk and Insider Threats

• The missing link: How criminals teamed up with bank employees to orchestrate cyber frauds. - The Economic Times (indiatimes.com)

Insurance

• Insurer unveils policy covering drivers from connected car hacks and data leaks (therecord.media)

Supply Chain and Third Parties

• Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (thehackernews.com)

• Mitigating Third-Party Risk Requires a Collaborative, Thorough Approach (darkreading.com)

Cloud/SaaS

• Key Lesson from Microsoft's Password Spray Hack: Secure Every Account (thehackernews.com)

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Cloud Account Hijacking: How it Works and How to Prevent It (techtarget.com)

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

Identity and Access Management

• Tackling DORA Compliance With a Focus on PAM - IT Security Guru

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple With Identity Pain Points | Decipher (duo.com)

Encryption

• Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Apple users targeted by annoying 'Reset Password' attack | Mashable

• 10 Essential Measures To Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• 67% of businesses sync on-premises passwords to cloud environments | Security Magazine

• What is Managing Secrets? - Security Boulevard

Social Media

• If you watched certain YouTube videos, investigators demanded your data from Google | Mashable

Malvertising

• Study claims more than half of Americans use ad blockers • The Register

Training, Education and Awareness

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Regulations, Fines and Legislation

• Cyber security shake-up: How to prepare for EU's NIS2 and DORA (siliconrepublic.com)

• techUK Raise Internet Snooping Concerns Over UK IP Act Amendments - ISPreview UK

• AI Regulation at a Crossroads - Security Boulevard

• Cyber security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

Models, Frameworks and Standards

• Debunking compliance myths in the digital era - Help Net Security

Backup and Recovery

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

Careers, Working in Cyber and Information Security

• The human impact of ransomware attacks: how can businesses protect their security professionals? - IT Security Guru

• Almost half of IT teams are burnt out as a result of war rooms, as ‘blame game’ culture becomes the norm for most organisations | TechRadar

• The cyber security skills shortage: A CISO perspective | CSO Online

Law Enforcement Action and Take Downs

• UK Law Enforcers Arrest 400 in Major Fraud Crackdown - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Cyber Security Threats In International Relations: Are We Prepared For A Digital Pearl Harbor? – OpEd – Eurasia Review

Nation State Actors

China

• China cyber attacks a reminder Beijing poses 'constant and sophisticated' threat to western cyber security | Science & Tech News | Sky News

• US and UK accuse China of cyber operations targeting domestic politics | CyberScoop

• UK ‘turning up to a gunfight with a wooden spoon’ over China cyber-attacks (scotsman.com)

• China hack on MPs worse than Government admitted, with at least 30 targeted (inews.co.uk)

• New Zealand follows UK in accusing China of hacking its parliament | The Independent

• Finland confirms APT31 hackers behind 2021 parliament breach (bleepingcomputer.com)

• China linked to UK cyber-attacks on voter data, Dowden to say - BBC News

• Dowden guarantees UK elections will be safe from Chinese cyber attacks | Evening Standard

• After '10,000 malicious emails,' US sanctions 7 Chinese nationals in alleged cyber crimes - UPI.com

• SNP MP claims Scottish universities 'overdependent' on Chinese money | The National

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Fake reporters and death threats: China spy tactics from Hong Kong dissidents (inews.co.uk)

• The Chinese government is phasing out Intel and AMD CPUs and Microsoft's Windows OS because they don't fit its new 'safe and reliable' guidelines | PC Gamer

• Is Cyber Warfare Heating Up? Biden Administration, UK Take Aim At Chinese Hackers | IBTimes

• China cyber-attacks explained: who is behind the hacking operation against the US and UK? | Hacking | The Guardian

• What to make of China’s massive cyber-espionage campaign (economist.com)

• Pump the brakes: National security concerns surround connected cars - Nextgov/FCW

• PM says UK approach to China 'more robust' than allies, as senior Chinese diplomat summoned | ITV News

• UK says Chinese cyber attacks ‘part of large-scale espionage campaign’ (thenextweb.com)

• Why cyber indictments and sanctions matter | The Strategist (aspistrategist.org.au)

• Chinese hackers target family members to surveil hard targets | CyberScoop

Russia

• Microsoft to shut down 50 cloud services for Russian businesses (bleepingcomputer.com)

• Russia's Cozy Bear tries to phish Germans with party invites • The Register

Iran

• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (thehackernews.com)

North Korea

• Asian cuisine used to launder money for North Korea • The Register

• UN probing 58 alleged crypto heists by North Korea worth $3 billion (therecord.media)

Vulnerability Management

• Spyware vendors behind 75% of zero-days targeting Google | TechTarget

• Zero Days Surged by Over 50% Annually, Says Google - Infosecurity Magazine (infosecurity-magazine.com)

• On the Increase: Zero-Days Being Exploited in the Wild (databreachtoday.co.uk)

• NVD slowdown leaves thousands of vulns without analysis data • The Register

• Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?  - Security Boulevard

Vulnerabilities

• Patch Now: Critical Fortinet RCE Bug Under Active Attack (darkreading.com)

• SQL injection vulnerability in Fortinet software under attack | TechTarget

• GitHub Developers Hit in Complex Supply Chain Cyber Attack (darkreading.com)

• Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions (thehackernews.com)

• MacOS 14.4.1 makes it once again safe to update your Mac | ZDNET

• Apple Security Bug Opens iPhone, iPad to RCE (darkreading.com)

• Apple finally reveals the serious security issues it patched in iOS 17.4.1 - PhoneArena

• A vulnerability in Apple M-series chips could expose encryption keys and harm performance — and Patchless Apple M-Chip Vulnerability Allows Cryptography Bypass (darkreading.com)

• Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (bleepingcomputer.com)

• China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws (thehackernews.com)

• Double trouble for DNSSEC though the devil is in the details • The Register

• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns - Help Net Security

• Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (darkreading.com)

Tools and Controls

• How threat intelligence data maximises business operations - Help Net Security

• IT leaders struggle to keep up with emerging threats (betanews.com)

• 78% of organisations plan to increase ransomware protection | Security Magazine

• Rising ransomware attacks amplify World Backup Day's importance (securitybrief.co.nz)

• Why Endpoint Security Tools Are Still Such a Challenge (inforisktoday.com)

• Security awareness training meets a new obstacle: Generative AI | SC Media (scmagazine.com)

• Cyber security training costs surge as firms battle skills gaps | ITPro

• 10 Essential Measures to Secure Access Credentials | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Organisations Grapple with Identity Pain Points | Decipher (duo.com)

• Enterprise cyber security's lateral movement 'blind spot' [Q&A] (betanews.com)

• Cyber security plans should center on resilience | MIT Sloan

• Cyber Security Agency Proposes First Incident-Reporting Rules (2) (bloomberglaw.com)

• Paid Generic Cyber Security Courses: Why They Are Not the Solution for Security Awareness - Security Boulevard

Reports Published in the Last Week

• ThreatLabz 2023 Phishing Report | ITPro

Other News

• Why the World Needs a New Cyber Treaty for Critical Infrastructure - Carnegie Europe - Carnegie Endowment for International Peace

• Wealthy urged to improve digital hygiene in fight against cyber crime (ft.com)

• Security experts raise questions about UK cyber funding in wake of Electoral Commission hack | ITPro

• 8 cyber security predictions shaping the future of cyber defence - Help Net Security

• Active adversary dwell time: The good (and bad) news | SC Media (scmagazine.com)

• Cyber Threat to US Power Grids Escalating as Election Approaches (yahoo.com)

• Are We Ignoring the Cyber Security Risks of Undersea Internet Cables? | HackerNoon

• How to Prevent Your Company from Being Hacked in 2024 - DevX

• Pentagon Looks to Finalise Cyber Security Rules for Defence Industrial Base - ClearanceJobs

• US and Japan plan biggest upgrade to security pact in over 60 years

• US must establish independent military cyber service to fix 'alarming' problems — report | DefenseScoop

• FTSE 100 Retailers showing signs of cyber security apathy, despite growing risks | Retail Bulletin (theretailbulletin.com)

• Finland to host NATO tech centers, revamp cyber security strategy (defensenews.com)

• French cyber defence chief warns Paris Olympics a 'target' (techxplore.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Mind The Gap: Mimecast Report Finds Humans Are Biggest Security Flaw

A global report from Mimecast has found that 74% of all cyber breaches are caused by human factors, including errors, misuse of access privileges or social engineering. Email remains the primary attack vector for cyber threats. Further, 67% of respondents expect AI-driven attacks to soon be the norm and 69% believe their company will be harmed by an attack.

No matter the size, sector or budget of an organisation, people remain a consistent risk factor. Even with strong technology controls, people can still be the risk that brings down the organisation. It is therefore important for organisations to integrate people into their cyber security investments. This should include awareness and education training, and fostering a cyber secure culture in the organisation.

Sources: [IT Security Guru] [Beta News] [Verdict]

Three-Quarters of Cyber Victim Are SMBs: Why SMBs are Becoming More Vulnerable

According to a recent Sophos report, over three-quarters of cyber incidents impacted smaller businesses in 2023, with ransomware having the largest impact. The research also found that in 90% of attacks, data or credential theft was involved and in 43%, data theft was the main focus.

The report found significant usage of initial access brokers; these are attackers whose speciality is to break into computer networks and sell ready-to-go access to other attackers. In fact, the report found that almost half of all malware detected in SMBs were malicious programs used to steal sensitive data and login credentials. Unfortunately, many SMBs struggle to keep up due to a lack of resources and budget; instead, they must be able to prioritise their cyber security efforts to get the most return on investment.

Sources: [Infosecurity Magazine]  [Help Net Security] [TechRadar] [Nairametrics] [TechTarget]

Cyber Security Skills Gap and Lack of Boardroom Engagement Invite Hacker Havoc

The Ipsos report on Cyber Security Skills in the UK Labour Market 2023 sheds light on the persistent challenges faced in recruiting, training, and retaining cyber security professionals across various domains. With approximately 739,000 businesses lacking basic cyber skills and 487,000 facing advanced skills gaps, the demand for trained professionals is escalating. The shortage of incident response skills highlights the need for comprehensive education and training programs. Senior management and board-level executives must also be equipped with the knowledge to manage incidents effectively, emphasising reporting, seeking external assistance, and maintaining a no-blame culture. Understanding cyber risks at the business level is crucial, as cyber crime has evolved into a well-organised industry with distinct roles and profit-sharing mechanisms among cyber criminal groups. Conducting tabletop incident response exercises can effectively prepare senior leadership for cyber incidents, ensuring a proactive and coordinated response to mitigate risks and safeguard organisational resilience.

Source: [TechRadar]

UK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’

The recent response from the British government to warnings about the looming ransomware threat has sparked criticism, with accusations of adopting an "ostrich strategy" by downplaying the severity of the national cyber threat. Despite alarming assessments from the Joint Committee on the National Security Strategy (JCNSS) regarding the high risk of a catastrophic ransomware attack, the government's formal response has been met with scepticism. Key recommendations, such as reallocating responsibility for tackling ransomware away from the Home Office, were rejected, with the government arguing that its existing regulations and the current National Cyber Strategy were sufficient. This argument has raised concerns about the government's preparedness and resource allocation. With ransomware attacks escalating in the UK, the Committee underscores the urgency for a proactive national security response to mitigate the potentially devastating impacts on the economy and national security.

Source: [The Record Media]

Data Breaches up 72% to New Record High: Cyber Security Incidents Rank as #1 Global Business Threat in 2024

Research conducted by the Identity Theft Resource Center (ITRC) found that 2023 set an all time high in data breaches, 72% more than the prior year. Separately, the Allianz Risk Barometer identified cyber incidents as the biggest global business threat for 2024, ranking above regulatory concerns, climate change and a shortage of skilled workers. It is crucial that the severity of this risk is reflected in the actions taken by organisations, who must effectively govern and implement their cyber security strategy.

Sources: [JDSupra]

Finance Sector Facing Huge Number of Cyber Attacks That Could Leave It On its Knees, Highlights the Need to Build a Robust Security Culture

Cyber security has become a pressing issue on financial institutions due to the rise in cyber attacks, as highlighted by the February attack on Bank of America via a third-party service. The involvement of the LockBit ransomware group underlines the persistent nature of these threats, particularly targeting the financial sector. These attacks disrupt services and undermine trust in the financial system, necessitating robust cyber security frameworks. The new US Securities and Exchange Commission (SEC) rule requiring immediate disclosure of cyber security incidents presents both benefits and challenges, calling for clear guidelines and industry-wide collaboration. BlackBerry’s Global Threat Intelligence Report revealed a staggering million attacks globally in just 120 days last year. These attacks, often using commodity malware, make up almost two-thirds of all industry-related incidents. The 27% increase in novel malware samples highlights the need for improved defences. These findings emphasise the need for AI-driven detection and defence strategies. While critical infrastructure remains a primary focus, commercial enterprises must remain vigilant, with a third of threats targeting various sectors, emphasising the pervasive nature of cyber threats across industries.

Source:[ SC Media] [TechRadar]

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

In a recent revelation, Microsoft disclosed that the Kremlin-backed threat group known as Midnight Blizzard successfully accessed some of Microsoft’s source code repositories and internal systems following a hack in January 2024. The breach, believed to have originally occurred in November 2023, exploited a legacy test account lacking multi-factor authentication by employing a password spray attack. Microsoft assured no compromise to customer-facing systems but warned of ongoing attempts by Midnight Blizzard to exploit stolen corporate email data. The extent of the breach remains under investigation, with concerns raised over the potential accumulation of attack vectors by the threat actor. The incident underscores the escalating sophistication of nation-state cyber threats and prompts a re-evaluation of security measures, highlighting the imperative for robust defences against such adversaries.

Source: [The Hacker News]

Independent Cyber Security Audits Are Powerful Tools for Boards

Board members are increasingly held accountable for their organisation's cyber posture, facing personal liability for lapses. To gain insight and demonstrate proactive leadership, independent cyber security audits have become indispensable. These audits not only aid in regulatory compliance but also uncover blind spots in the organisation's security measures. Recent regulations, such as by  the US Securities and Exchange Commission (SEC) underscore the imperative for robust cyber security oversight at the board level. The audit process involves defining the scope, conducting assessments, validating findings through simulations, and presenting comprehensive reports to leadership. By embracing cyber security audits, boards can fulfil their duty of overseeing and enhancing the organisation's cyber resilience in an ever-evolving threat landscape.

Source: [Bloomberg Law]

Navigating Cyber Security in The Era of Mergers

In today's landscape of frequent mergers and acquisitions (M&A), organisations grapple with the challenge of aligning cyber security measures across subsidiaries, posing a risk to overall security. According to an IBM survey, over one in three executives attribute data breaches to M&A activity during integration. This complexity arises as security teams may lack insight into subsidiary infrastructure, hindering risk assessment and mitigation efforts. Historical incidents like the NotPetya attack on Merck and the Talk Talk hack highlight vulnerabilities post-acquisition, emphasising the need for a proactive approach to subsidiary cyber security. To address these challenges, organisations must conduct comprehensive risk assessments, standardise security protocols, foster collaboration, and consider unified security platforms. By proactively addressing visibility gaps and implementing standardised protocols, organisations can fortify their defences against evolving cyber threats amidst M&A activities.

Source: [Forbes]

Phishing Tactics Evolve as Sophisticated Vishing and Image-based Phishing Take World by Storm

According to a recent report, 76% of organisations were compromised by QR-code phishing in the last 12 months. Along with this, there has also been a rise in the number of sophisticated vishing attacks, with recent attacks costing organisations millions. The introduction of artificial intelligence has only added fuel to this fire already impacting security controls such as call-back procedures. With the tactics of phishing evolving, organisations need to ensure they are up-to-date and that employees are trained effectively to mitigate the risk of these.

Sources: [Help Net Security] [Dark Reading]

Governance, Risk and Compliance

• Cyber Security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Three-Quarters of Cyber Incident Victims Are Small Businesses - Infosecurity Magazine (infosecurity-magazine.com)

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• Still on Top: Cyber Security Incidents Ranked #1 Global Business Threat in 2024 | Dinsmore & Shohl LLP - JDSupra

• Navigating Cyber Security In The Era Of Mergers (forbes.com)

• SMEs invest in tech opportunities but risk missing security safeguards (betanews.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• The CISO Role Is Changing. Can CISOs Themselves Keep Up? (darkreading.com)

• New Risk for Weary CISOs: Becoming the Scapegoat After Cyber Criminals Strike | Corporate Counsel (law.com)

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behavior and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• OODA Loop - How To Properly Cut Your Cyber Security Budget

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

Threats

Ransomware, Extortion and Destructive Attacks

• Sophos: Remote ransomware attacks on SMBs increasing | TechTarget

• UK government’s ransomware failings leave country ‘exposed and unprepared’ (therecord.media)

• Prescribing Security: Why Healthcare Companies Should Take Note of Recent Ransomware Attack | Dinsmore & Shohl LLP - JDSupra

• BianLian Threat Actor Shifts Focus to Extortion-Only Tactics - Infosecurity Magazine (infosecurity-magazine.com)

• Understanding the multi-tiered impact of ransomware. (thecyberwire.com)

• Ransomware tracker: The latest figures [March 2024] (therecord.media)

• Cyber attack costing hospitals millions - The Boston Globe

• British authorities have never detected a breach of ransomware sanctions — but is that good or bad news? (therecord.media)

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

• Businesses leaving their Kubernetes containers exposed to ransomware | TechRadar

• StopCrypt: Most widely distributed ransomware now evades detection (bleepingcomputer.com)

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

Ransomware Victims

• British Library’s legacy IT blamed for lengthy rebuild • The Register

• British Library shares lessons from cyber attack | UKAuthority

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Stanford University failed to detect intruders for 4 months • The Register

• Stanford says data from 27,000 people leaked in September ransomware attack (therecord.media)

• Law Firm Sues MSP Over Black Basta Ransomware Attack | MSSP Alert

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Cancer Clinics Face Cash Crunch After Hack Rocks US Health Care (claimsjournal.com)

• Ransomware Attacks: Death Threats, Endangered Patients and Millions of Dollars in Damages (voanews.com)

• UnitedHealth Sets Timeline to Restore Change Healthcare Systems - Infosecurity Magazine (infosecurity-magazine.com)

• Belgian village whose brewery was hit by cyber attack faces another on its coffee roastery (therecord.media)

• Nissan confirms ransomware attack exposed data of 100,000 people (bleepingcomputer.com)

• Child protection among critical services affected by cyber attack on English council (therecord.media)

• Equilend warns employees their data was stolen by ransomware gang (bleepingcomputer.com)

Phishing & Email Based Attacks

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Image-based phishing tactics evolve - Help Net Security

• Phishing Threats Rise as Malicious Actors Target Messaging Platforms - Security Boulevard

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

• What is phishing? Examples, types, and techniques | CSO Online

• New email standards: what you need to know | TechRadar

Other Social Engineering

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Sophisticated Vishing Campaigns Take World by Storm (darkreading.com)

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

Artificial Intelligence

• AI Poses Extinction-Level Risk, State-Funded Report Says | TIME

• Cyber crime underworld has removed all the guardrails on AI frontier

• Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data (darkreading.com)

• Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data - Security Boulevard

• Cyber attackers are threatening businesses with AI, says Microsoft (qz.com)

• Intelligence officials warn pace of innovation in AI threatens US | CyberScoop

• How advances in AI are impacting business cyber security - Help Net Security

• NCSC Blog - AI and cyber security: what you need to know (techuk.org)

• Are Global Companies Equipped to Tackle Emerging AI-Driven Cyber Threats? New Study Reveals Insights | Cryptopolitan

• 4 types of prompt injection attacks and how they work | TechTarget

• How data poisoning attacks work | TechTarget

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• How to craft a generative AI security policy that works | TechTarget

2FA/MFA

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Keyloggers, spyware, and stealers dominate SMB malware detections - Help Net Security

• SMBs are being hit with more malware attacks than ever, and many can't keep up | TechRadar

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

• Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (bleepingcomputer.com)

• Botnets: The uninvited guests that just won’t leave | CSO Online

• Hackers using Weaponized PDF Files to Deliver Remcos RAT (cybersecuritynews.com)

• RedLine malware top credential stealer of last 6 months | SC Media (scmagazine.com)

• Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT (darkreading.com)

Mobile

• Blog: Why Hackers Love Phones - Keep your Eye on the Device - Security Boulevard

• SIM swappers hijacking phone numbers in eSIM attacks (bleepingcomputer.com)

• PixPirate Android malware uses new tactic to hide on phones (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• French government sites disrupted by très grande DDOS • The Register

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

• RIA: Estonia's state institutions hit by largest cyber attack to date | News | ERR

• The Growing Threat of Application-Layer DDoS Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DDoS attacks reach critical levels in 14 seconds | Security Magazine

Internet of Things – IoT

• Internet of Risks: Cyber Security Risk in the Internet of Things | UpGuard

• Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors - Security Week

• The S in IoT stands for security • The Register

• Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk (darkreading.com)

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

• MiTM phishing attack can let attackers unlock and steal a Tesla (bleepingcomputer.com)

Data Breaches/Leaks

• Data Breaches up 72% From Record High: Cyber Incident Readiness Must be Top of Mind | Epiq - JDSupra

• Jersey regulator's data breach leaks names and addresses - BBC News

• Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware (bleepingcomputer.com)

• Okta denies it was hacked again after data appears on hacking site | TechRadar

• Over 12 million auth secrets and keys leaked on GitHub in 2023 (bleepingcomputer.com)

• French unemployment agency data breach impacts 43 million people (bleepingcomputer.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

Organised Crime & Criminal Actors

• How to Identify a Cyber Adversary: Standards of Proof (darkreading.com)

• How to Identify a Cyber Adversary: What to Look For (darkreading.com)

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Bitcoin Fog mixer operator convicted for laundering $400 million (bleepingcomputer.com)

• US Seizes $1.4 Million in Cryptocurrency From Tech Scammers - Security Week

Insider Risk and Insider Threats

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Insider threats can damage even the most secure organisations - Help Net Security

• Your tech tools won’t save you from cyber threats | TechRadar

• Former Google engineer charged with stealing AI trade secrets | TechTarget

• Meta Sues Former VP After Defection to AI Startup - Infosecurity Magazine (infosecurity-magazine.com)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• Building a Security Culture of Shared Responsibility - Security Boulevard

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

Insurance

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• UK Conservatives Say 'No' to Cyber Insurance Backstop (inforisktoday.com)

Supply Chain and Third Parties

• Play ransomware group stole 65,000 Swiss government files • The Register

• Switzerland’s cyber security experts still can’t Xplain how federal documents made it to the dark web | TechRadar

• Third-Party Breach and Missing MFA Led to British Library Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Industry: Act Now To Secure the Solutions You Offer the Military | AFCEA International

Cloud/SaaS

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• How Not to Become the Target of the Next Microsoft Hack (darkreading.com)

• Cloud Account Attacks Surged 16-Fold in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

• 23andMe sparks rethink about safeguarding data: on-premises vs. hybrid cloud strategies - IT Security Guru

• Cloud security vs. network security: What's the difference? | TechTarget

Encryption

• Building The Defence Sector's Quantum Threat Resilience (forbes.com)

• Are private conversations truly private? A cyber security expert explains how end-to-end encryption protects you (theconversation.com)

Linux and Open Source

• How to Ensure Open Source Packages Are Not Landmines (darkreading.com)

• Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Russian Hackers Are Weaponizing Stolen Microsoft Passwords (claimsjournal.com)

• Overcoming the threat of account takeover fraud (securitybrief.co.nz)

• Dropbox Used to Steal Credentials and Bypass MFA in Phishing Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors leverage document publishing sites for ongoing credential and session token theft (talosintelligence.com)

• LastPass suffers worldwide outage causing site 404 error - 9to5Mac

Social Media

• Crypto phishers stole $47M last month, impersonators on X to blame (cointelegraph.com)

• Meta sues “brazenly disloyal” former exec over stolen confidential docs | Ars Technica

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

Training, Education and Awareness

• New Mimecast report finds cyber criminals capitalise on businesses’ biggest flaw: Human risk - IT Security Guru

• Humans represent the biggest security gap (betanews.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Your tech tools won’t save you from cyber threats | TechRadar

• Weakest links in an age of novel threats | ITPro

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

Regulations, Fines and Legislation

• Everything you need to know about the EU's Cyber Solidarity Act | ITPro

• Cyber Security: European Parliament adopts Cyber Resilience Act at first reading | Practical Law (thomsonreuters.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• The New Hacker Playbook: Weaponizing the SEC’s Cyber Disclosure Rules | Woodruff Sawyer - JDSupra

Models, Frameworks and Standards

• 4 Security Tips From PCI DSS 4.0 Anyone Can Use (darkreading.com)

• Ready for DORA? It applies to you! (cms-lawnow.com)

• Mastering SANS Security Principles: A Deep Dive (informationsecuritybuzz.com)

Backup and Recovery

• Immutability: A boost to your security backup (betanews.com)

Data Protection

• EU’s use of Microsoft 365 found to breach data protection rules | TechCrunch

• How do you lot feel about Pay or OK model, ICO asks Brits • The Register

Careers, Working in Cyber and Information Security

• Half of firms struggling to hire cyber security experts (securitybrief.co.nz)

• UK Council's Vision: Set High Standards in Cyber Security (govinfosecurity.com)

• How to Battle Cyber Security Burnout and Protect Your People | Entrepreneur

• Cyber security skills gap and boardroom blindness invite hacker havoc | TechRadar

• Broke Cyber Pros Flock to Cyber Crime Side Hustles (darkreading.com)

• How To Overcome The Machismo Problem In Cyber Security (forbes.com)

Law Enforcement Action and Take Downs

• The effects of law enforcement takedowns on the ransomware landscape - Help Net Security

• Member of LockBit ransomware group sentenced to 4 years in prison | Ars Technica

• WEF effort to disrupt cyber crime moves into operations phase • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Nation State Actors

China

• TikTok Ban Raises Data Security, Control Questions (darkreading.com)

• Five Eyes publish report on Volt Typhoon. Volt Typhoon targets emergency management services in the US. (thecyberwire.com)

• Chinese company at the centre of Biden's US port crane order denies it's a security threat | Fortune Asia

• Lithuania security services warn of China's espionage against the country (securityaffairs.com)

• Chinese Cyber Crime: Discretion Is the Better Part of Valor (databreachtoday.co.uk)

• US Army intelligence analyst charged with selling classified military information to China - BBC News

• Chinese spies want to steal IP by backdooring safe locks • The Register

• Experts Say Chinese Safes Pose Risks to US National Security (inforisktoday.com)

Russia

• Microsoft says Russian hackers stole source code after spying on its executives - The Verge

• Microsoft says Russian hackers breached its systems, accessed source code (bleepingcomputer.com)

• Microsoft: Russians are using stolen information to breach company’s systems (therecord.media)

• Microsoft says it hasn't been able to evict Russian state hackers | AP News

• Why Cyber Attacks on Ukrainians Aren’t Working the Way Russia Expected - Carnegie Endowment for International Peace

• Kremlin accuses US of plotting election-day cyber attack • The Register

• Major operation under way to identify source of Russian attack that 'jammed signals' on... - LBC

• First-ever South Korean national detained for espionage in Russia (securityaffairs.com)

• Alabama Under DDoS Cyber Attack by Russian-Backed Hacktivists (darkreading.com)

North Korea

• Japan Blames North Korea for PyPI Supply Chain Cyber Attack (darkreading.com)

Vulnerability Management

• How to Streamline the Vulnerability Management Life Cycle - Security Boulevard

• Researchers expose Microsoft SCCM misconfigs usable in cyber attacks (bleepingcomputer.com)

• Former CISA Dir. Krebs on cyber threats: Microsoft and others are 'hanging on by a thread' right now (cnbc.com)

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

Vulnerabilities

• Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws (thehackernews.com)

• Adobe Patches Critical Flaws in Enterprise Products - Security Week

• Major CPU, Software Vendors Impacted by New GhostRace Attack - Security Week

• Critical Fortinet flaw may impact 150,000 exposed devices (bleepingcomputer.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• SAP Patches Critical Command Injection Vulnerabilities - Security Week

• Cisco addressed severe flaws in its Secure Client (securityaffairs.com)

• 5M WordPress Websites At Risk Amid LiteSpeed Plugin Flaw - Security Boulevard

• New cyber crime crew Magnet Goblin caught exploiting Ivanti • The Register

• Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory (darkreading.com)

• CISA confirms compromise of its Ivanti systems | TechTarget

• Threat actors breached two crucial systems of the US CISA (securityaffairs.com)

• Researchers found multiple flaws in ChatGPT plugins (securityaffairs.com)

• QNAP warns its NAS devices are facing a critical security flaw — but a patch is available, so update now | TechRadar

• Exploited Building Access System Vulnerability Patched 5 Years After Disclosure - Security Week

Tools and Controls

• Independent Cyber Security Audits Are Powerful Tools for Boards (bloomberglaw.com)

• NSA's Zero-Trust Guidelines Focus on Segmentation (darkreading.com)

• NSA Launches Top 10 Cloud Security Mitigation Strategies - Infosecurity Magazine (infosecurity-magazine.com)

• Expert Cyber Security Strategies For Protecting Remote Businesses (forbes.com)

• Staff training far more cost-effective than going through a cyber compromise – Canadian Centre for Cyber Security | Calgary Herald

• Guide: On-Prem is Dead. Have You Adjusted Your Web DLP Plan? (thehackernews.com)

• 10 cloud security tips every IT leader should know | ITPro

• Cyber Insurance Strategy Requires CISO-CFO Collaboration (darkreading.com)

• How enterprises can tackle risky cyber security behaviour and improve workforce resilience | ITPro

• More Critical Than Ever: Cyber Risk "Tabletop Exercises" in the AI Infused Workplace | Epstein Becker & Green - JDSupra

• Cloud security vs. network security: What's the difference? | TechTarget

• Immutability: A boost to your security backup (betanews.com)

• MDR Metrics that Matter – From Analysts to the Board of Directors | Binary Defense

• How teams can improve incident recovery time to minimize damages - Help Net Security

• New email standards: what you need to know | TechRadar

• Creating Security Through Randomness (darkreading.com)

• AI and the future of corporate security - Help Net Security

Reports Published in the Last Week

• The State of Email & Collaboration Security 2024 | Mimecast

Other News

• The rise of cyber attacks on financial institutions highlight the need to build a security culture   | SC Media (scmagazine.com)

• Finance sector facing huge amount of cyber attacks that could leave it on its knees | TechRadar

• French state services hit by cyber attacks of 'unprecedented intensity' (france24.com)

• US Intelligence Predicts Upcoming Cyber Threats for 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Better Safe Than Sorry: Making Cyber Security a Priority | HealthLeaders Media

• How Dangerous Is the Cyber Attack Risk to Transportation? (securityintelligence.com)

• Pi Day: How Hackers Slice Through Security Solutions - Security Boulevard

• 78% of MSPs state cyber security is a prominent IT challenge | Security Magazine

• No, 'Leave the World Behind' and 'Civil War' Aren’t Happening Before Your Eyes | WIRED

• Maritime cyber security: threats and challenges - Port Technology International

• What resources do small utilities need to defend against cyber attacks? | CyberScoop

• 10 free cyber security guides you might have missed - Help Net Security

• Using the wrong font could be a major security problem — and possibly not for the reason you might think | TechRadar

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

UK Ministers Publicly State Fears of Potential Widescale Power Grid Disruptions

The UK’s power network has long been an attractive target for enemies of the state and that remains true today. In fact, according to the UK Government, the risk of the whole country’s electricity system being shut down is growing. So are the dangers to citizens if it happens.

The UK’s National Risk Register, the official document assessing 89 different possible threats to the country, explains that a cyber attack on the National Grid could be launched by culprits “encrypting, stealing or destroying data upon which critical systems depend, or via disruption to operational systems”.

Source: [iNews]

Countries Brace for Influence Operations, AI and Hacking Campaigns Ahead of Historic 2024 Election Year, Could Upset World Balance

Billions of people around the world are expected to go to the polls and vote in 2024, in what will be the most significant election year in recent memory, and cyber security and government officials have already warned about countries using technology to influence operations. This includes disinformation campaigns and hacking attempts. Officials have further warned that artificial intelligence will likely be used to fuel such campaigns.

Sources: [The Record] [Security Affairs]

The Most Popular Passwords of 2023 are Easy to Guess and Crack

NordPass released a list of the top 200 common passwords recently, which included “123456” and “admin” as the top two. Of particular note, the top 40 passwords were all deemed to take less than 12 seconds to crack, or could be determined by an actor with no knowledge of the password. Many people would argue that there are so many passwords needed these days that it becomes hard to remember, hence their choice of easier passwords, and often reusing or recycling them across multiple sites and services. The use of a password manager can greatly reduce this need, requiring the user to only remember one password whilst also allowing for more complex and harder to crack passwords.

Source: [gHacks]

Dangerous Malware Pretends to be Some of Your Most Used Business Software

Hackers are using an old form of banking malware, known as Carbanak, to launch damaging ransomware attacks. Hackers are using compromised websites to host the malware, impersonating popular business-related software such as HubSpot, Veeam, or Xero.

Source: [TechRadar]

MFA Helps You Stay Resilient, But Nothing is a Silver Bullet

Multi-factor authentication (MFA) is a great resource for improving your organisation’s cyber resilience, but no technology is 100% secure and the human element will nearly always remain. With notable security breaches bypassing MFA to compromise organisations including Uber, games company EA, and authentication business Okta, organisations need to be aware that it is a possibility. As such, organisations need to ensure they implement MFA effectively and educate their users in their implementation; even the strongest of controls are rendered useless if they can be bypassed with one social engineering phone call.

Source: [Help Net Security]

Ransomware Leak Site Victims Reached Record-High in November

Corvus Threat Intel observed 484 new ransomware victims posted to leak sites in November. This represents a 39% increase from October and a 110% increase compared with November 2022. Further, this is the eleventh consecutive month in which there has been a year-on-year increase in ransomware victims, and the ninth with a victim count over 300.

Source: [Infosecurity Magazine]

MOVEit, Capita, CitrixBleed and More: The Biggest Data Breaches of 2023

2023 was a colossal year for data breaches, with the likes of MOVEit, Capita, Citrix, Royal Mail, MGM resorts and 3CX among some of the most significant victims. Such attacks have involved a number of vectors, such as file transfer vulnerabilities, social engineering, supply chain attacks and zero-day exploits. The result? Millions of people’s data compromised, and hundreds of millions paid out to attackers; the attack on MGM resorts alone is reported to have costed upwards of $100 million.

Source: [TechCrunch]

Europol Warns 443 Online Shops Infected with Credit Card Stealers

Europol has notified over 400 websites that their online shop had been hacked, with malicious scripts that steal card information from paying customers. The scripts are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses, which are then uploaded to an attacker. This information is then used, or sold on the dark web to be used. Unfortunately, some of these attacks can go undetected for weeks or even several months.

Source: [Bleeping Computer]

Physical Access Systems Open Door to IT Networks

Cyber attackers can exploit access control measures installed on supposedly secure facility doors to gain unauthorised building access to sensitive locations, as well as breach internal IP networks directly from these systems, research has shown. At a recent leading security conference, analysts demonstrated this is an attack. Assets such as these can often be forgotten about and therefore omitted from protections, highlighting the need for organisations to have an up to date and accurate asset register.

Source: [Dark Reading]

Simple Hacking Techniques Prove Successful in 2023 Cyber Attacks

Hacking can be sophisticated, but often it is not sophisticated at all. Some of the biggest hacks this year started with what seemed like an innocent phone call, but which in fact were fairly simple social engineering attacks. Additionally, hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. The best first step to protect an organisation is to establish a culture of good cyber security hygiene across people, operations and technology.

Source: [Pymnts]

Daily Malicious Files Rise to 411,000 a day in 2023

Cyber criminals unleashed an average of 411,000 malicious files every day in 2023, representing a 3% increase from the previous year, according to Kaspersky. Malicious desktop files in particular rose by 53%. Cyber criminals favoured Microsoft Office services’ vulnerabilities, which represented 69% of all exploited vulnerabilities.

Source: [Infosecurity Magazine]

Android Malware Actively Infecting Devices to Take Full Control

Android Malware is actively being used to take control of devices for illicit purposes, such as stealing sensitive information and enabling remote attacks, and least 327,000 devices are reported to have been infected with such malware. Research has found that amongst the most targeted countries are the UK and US. Often, for the malware to work, users need to allow it access to information such as contacts, email. In some cases, the user would only be aware they have consented if they were to manually check the apps settings. For organisations, this can mean employees bringing personal or work phones into the corporate environment, with malware potentially along for the ride.

Source: [GBhackers]

Governance, Risk and Compliance

• Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)

• Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)

• 8 big IT failures of 2023 | CIO

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Leak Site Victims Reached Record-High in November - Infosecurity Magazine (infosecurity-magazine.com)

• Rethinking data security in the age of ransomware and AI - SiliconANGLE

• Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)

• Do the casino ransomware attacks make the case to pay? • The Register

• Windows CLFS and five exploits used by ransomware operators | Securelist

• Cyber crime experts reveal how to infiltrate ransomware gangs • The Register

• How ransomware operators try to stay under the radar | Malwarebytes

• How many times are you going to think about ransomware in 2024? (betanews.com)

• The Most Dangerous People on the Internet in 2023 | WIRED

Ransomware Victims

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

• Lockbit ransomware disrupts emergency care at German hospitals (bleepingcomputer.com)

• Integris Health patients get extortion emails after cyber attack (bleepingcomputer.com)

• Ransomware Group Claims 100 Gb of Data Stolen From Nissan Australia - Security Week

• Indian IT services giant HCL Technologies hit by ransomware | TechRadar

• LockBit gang claims to have breached accountancy firm Xeinadin (securityaffairs.com)

• Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)

• Australia’s Largest Auto Dealer Group Hit By Massive Cyber Attack | Carscoops

• After cyber attack, New York hospitals find stolen patient info stored in Massachusetts, look for its return (databreaches.net)

Artificial Intelligence

• Elections 2024, Artificial Intelligence could upset world balances (securityaffairs.com)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

• H2 2023 Threat Landscape Dominated by AI and Android Spyware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week

• Rethinking data security in the age of ransomware and AI - SiliconANGLE

• Largest Dataset Powering AI Images Removed After Discovery of Child Sexual Abuse Material (404media.co)

• GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)

• Why data, AI, and regulations top the threat list for 2024 - Help Net Security

• 5 Ways that AI Is Set To Transform Cyber Security (informationweek.com)

• The Emerging Landscape of AI-Driven Cyber Security Threats: A Look Ahead - Security Week

• Skynet Ahoy? What to Expect for Next-Gen AI Security Risks (darkreading.com)

• Ethical Implications of AI in Cyber Security | HackerNoon

2FA/MFA

• 3 main tactics attackers use to bypass MFA - Help Net Security

Malware

• Carbanak Banking Malware Resurfaces with New Ransomware Tactics (thehackernews.com)

• This dangerous malware pretends to be some of your most-used business software tools, so watch out | TechRadar

• Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)

• Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware (thehackernews.com)

• This growing malware threat actor is set to unleash a surge of attacks, experts warn | TechRadar

• 'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick (darkreading.com)

• Microsoft disables MSIX protocol handler abused in malware attacks (bleepingcomputer.com)

• UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)

• New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices (thehackernews.com)

• Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)

• Fake VPN Chrome extensions force-installed 1.5 million times (bleepingcomputer.com)

• Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - Security Week

• Daily Malicious Files Soar 3% in 2023, Kaspersky Finds - Infosecurity Magazine (infosecurity-magazine.com)

• Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)

• New Rugmi Malware Loader Surges with Hundreds of Daily Detections (thehackernews.com)

• Game mod on Steam breached to push password-stealing malware (bleepingcomputer.com)

• How the new Instegogram threat creates liability for organisations | CSO Online

Mobile

• TikTok makes users give iPhone passwords, reasons unclear (nypost.com)

• 'Most sophisticated' iPhone attack chain 'ever seen' used four 0-days to create a 0-click exploit - 9to5Mac

• Android Malware Actively Infecting Devices to Take Full Control (gbhackers.com)

• Chameleon Android Malware Can Bypass Biometric Security - Security Week

• H2 2023 Threat Landscape Dominated by AI and Android Spyware - Infosecurity Magazine (infosecurity-magazine.com)

• Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking (engadget.com)

• SMS Scams Set to Peak on Saturday in UK - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Essential DDoS statistics for understanding attack impact - Help Net Security

• How to Prepare for DDoS Attacks During Peak Business Times (darkreading.com)

• In Cyber Security and Fashion, What's Old Is New Again (darkreading.com)

Internet of Things – IoT

• Tech gifts you shouldn’t buy your family and friends for the holidays | TechCrunch

• Physical Access Systems Open Door to IT Networks (darkreading.com)

• Ho Ho Home For Christmas? Tips For Avoiding Tech Terrors This Festive Season - IT Security Guru

Data Breaches/Leaks

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

• Mortgage firm LoanCare warns 1.3 million people of data breach (bleepingcomputer.com)

• Real estate agency exposes details of 690k customers (securityaffairs.com)

• First, Rockstar Games Got Hacked, Then Sony's Insomniac, and now Ubisoft… Who's Next? - autoevolution

• Insomniac Games Releases Statement Over Recent Cyber Attack - Gameranx

• Ubisoft says it's investigating reports of a new security breach (bleepingcomputer.com)

• Rockstar Employee Details Reportedly Leaked By Hackers (thegamer.com)

• Inmate, Staff Information Stolen in Rhode Island Prison Data Breach - Security Week

• Mint Mobile discloses new data breach exposing customer data (bleepingcomputer.com)

• Hackers steal customer data from Europe’s largest parking app operator | Hacking | The Guardian

• Yakult Australia confirms 'cyber incident' after 95 GB data leak (bleepingcomputer.com)

• CBS, Paramount owner National Amusements says it was hacked | TechCrunch

• Panasonic discloses data breach after December 2022 cyber attack (bleepingcomputer.com)

• Customers warned after major car dealership group Eagers Automotive hacked | The West Australian

• Cyber Attacks Impacts Two Major Australian Companies Including Leaked Passports | The Epoch Times

• After cyber attack, New York hospitals find stolen patient info stored in Massachusetts, look for its return (databreaches.net)

Organised Crime & Criminal Actors

• Simple Hacking Techniques Prove Successful in Cyber Attacks (pymnts.com)

• Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch

• Convicted Thief Reveals Cyber Crime Tactics - DevX

• The Most Dangerous People on the Internet in 2023 | WIRED

• Meet the cyber criminals of 2023 | TechCrunch

• Hacking or Social Engineering? What You Need to Know to Keep Yourself Safe | HackerNoon

• 3 Clues That Hackers May Know More About Your Business Than You Do | Inc.com

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers stole $2 billion in crypto in 2023, data shows | TechCrunch

• Biggest Crypto Exploits and Hacks of 2023 - Decrypt

• Kyber Network Forced to Slash Staff by 50% After $46,500,000 Exploit, According to CEO - The Daily Hodl

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

• Hacking group Pink Drainer strikes again, pilfering $4.4M from just 1 victim (cointelegraph.com)

Supply Chain and Third Parties

• Third-party issues disrupt 45% of firms despite cyber security spends (securitybrief.co.nz)

• MOVEit, Capita, CitrixBleed and more: The biggest data breaches of 2023 | TechCrunch

Cloud/SaaS

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Data security and cost are key cloud adoption challenges for financial industry - Help Net Security

• The Future of Hybrid Cloud: What to Expect in 2024 and Beyond (techtarget.com)

Encryption

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

Linux and Open Source

• Warning: Poorly Secured Linux SSH Servers Under Attack for Cryptocurrency Mining (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• US water utilities were hacked after leaving their default passwords set to ‘1111,’ cyber security officials say (databreaches.net)

• The most popular passwords of 2023 are easy to guess and crack - gHacks Tech News

• Malicious GPT Can Phish Credentials, Exfiltrate Them to External Server: Researcher - Security Week

Social Media

• The Most Dangerous People on the Internet in 2023 | WIRED

• How the new Instegogram threat creates liability for organisations | CSO Online

Regulations, Fines and Legislation

• Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)

• Why data, AI, and regulations top the threat list for 2024 - Help Net Security

• Europe classifies three adult sites as worthy of its toughest internet regulations • The Register

• Countering Cyber Mercenaries | directions blog

• 5 US cyber security compliance deadlines in 2024 | SC Media (scmagazine.com)

• EU updates product liability regime to include software, Artificial Intelligence – EURACTIV.com

Models, Frameworks and Standards

• The US Department of Defence Releases Proposed CMMC Rule | Blank Rome LLP - JDSupra

Backup and Recovery

• 8 big IT failures of 2023 | CIO

Data Protection

• Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024 (darkreading.com)

Careers, Working in Cyber and Information Security

• Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers (darkreading.com)

• Top Tips from CISOs for CISOs - Infosecurity Magazine (infosecurity-magazine.com)

• How leaders can look after information security professionals | ITPro

• Building Mental Resilience: A CISO's Journey - GovInfoSecurity

• What Does the Future Hold for Today’s Cyber Security Leaders? (huntress.com)

• Will the Cyber Skills Gap Continue to Grow in 2024? - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• Countering Cyber Mercenaries | directions blog

• Cyber crime experts reveal how to infiltrate ransomware gangs • The Register

Misinformation, Disinformation and Propaganda

• Countries brace for influence operations, hacking campaigns ahead of historic 2024 election cycle (therecord.media)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Ministers fear a cyber attack cutting all our electricity – this is why (inews.co.uk)

• Countries brace for influence operations, hacking campaigns ahead of historic 2024 election cycle (therecord.media)

• How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)

• Justice Secretary in Deepfake General Election Warning - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

China

• Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day - Security Week

• Chinese Spy Agency Rising to Challenge the CIA - The New York Times (nytimes.com)

Russia

• Ukrainian remote workers targeted in new espionage campaign (therecord.media)

• UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware (thehackernews.com)

• Russian firms subjected to new cyber espionage campaign | SC Media (scmagazine.com)

• Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies (thehackernews.com)

• Moldova establishes National Cyber Security Agency with help of Estonia's e-Governance Academy (baltictimes.com)

• Inside the World of Deep-Cover Russian Spies Who Are Infiltrating the West (businessinsider.com)

• Russian military hackers target Ukraine with new MASEPIE malware (bleepingcomputer.com)

Iran

• Iran's 'Peach Sandstorm' Cyber Attackers Target Global Defence Network (darkreading.com)

• Israel and Iran are waging a cyber war in the shadows - opinion - The Jerusalem Post (jpost.com)

• A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes

North Korea

• Kimsuky Group Using Weaponized file Deploy AppleSeed Malware (cybersecuritynews.com)

• Kim Jong Un Expected To Conduct Military, Cyber Attacks During US Elections - Benzinga

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Apple reportedly faces pressure in India after sending out warnings of state-sponsored hacking (engadget.com)

Vulnerability Management

• 'Tis the Season to Secure: How CVEs Are the Grinch for Cyber Security | HackerNoon

Vulnerabilities

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (securityaffairs.com)

• CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - Security Week

• 'Most sophisticated' iPhone attack chain 'ever seen' used four 0-days to create a 0-click exploit - 9to5Mac

• Google Releases Eighth Zero-Day Patch of 2023 for Chrome (darkreading.com)

• Windows CLFS and five exploits used by ransomware operators | Securelist

• Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers (bleepingcomputer.com)

Tools and Controls

• Physical Access Systems Open Door to IT Networks (darkreading.com)

• Even cyber security pros don't fully trust AI just yet | TechRadar

• GenAI Tools Will Permeate All Areas of the Enterprise (darkreading.com)

• Verification roadblocks cause frustration for digital nomads - Help Net Security

• Can AI Protect Against Modern Cyber Attacks? | MSSP Alert

• Strengthening Resilience: Navigating the Cyber Security Landscape (darkreading.com)

• API security in 2024: Predictions and trends - Help Net Security

Other News

• Domain Name Security Challenges - DataBreachToday

• 5 Things You Can Do Today to Prepare for 2024’s Security Threats (informationweek.com)

• 8 big IT failures of 2023 | CIO

• Pensions Regulator publishes updated cyber security guidance for trustees | Mayer Brown - JDSupra

• All I really need to know about cyber security, I learned in kindergarten (venturebeat.com)

• New insights into the global industrial cyber security landscape - Help Net Security

• NASA Releases First Space Cyber Security Best Practices Guide (inforisktoday.com)

• Unveiling the true cost of healthcare cyber security incidents - Help Net Security

• NCSC highlights cyber risk to cultural sector | UKAuthority

• Hackers see wealth of information to steal in kids' school records (cnbc.com)

• A cyber attack targets Albanian Parliament’s data system, halting its work | Stars and Stripes

• How Cyber Criminals Will Sway 2024 US Elections, Or Try To (darkreading.com)

• Post-pandemic Cyber Security: Lessons from the global health crisis (att.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public

A new Qualys report reveals that less than 1% of vulnerabilities are responsible for the greatest damage, and a quarter of high-risk vulnerabilities are now being exploited within a day of disclosure. In 2023, a record-breaking 26,000 vulnerabilities have been identified so far, emphasising the need for organisations to accelerate their response times. High-risk vulnerabilities, particularly in network devices and web applications, are the main targets for attackers seeking unauthorised access or privilege escalation. This situation underscores the critical need for organisations to implement a multi-layered defence strategy, automate patching where appropriate especially in areas of critical infrastructure, and adopt zero-trust principles to safeguard against such swift and potent cyber threats.

Sources: [SiliconANGLE] [SC Media]

Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 million Times Per Day

Nearly three quarters of cyber-attacks across the UK in 2023 targeted technology frequently used for remote working, new data from Coalition has revealed.

Attackers frequently target Remote Desktop Protocol (RDP), a tool that lets users access office computers from home, as it grants the attacker quick access to devices and allows them to execute further attacks.

Honeypot sensors maintained by Coalition have recorded 5.8 billion attacks so far in 2023, averaging around 17 million attacks per day. Of these it was found that 76% of attacks targeted RDP.

Attackers exploit RDP vulnerabilities that often stem from simple configuration mistakes. By taking steps like disabling unnecessary remote access or tightening controls, companies can help shield themselves from these pervasive threats.

Sources: [Insurance Times] [TechRadar] [Infosecurity Magazine]

Why Employees Are a Bigger Security Risk than Hackers

In today's interconnected world, the spotlight is often on cyber criminals attacking from outside, but a worrying trend points inward. A recent study by Imperva reveals that insiders pose a significant threat, being behind 58% of security incidents. The incidents are a mixture of deliberate misuse and accidents, however the majority of organisations lack a strategy to combat these risks. Even when strategies exist, they may be undermined by employees bypassing IT protocols or due to the pressures of adapting to new technologies. With insider incidents on the rise by 47% in two years, the costs are too great to ignore.

Source: [Raconteur]

77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks

Cyber attacks are more prevalent in the financial services sector than in any other industry. Last year, 77% of financial institutions were targeted, primarily through phishing and ransomware attacks. After financial services the second most targeted sector is healthcare. Both types of institutions are attractive targets not only because of their wealth of sensitive data but also because disruptions to their operations can lead to substantial ransom payments. They face increasingly sophisticated threats and the financial impact is significant, with approximately a quarter of these institutions estimating damages of at least $50,000. To mitigate these risks organisations are turning to cyber insurance, which necessitates further tightening of security practices, including identity and access management, to meet insurers’ stringent standards.

The healthcare sector reported over 179,000 cyber attacks in a single quarter, affecting entities globally. The primary threats were infostealers and ransomware. There have been scores of notable incidents where hospitals have been shut down or otherwise unable to operate. In many cases, this resulted in closing emergency departments, interfering with planned or emergency surgeries and forcing ambulances to divert to other hospitals, potentially causing life threatening delays. Further, a recent report analysing the enterprise risk management for the financial sector found that the two biggest concerns were rising interest rates at 74% and ransomware attacks at 65%.

Sources: [Security Magazine] [MSSP Alert] [PR NewsWire] [Security Magazine]

New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes

A new report has unveiled the escalating threat posed by phishing emails, as detected by DMARC software. In the past year, there's been a 70% rise in emails flagged as fraudulent, with almost 18% of total email traffic in the first half of 2023 being intercepted as potential phishing attempts. This surge underscores a pressing need for robust email security measures. Simple yet effective tools like DMARC, which automatically weeds out emails impersonating legitimate domains, are becoming critical in the fight against these sophisticated scams. With the average cost of a cyber attack now well into the millions, and given the high click rates on phishing emails, it is clear that taking proactive steps to strengthen an organisations digital defence is not just sensible, it is essential for safeguarding the businesses in the digital age.

Source: [Dark Reading]

Threat Actors Still Exploiting Old Unpatched Vulnerabilities

A report by Cisco has found that the most targeted vulnerabilities this year, same as previous years, were old unpatched vulnerabilities which should have been fixed a long time ago. Some of these security gaps in widely-used applications like Microsoft Office and or within versions of Windows itself are over a decade old. Unpatched vulnerabilities can leave systems open to exploitation, potentially leading to unauthorised access, data breaches, and widespread security incidents, including being a key enabler of ransomware attacks. This highlights an urgent call to action for organisations to patch known vulnerabilities and secure user accounts to fortify their defences against cyber threats.

Source: [IT Business]

Many Organisations Still Lack Formal Cyber Security Training

As we navigate into 2024, a new report by the SANS Institute found that more than 30% of organisations do not regularly perform cyber readiness exercises, while 40% have yet to establish formal training for cyber security. These findings underline a gap between the need for robust security measures and actual preparedness. On a positive note, most organisations are adopting frameworks like the NIST CSF to shape their security posture, and two-thirds are actively using metrics to gauge the effectiveness of their security operations. Yet, there’s a call to action here: for real progress, intentional investment and commitment to comprehensive training and stringent security operations are non-negotiable. This is the path to mature security operations that can withstand the complexities of today’s cyber threats.

Source: [Security Brief]

Addressing the Growing Threat of Supply Chain Cyber Attacks

As businesses become more interconnected through digital supply chains, supply chain cyber attacks are becoming more of a pressing issue for organisations. The attackers tend to exploit weaknesses in third-party suppliers, often with less guarded entry points, to access larger networks. With companies increasingly outsourcing and using cloud adoption, the need for stringent third-party cyber risk assessments is vital. However, complexities arise with the shared responsibility model for cloud security, where setting out the division of security duties between cloud service providers and clients can blur lines of defence. To tackle these challenges, integration of cyber security into procurement and supply chain processes is essential. This means enforcing collaboration between procurement and cyber security teams, mandating security standards in vendor contracts, and utilising automated tools for continuous risk assessments. Safeguarding modern supply chains is no longer a siloed task but a strategic, organisation wide imperative.

Source: [HackerNoon]

Cyber Incident Costs Surge 11% as Budgets Remain Muted

A new report found an 11% jump in the direct costs of a significant cyber incident, now averaging $1.7 million. The burden is even heavier for those without cyber insurance, with costs escalating to $2.7 million per incident. Cyber risks like fraud, third-party breaches, and data theft remain prevalent. Despite these increasing threats, cyber security budgets have grown modestly and are not keeping pace with the increased level of threat. The report also highlights a concerning gap in understanding cyber threats and a lack of internal training, emphasising the critical need for not just financial investment, but also a deeper engagement with cyber security training and awareness within organisations.

Source: [Infosecurity Magazine]

Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?

The escalating cyber threats against critical infrastructure, like recent attacks on water authorities, highlight an urgent security concern. These attacks, which are often state-sponsored, are not just targeting financial or data assets but are striking at essential services vital to human survival. The tactics used in these attacks, known as Intelligence Preparation of the Battlefield (IPB), are aimed at weakening a nation by disrupting services like power and water, key to both civil stability and military operations. Nations like Russia, China, and Iran employ these strategies for different purposes, ranging from strategic military advantages to ideological victories. The use of ransomware, as seen in the increasing incidents reported by the FBI, is a tool for both financial gain and geopolitical disruption. As we face these multifaceted threats, the need for robust cyber security measures to protect our critical infrastructure has never been more pressing. It is a call to action for nations and organisations alike to fortify their defences against these evolving and serious cyber threats.

Source: [SC Media]

UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals

The UK government is considering new regulations aimed at enhancing the security and resilience of data centres. The Department for Science, Innovation and Technology (DSIT) recognises the vital role of these data hubs and is examining the adequacy of current safety practices. With the identification of varying levels of security across the sector, the prospect of legislating minimum security standards is on the table. This may include establishing a regulatory body to oversee incident reporting and risk mitigation strategies, particularly for third-party service providers. These measures underscore the government's commitment to safeguarding data centres, which are increasingly integral to the UK's economic vitality and national security. As part of a broader initiative, the sector could be designated as critical national infrastructure, aligning it with international best practices and ensuring comprehensive protection from cyber threats and other risks.

Source: [ITPro]

Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management

Cyber criminals are escalating their tactics and becoming more aggressive in their effort to maximise disruption and compel the payment of ransom demands. Earlier this year, the ransomware group ALPHV exploited the new US data breach disclosure rules by filing a complaint with the US Securities and Exchange Commission (SEC) against a victim company for not reporting an alleged significant data breach. This marks a strategic evolution from traditional ransomware attacks, where data is encrypted and held hostage, to more nuanced extortion schemes. Such tactics are becoming more sophisticated, with triple extortion attacks threatening not just the target company but also their partners and clients. This shift from encryption to pure extortion requires a fresh understanding of cyber threats and a re-evaluation of defence strategies. It highlights the urgent need for businesses to protect not just their own data but also to consider the security of their entire data supply chain.

Source: [TechCrunch]

Governance, Risk and Compliance

• Cyber Incident Costs Surge 11% as Budgets Remain Muted - Infosecurity Magazine (infosecurity-magazine.com)

• Three Tech Budget Implementations To Help Optimize Your Resources (forbes.com)

• New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• Healthcare and Finance Suffer Most Cyber Attacks | MSSP Alert

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Level of cyber security: the new key indicator of a company's performance | TechRadar

• Managing cyber security risk during challenging economic times (techinformed.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• The year in cyber security: 6 stories to read from 2023 | World Economic Forum (weforum.org)

• After-Incident Reports Turn Breaches Into Security Blueprints (pymnts.com)

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Why extortion is the new ransomware threat | TechCrunch

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• FBI: ALPHV ransomware raked in $300 million from over 1,000 victims (bleepingcomputer.com)

• Ransomware attacks hit new record in November :: Insurance Day

• Ransomware attacks on the rise in the UK (itsecuritywire.com)

• UK at High Risk of ‘Catastrophic’ Cyber Attack Affecting Critical Infrastructure: Report (insurancejournal.com)

• Ransomware surges, despite aggressive defences | SC Media (scmagazine.com)

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• Double-Extortion Play Ransomware Strikes 300 Organisations Worldwide (thehackernews.com)

• Ransomware trends and recovery strategies companies should know - Help Net Security

• Ransomware Attacks in November Rise 67% From 2022 (darkreading.com)

• 10 of the biggest ransomware attacks in 2023 | TechTarget

• BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign (securityaffairs.com)

• ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime - Infosecurity Magazine (infosecurity-magazine.com)

• CISA releases Play ransomware guidelines | Security Magazine

• US and Australia Warn of Play Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Devices (and ransomware) are everywhere: How endpoint security must adapt | SC Media (scmagazine.com)

• Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (thehackernews.com)

• Ransomware gangs are increasingly turning to remote encryption, and that's a huge problem | TechRadar

• FBI Develops Decryption Tool That Could Tackle Casino Attacks (sbcamericas.com)

Ransomware Victims

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Ransomware gang behind threats to Fred Hutch cancer patients (bleepingcomputer.com)

• Delta Dental of California data breach exposed info of 7 million people (bleepingcomputer.com)

• Seattle cancer centre confirms cyber attack after ransomware gang threats (therecord.media)

• France International Schools Agency Impacted by Ransomware Hack - Bloomberg

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Attack Slams The North Face and Vans Owner, Shares Plunge - The Messenger

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• MongoDB shares fall on cyber security incident By Investing.com

• 2.7M medical records exposed in double-extortion ransomware attack | SC Media (scmagazine.com)

• Nearly 3 million affected by ransomware attack on medical software firm (therecord.media)

• Title insurance giant First American offline after cyber attack (bleepingcomputer.com)

• St Vincent’s Health Australia says data stolen in cyber attack (yahoo.com)

• Kansas City-area hospital transfers patients, reschedules appointments after cyber attack (therecord.media)

• Ransomware cyber attack hits Milton Town School District (databreaches.net)

• The ransomware attack on Westpole is disrupting digital services for Italian public administration (securityaffairs.com)

Phishing & Email Based Attacks

• Generative AI is making phishing attacks more dangerous | TechTarget

• New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes (darkreading.com)

• Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - Security Week

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Artificial Intelligence

• Generative AI is making phishing attacks more dangerous | TechTarget

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• 'Unintended harms' of generative AI are national security risk to UK (techmonitor.ai)

• Unequal Risk, Unequal Reward: How Gen AI disproportionately harms countries (ox.ac.uk)

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• Security Researchers: ChatGPT Vulnerability Allows Training Data to be Accessed by Telling Chatbot to Endlessly Repeat a Word - CPO Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• How AI is weaponized for cyber attacks (betanews.com)

• Why 'dark AI' is a top cyber security concern for 2024 | Pension Times

• The cyber security arms race: AI vs. AI | TechRadar

• How AI Is Shaping the Future of Cyber Crime (darkreading.com)

• 4 ways CISOs can manage AI use in the enterprise | CIO

2FA/MFA

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malware

• New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks (thehackernews.com)

• Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges (thehackernews.com)

• Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• Windows and macOS targeted by new Go-based malware | TechRadar

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• Over 10K downloads amassed by malicious PyPi packages | SC Media (scmagazine.com)

• Info stealers and how to protect against them (securityaffairs.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Scam 'missed parcel' SMS messages: advice on avoiding malware - NCSC.GOV.UK

• 3 Ways to Use Real-Time Intelligence to Defeat Bots (darkreading.com)

• Microsoft: Hackers target defence firms with new FalseFont malware (bleepingcomputer.com)

• Hospitality sector subjected to new malware attacks | SC Media (scmagazine.com)

Mobile

• iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans | ZDNET

• The 5G risk: How to protect your smartphone from emerging security threats - PhoneArena

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• What is spyware and what can you do to stay protected? - Amnesty International

• NSO Group May Be On Its Way Out But There’s No Shortage Of Competitors To Take Its Place | Techdirt

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

Internet of Things – IoT

• IoT security strategy: an arms race for businesses | ITPro

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• Cyber security and car thefts: how are car makers responding? | CAR Magazine

• Marketer sparks panic with claims it uses smart devices to eavesdrop on people | Ars Technica

• Marketing firm admits it listens to conversations to sell targeted ads (searchengineland.com)

Data Breaches/Leaks

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• MongoDB says customer data was exposed in a cyber attack (bleepingcomputer.com)

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach | Ars Technica

• Everything Hackers Just Revealed in Sony Insomniac Games Leak (tech.co)

• Comcast says hackers stole data of close to 36 million Xfinity customers | TechCrunch

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records - Security Week

• Data leak exposes users of car-sharing service Blink Mobility (securityaffairs.com)

• Hacked security cam footage from bedrooms, dressing rooms, spas found to be on sale on Telegram group - NotebookCheck.net News

Organised Crime & Criminal Actors

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• INTERPOL celebrates huge cyber crime Christmas present (emergingrisks.co.uk)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider threats: why employees are a bigger risk than hackers (raconteur.net)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

Insurance

• Mandatory protections, higher premiums and continued growth -- cyber insurance predictions for 2024 (betanews.com)

• Uninsured firms incur 69% higher cyber incident costs - CIR Magazine

Supply Chain and Third Parties

• What is supply chain risk management (SCRM)? | Definition by TechTarget

• Addressing the Growing Threat of Supply Chain Cyber Attacks | HackerNoon

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Supply chain emerges as major vector in escalating automotive cyber attacks - Help Net Security

• Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 (darkreading.com)

Cloud/SaaS

• Most cloud transformations are stuck in the middle - Help Net Security

• IoT security strategy: an arms race for businesses | ITPro

• Millions of Microsoft Accounts Power Lattice of Automated Cyber Attacks (darkreading.com)

• Box cloud storage down amid 'critical' outage (bleepingcomputer.com)

Encryption

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• The password attacks of 2023: Lessons learned and next steps (bleepingcomputer.com)

• CISA urges vendors to get rid of default passwords | CyberScoop

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

Social Media

• Social media platform X back up after global outage | Reuters

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malvertising

• Malvertising has been out of control in 2023, and Google needs to do more to stop it | ITPro

Training, Education and Awareness

• Are We Ready to Give Up on Security Awareness Training? (thehackernews.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

Regulations, Fines and Legislation

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs. SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• UK data centres to be classed as critical infrastructure under new gov proposals | ITPro

• Clock Starts on SEC Cyber Attack Rules: What CISOs Should Know (informationweek.com)

• SEC disclosure rule for ‘material’ cyber security incidents goes into effect | CyberScoop

• What Do CISOs Have to Do to Meet New SEC Regulations? (darkreading.com)

• EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member states | ITPro

• Rules targeting financial criminals will require new filings for startups and small businesses – GeekWire

• A quiet cyber security revolution is touching every corner of the economy as US, allies ‘pull all the levers’ to face new threats | Fortune

Models, Frameworks and Standards

• Cyber Security Frameworks: A Guide for MSSPs | MSSP Alert

• SANS Institute Research Shows the Frameworks Organisations Use (darkreading.com)

Careers, Working in Cyber and Information Security

• How cyber security roles are changing and what to look for when hiring | CSO Online

Law Enforcement Action and Take Downs

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• US law enforcement seizes BlackCat ransomware site, distributes decryption key (axios.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• Interpol op cuffs 3,500 cyber suspects, seizes $300M • The Register

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Attacks on critical infrastructure are harbingers of war: Are we prepared? | SC Media (scmagazine.com)

Nation State Actors

China

• China's Cyber Warfare Surges With Hacking Of US Infrastructure (thefederalist.com)

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• China's Secret War Preps Inside US Utilities (spytalk.co)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• Chinese Spacecraft Emitting Strong Signal Over North America (futurism.com)

• A top-secret Chinese spy satellite just launched on a supersized rocket | Ars Technica

• China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents (thehackernews.com)

Russia

• Cyber attack on Kyivstar is likely one of highest-impact disruptive in Ukraine since Feb 2022 - British intelligence (interfax.com.ua)

• The UK Defence Intelligence Analyses Massive Cyber Attack Ukraine Suffered | Defence Express (defence-ua.com)

• Ukraine updates: UK says Ukraine suffered severe cyber attack – DW – 12/16/2023

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• UK and partners form The Tallinn Mechanism for cyber security - GOV.UK (www.gov.uk)

• Ukraine mobile cyber attack high impact says UK - Emerging Risks Media Ltd

• Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (hackread.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Iran

• Israel-linked hacking group claims it ‘disabled’ gas stations across Iran | World News - Hindustan Times

• Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware (talosintelligence.com)

Vulnerability Management

• 2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of 2023's critical cyber attacks stemmed from fewer than 1% of vulnerabilities - SiliconANGLE

• 1 in 4 high-risk CVEs are exploited within 24 hours of going public | SC Media (scmagazine.com)

• Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them? (darkreading.com)

• Creating a formula for effective vulnerability prioritization - Help Net Security

• Zoom Unveils Open Source Vulnerability Impact Scoring System - Security Week

• Threat actors still exploiting old unpatched vulnerabilities, says Cisco | IT Business

Vulnerabilities

• 80 percent of Struts 2 downloads include critical flaw • The Register

• ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products (securityaffairs.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• Flaws in pfSense firewall can lead to arbitrary code execution (securityaffairs.com)

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft discovers critical RCE flaw in Perforce Helix Core Server (bleepingcomputer.com)

• Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE (darkreading.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• 3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Security Week

• Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Security Week

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (darkreading.com)

• 3CX warns customers to disable SQL database integrations (bleepingcomputer.com)

• Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Security Week

• Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security Week

• Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims (darkreading.com)

• Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (thehackernews.com)

• Ivanti releases patches for 13 critical Avalanche RCE flaws (bleepingcomputer.com)

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

• Impact of Log4Shell Bug Was Overblown, Say Researchers - Infosecurity Magazine (infosecurity-magazine.com)

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now (thehackernews.com)

Tools and Controls

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• More cyber criminals turning to remote desktop protocol attacks | Insurance Times

• Insurer’s UK Honeypots Attacked 17 Million Times Per Day - Infosecurity Magazine (infosecurity-magazine.com)

• The cyber security arms race: AI vs. AI | TechRadar

• Microsoft unveils new, more secure Windows Protected Print Mode (bleepingcomputer.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• Demystifying Open XDR: What It Is, How to Do It, and ROI | Binary Defence

• 5 things you need to know about your EDR | CSO Online

• Can you trust Windows Hello biometric authentication | Kaspersky official blog

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• How CISOs can manage multiprovider cyber security portfolios | TechTarget

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool | CISA

• Are Workstation Security Logs Actually Important? | MSSP Alert

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

• How Segmentation Can Slow a Cyber Attack - ClearanceJobs

Reports Published in the Last Week

• Annual Payment Fraud Intelligence Report: 2023 | Recorded Future

Other News

• The Financial Sector Experiences More Cyber Attacks than Other Verticals, and those Incidents Result in Costlier Outcomes (prnewswire.com)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Small businesses targeted by cyber criminals for data (securitybrief.co.nz)

• Retailers Are Being Barraged By Cyber Attacks This Holiday Season (forbes.com)

• Complexity leaves energy companies vulnerable to cyber attacks - Verdict

• The MOVEit breach may well have been the biggest cyber attack of the year | TechRadar

• How to bolster security against intellectual property theft (c4isrnet.com)

• In Cyber Security, Some Conventional Wisdom, While Well-Intentioned, Is Off-Base (newsweek.com)

• Navigating The Cyber Security Landscape In 2024 (forbes.com)

• 3 Strategic Insights from Cyber Security Leader Study (trendmicro.com)

• Healthcare sector warned of poor cyber hygiene; CISA doles out remedy advice | SC Media (scmagazine.com)

• The truth behind four small business cyber security myths (themanufacturer.com)

• Conclusion of Crossed Swords: the most exciting offensive cyber operations exercise

• Australia announces cyber security plan after major breaches | World Economic Forum (weforum.org)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats? (theartnewspaper.com)

• NIST Report Spotlights Cyber, Privacy Risks in Genomic Data (inforisktoday.com)

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

The Human Element- Cyber Security’s Great Challenge

According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.

Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.

Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.

Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]

Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows

Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.

The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.

Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.

Sources [Computer Weekly]  [Beta News] [Beta News]

Despite Increasing Ransomware Attacks, Some Companies are in Denial

A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.

Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.

In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.

Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]

A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People

It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.

In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.

Sources: [The Register] [Computer Weekly]

The True Cost of a Ransomware Attack

While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.

For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [ITPro]

Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk

A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.

The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.

Source: [TechXplore]

Cyber Security Investment Involves More Than Just Technology

C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Dark Reading]

Questions Leaders Must Ask Themselves on Security Culture

In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.

Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.

Source: [AT&T]

There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime

The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.

Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.

Sources: [The Currency]

Cyber Attack on British Library Highlights Lack of UK Resilience

A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).

The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.

Source: [FT]

Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements

The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.

With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.

Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.

Sources: [Help Net Security] [Help Net Security]

The Cyber Security Lawsuit Boards are Talking About

For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.

Source: [The New York Times]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget

• Accelerating Security Risk Management (trendmicro.com)

• Companies step up investment in ransomware protection (betanews.com)

• CISOs can marry security and business success - Help Net Security

• 7 must-ask questions for leaders on security culture (att.com)

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Cyber security Investment Involves More Than Just Technology (darkreading.com)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Corporate Boards Mulling Effects of SEC Cyber Enforcement and CISO Exposure, and Possibly Hacker Complaints to SEC | Jackson Lewis P.C. - JDSupra

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Inflation, cyber risks the biggest worry for firms | Nation

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Why transparency and accountability are important in cyber security | Computer Weekly

• ‘I employ a lot of hackers’: how a stock exchange chief deters cyber attacks | Cyberwar | The Guardian

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• Humans Are Notoriously Bad at Assessing Risk - SecurityWeek

• The role experience plays in risk mitigation (betanews.com)

• Internal audit leaders are wary of key tech investments - Help Net Security

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Stressed staff put enterprises at risk of cyber attack (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)

• More than money: The true cost of a ransomware attack | ITPro

• Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert

• Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Companies step up investment in ransomware protection (betanews.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)

• The shifting sands of the war against cyber extortion - Help Net Security

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Ransomware groups rack up victims among corporate America | CyberScoop

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio

• UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology

• Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)

• Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)

• 4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal

Ransomware Victims

• Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor

• British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• ‘Sex life data’ stolen from UK government among record number of ransomware attacks (therecord.media)

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International

• London & Zurich ransomware attack causes customer chaos • The Register

• CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek

• Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Rhysida claims it hacked the British Library - Tech Monitor

• Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)

• Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar

• Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)

• St Helens Council suspected cyber attack caused significant disruption - BBC News

• Western Isles Council backup systems 'inaccessible' following cyber attack | STV News

• Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)

• BlackCat claims attack on Fidelity National Financial • The Register

Phishing & Email Based Attacks

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert

• How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon

Artificial Intelligence

• Cyber threats reached a new high this year, with AI playing a major role | TechRadar

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)

• Smaller businesses embrace GenAI, overlook security measures - Help Net Security

• AI Solutions Are the New Shadow IT (thehackernews.com)

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• OII | Large Language Models pose risk to science with false answers, says Oxford study

Malware

• 5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)

• Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE

• Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• MySQL servers hit by DDoS malware botnet | TechRadar

• 27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts (thehackernews.com)

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)

• Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)

• Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)

• How Ducktail steals Facebook accounts | Kaspersky official blog

• Cyber criminals turn to ready-made bots for quick attacks - Help Net Security

• 3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)

Mobile

• FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek

• Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog

• Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)

Denial of Service/DoS/DDOS

• NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate (databreaches.net)

• MySQL servers hit by DDoS malware botnet | TechRadar

Internet of Things – IoT

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

Data Breaches/Leaks

• 4 data loss examples keeping backup admins up at night | TechTarget

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

• Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)

• US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Sabre Insurance hit by cyber attack | Insurance Times

• Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)

• Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)

• Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)

• Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Sumo Logic says customer data untouched during breach • The Register

Organised Crime & Criminal Actors

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)

• Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

Insider Risk and Insider Threats

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• cyber security: Security violations by employees as harmful as hacking: Report - The Economic Times (indiatimes.com)

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)

Cloud/SaaS

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)

Encryption

• Some unbreakable RSA encryption keys are accidentally leaking online | New Scientist

Passwords, Credential Stuffing & Brute Force Attacks

• Largest study of its kind shows outdated password practices are putting millions at risk (techxplore.com)

• Your password hygiene remains atrocious, says NordPass • The Register

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

Social Media

• How Ducktail steals Facebook accounts | Kaspersky official blog

Malvertising

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

Training, Education and Awareness

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

Regulations, Fines and Legislation

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• What CISOs Need to Know About Materiality | Mimecast

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Does claiming you were hacked when you had really just screwed up violate the FTC Act? (databreaches.net)

• Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records | WIRED

• UK watchdog threatens enforcement action over ad cookies • The Register

Models, Frameworks and Standards

• NIS2 and its global ramifications - Help Net Security

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru

Data Protection

• 1 in 5 executives question their own data protection programs - Help Net Security

Careers, Working in Cyber and Information Security

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Half of Cyber security Professionals Kept Awake By Workload Worries - IT Security Guru

Law Enforcement Action and Take Downs

• Wirecard hacker sentenced to 80 months in prison (ft.com)

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Why cyber war readiness is critical for democracies - Help Net Security

• Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)

Nation State Actors

China

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions (thehackernews.com)

Russia

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)

• Embezzlement Scandal Consumes a Top Ukrainian Cyber Official, Jolting Relationship With US - The Messenger

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• The Defence Intelligence of Ukraine Reveals that Russia’s Civil Aviation Industry Is on the Brink of Collapse | Defence Express (defence-ua.com)

Iran

• Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

North Korea

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors (paloaltonetworks.com)

• DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)

• Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

Vulnerability Management

• Reflecting on 20 years of Patch Tuesday | MSRC Blog | Microsoft Security Response Center

Vulnerabilities

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg

• Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)

• Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)

• Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Adobe Releases Security Updates for ColdFusion | CISA

• Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)

Tools and Controls

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Accelerating Security Risk Management (trendmicro.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)

• Companies step up investment in ransomware protection (betanews.com)

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• The role experience plays in risk mitigation (betanews.com)

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

• Identity And Access Management: 18 Important Trends And Considerations

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• MFA under fire, attackers undermine trust in security measures - Help Net Security

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• 6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)

• The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)

Other News

• Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)

• Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)

• UK proposes 'super-complaints' to help keep internet safe • The Register

• Consumers plan to be more consistent with their security in 2024 - Help Net Security

• Security trends public sector leaders are watching | CyberScoop

• Even gas pumps aren't safe from cyber attacks at the moment | TechRadar

• Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider

• Cyber security: New plan to tackle ‘fastest-growing threat’ confronting Australia | The West Australian

• The US government wants to offer better cyber security to major infrastructure firms | TechRadar

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• Australia’s cyber security strategy focuses on protecting small businesses and critical infrastructure | CSO Online

• Cyber security at EU institutions: European Parliament adopt proposed Cyber security Regulation and EU institutions organise cyber security exercise | Practical Law (thomsonreuters.com)

• The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar

• Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)

• Shields Ready: Critical Infrastructure Security and Resilience

• Crimeware and financial cyberthreat predictions for 2024 | Securelist

• Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters

• Read again: Decoding cyber security, safeguarding educational institutions | Edexec

• What direction for the EU Cyber security Competence Centre? – EURACTIV.com

• Unveiling the Most Common Cyber Threats in Retail – International Supermarket News

• Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Companies Adopt Board-Level Cyber Security Committees

In a recent CISO Report by Splunk, 78% of CISOs and other security leaders reported a dedicated board-level cyber security committee at their organisations. These committees may be made up of qualified individuals or potentially even third parties - not necessarily company employees - that give guidance to the board around matters like risk assessment and cyber security strategy. These board-level cyber security committees can potentially bridge communication barriers between IT, security teams and boards. Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber risks, by participating in board meetings to upskill and guide the board in requesting and challenging the appropriate information from their internal and external sources.

Source: [Decipher]

Ransomware Attacks Rise by More Than 95% Over 2022, to All Time High

A recent report by Corvus has found that ransomware attacks continued at a record-breaking pace, with Q3 frequency up 11% over Q2 and 95% year-over-year. Even if there were no more ransomware attacks this year, the victim account has already surpassed what was observed for 2021 and 2022. In a separate report, analysis conducted by Sophos has found that dwell times, which is the length of time an attacker is in a victim’s system before they are discovered, has fallen, leaving less time for organisations to detect attacks.

Sources: [Dark Reading] [SC Magazine] [Reinsurance News]

Security Still Not a Priority for a Third of SMBs Despite 73% Suffering Cyber Attack Last Year

Multiple reports highlighting different aspects of small and medium businesses (SMBs) all have one thing in common: the lack of priority that is given to cyber security. One example is a survey conducted by Amazon Web Services (AWS) which found that cyber security is not even a strategic priority for 35% of SMBs when considering moving to the cloud. This comes as a report by Identity Theft Resource Center (ITRC) found that 73% of US SMBs reported a cyber attack last year, with employee and customer data being the target in data breaches. Despite the rise in SMB attacks, relatively few organisations are following cyber security best practices to help prevent a breach in the first place. Every business, regardless of size, should do everything it reasonably can to protect its data and ensure connectivity, and smaller organisations may be more likely to be a victim of a cyber attack. Security is an enabler for the wider IT and business strategy to help users build the organisation in greater security. It should be hard-baked from the outset; seeking expert advice can help ensure the right proportionate security decisions are being made.

Sources: [Insider Media] [Infosecurity Magazine] [IT Reseller Magazine] [Infosecurity Magazine]

More Than 46 Million Potential Cyber Attacks Logged Every Day

New data released by the UK’s BT Group has found that more than 500 potential cyber attacks are logged every second. The BT data showed that over the last 12 months the most targeted sectors by cyber criminals were IT, defence, banking and insurance sectors; this was followed by the retail, hospitality and education industries. According to the figures 785,000 charities fell victim to cyber attacks. The data found that hackers are relentlessly scanning devices for vulnerabilities by using automation, and artificial intelligence is now being included by attackers to identify weaknesses in an organisation’s cyber defences.

Sources: [Evening Standard] [Proactive] [The Independent]

Fighting Cyber Attacks Requires Top-Down Approach

Organisations must move away from the posture that their IT division owns responsibility for safeguarding against cyber attacks. Instead, what we really need is for cyber security to come down from the top of the organisation, into the departments so that we have an enterprise-wide culture of security. It is the board’s responsibility to work with the executive team to ensure it is not just an IT-centric issue. By aligning cyber risk management with business needs, creating a cyber security strategy as a business enabler, and incorporating cyber security expertise into board and governance, the organisation will create a solid foundation for this top-down approach.

Source: [Chief Investment Officer]

Email Security Threats are More Dangerous This Year as Over 200 million Malicious Emails Detected in Q3 2023

The use of generative artificial intelligence (AI) tools such as ChatGPT has made spam and phishing emails infinitely more dangerous, with over 200 million sent in Q3 2023. A recent report found that link-based malware delivery made up 58% of all malicious emails for the quarter, while attachments made up the remaining 42%. Worryingly, 33% of these were delivered through legitimate but compromised websites.

Phishing does not come through emails alone however, there is also phishing via SMS, QR codes, calls and genuine, but compromised accounts. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [Security Magazine] [MSSP Alert] [TechRadar]

98% of Security Leaders Worry About Risks of Generative AI as Fears Drive Spending

Generative AI is playing a significant role in reshaping the phishing email threat landscape, according to a recent report from Abnormal Security. The report found that 98% of security leaders are highly concerned about generative AI's potential to create more sophisticated email attacks, with four-fifths (80.3%) of respondents confirming that their organisation had already received AI-generated email attacks or strongly suspecting that this was the case. A separate report by IBM found that attackers only needed five simple prompts to get the AI to develop a highly convincing phishing email. In a separate report, Gartner stated that AI has created a new scare, which contributed to 80% of CIO’s reporting that they plan to increase spending on cyber security, including AI.

Sources: [Infosecurity Magazine] [CSO Online] [Business Wire] [Help Net Security]

48% of Organisations Predict Cyber Attack Recovery Could Take Weeks

A recent report has found that 48% of respondents predicted that it would take days or weeks for their company to recover from cyber attacks, representing a potentially devastating risk to their business. Attacks are a matter of when, not if. Organisations should have plans and procedures in place to be able to recover from an attack; this includes having an incident response plan and regularly testing the organisation’s ability to backup and recover.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an incident response plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Security Magazine]

Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour

The human element remains a significant vulnerability in cyber security, as reinforced by recent analysis. Repeated studies show that knowledge alone does not change behaviour, and that simply giving people more training is unlikely to change outcomes. The study underscores that even with heightened cyber security awareness, there has not been a notable decline in successful cyber attacks that exploit human errors.

We need to draw parallels to real-world skills. The report suggests that cyber security education should be as continuous and context-driven as learning to drive: no one learnt to drive by having a single lesson once a year. For instance, rather than educating employees on using multifactor authentication (MFA) in isolation, it's more impactful to provide an explanation of the additional security that that control provides and the reasons why it is being used to protect the organisation. This contextual approach, accentuated with insights on the advantages of these controls, is poised to foster the right behaviours and bolster security outcomes. However, the challenges persist, with many employees still bypassing recommended security protocols, underscoring the need for a more hands-on, real-time approach to cyber security education.

Source: [Dark Reading]

How Cyber Security Has Evolved in The Past 20 Years

Twenty years ago, the cloud as we know it didn’t exist. There were no Internet of Things (IoT) sensors, not even Gmail was around. Cyber threats have evolved significantly since then, but so too have the solutions. We’ve transitioned from manual, on-site vulnerability scanning and lengthy breach investigations, to automated tools and remote work capabilities that have reduced investigation times from months to weeks. Alongside technological advancements, laws and regulations surrounding cyber security have also tightened, imposing stricter rules on organisations to protect customer data and penalties for attackers.

The bigger picture is staying a step ahead of threat actors in the automation race. Whether that’s accomplished with AI or some other yet-to-be-discovered technology remains to be seen. In the meantime, as is always the case in this industry, regardless of the latest innovation, everyone needs to stay vigilant for threat actors’ attacks and remember that what was adequate to protect technology 20 years ago will not be sufficient to defend against the threat landscape today, and certainly not against the threats of tomorrow.

Source: [Forbes]

Rising Global Tensions Could Portend Destructive Hacks

Governments in the West are warning public and private sector organisations to "remain on heightened alert" for disruptive cyber attacks targeting critical infrastructure and key sectors amid a series of escalating global conflicts.

Source: [Info Risk Today]

Governance, Risk and Compliance

• Cyber security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• How to establish a great security awareness culture (att.com)

• More Companies Adopt Board-Level Cyber Security Committees | Decipher (duo.com)

• Fighting Cyber Attacks Requires Top-Down Approach | Chief Investment Officer (ai-cio.com)

• SMBs Need to Balance Cyber Security Needs and Resources (darkreading.com)

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Cyber Security Litigation: Five Trends Unpacked | Blake, Cassels & Graydon LLP - JDSupra

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

• Awaken From Cyber Slumber: 3 Steps To Stronger Cyber security (forbes.com)

• AI-related security fears drive 2024 IT spending - Help Net Security

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Threats

Ransomware, Extortion and Destructive Attacks

• SonicWall Data Confirms That Ransomware Is Still the Enterprise's Biggest Fear (darkreading.com)

• Ransomware attacks surge, highlighting need for detection, response tools: Allianz - Reinsurance News

• 2023 Ransomware Attacks Up More Than 95% Over 2022, According to Corvus Insurance Q3 Report (darkreading.com)

• Ransomware is threatening more businesses than ever before | TechRadar

• Ransomware isn’t going away – the problem is only getting worse (bleepingcomputer.com)

• Known Ransomware Attack Volume Breaks Monthly Record, Again (govinfosecurity.com)

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware (thehackernews.com)

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

• Meet Rhysida, a New Ransomware Strain That Deletes Itself (darkreading.com)

• Kaspersky crimeware report: GoPIX, Lumar, and Rhysida. | Securelist

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Five things organisations don’t consider before a ransomware attack | TechRadar

• Ransomware incidents are on the rise as latest data reveals alarming trend | TechSpot

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ransomware attacks against hospitals put patients' lives at risk, researchers say : NPR

• Ragnar Locker Ransomware Boss Arrested in Paris (darkreading.com)

• BlackCat Climbs the Summit With a New Tactic (paloaltonetworks.com)

• Ransomware Soars as Myriad Efforts to Stop It Fall Short - Bloomberg

• Hackers Using Remote Admin Tools AvosLocker Ransomware (gbhackers.com)

• Resilience notes uptick in data exfiltration as cyber criminals change tactics - Reinsurance News

• Healthcare Ransomware Attacks Cost US $78bn - Infosecurity Magazine (infosecurity-magazine.com)

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Should Ransom Payments Be Made Illegal | Intel471

• ThreatLabz state of ransomware report | ITPro | ITPro

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Ransomware Victims

• MGM Resorts hackers 'one of the most dangerous financial criminal groups’ (therecord.media)

• Ambulances diverted as 3 New York hospitals grapple with cyber attacks | Fox News

• Operations of Healthcare Solutions Giant Henry Schein Disrupted by Cyber attack - Security Week

• US energy firm shares how Akira ransomware hacked its systems (bleepingcomputer.com)

• Seiko says ransomware attack exposed sensitive customer data (bleepingcomputer.com)

• American Family Insurance confirms cyber attack is behind IT outages (bleepingcomputer.com)

• Cyber Attack Causing Service Interruptions At Ontario Hospitals (databreaches.net)

• Volex dented by cyber attack costs but full-year results are on track | AIM:VLX (proactiveinvestors.co.uk)

• Cyber crims leak patient pics in low blow bid to win ransom • The Register

Phishing & Email Based Attacks

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• Over 200 million malicious emails were detected in Q3 2023 | Security Magazine

• Watch out - that QR code could just be a phishing scam | TechRadar

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Email security threats are more dangerous than ever - here's what you need to know | TechRadar

• What is Phishing? 5 Types of Phishing Attacks You Need to Know | MSSP Alert

• The US released popular phishing techniques | Inquirer Technology

• Akamai research finds more sophisticated phishing threats in hospitality industry - SiliconANGLE

• Don’t Get Spooked Into Falling For These Phishing Scams - IT Security Guru

Other Social Engineering; Smishing, Vishing, etc

• Social engineering: Hacking minds over bytes (att.com)

Artificial Intelligence

• Generative AI phishing fears realised as model develops “highly convincing” emails in 5 minutes | CSO Online

• New Survey From Abnormal Security Reveals 98% Of Security Leaders Worry About the Risks of Generative AI | Business Wire

• AI-related security fears drive 2024 IT spending - Help Net Security

• Boardrooms losing control in generative AI takeover, says Kaspersky | Computer Weekly

• AI-Based Cyber Attacks Target HR Teams (thehrworld.co.uk)

• Governments, firms should spend more on AI safety, top researchers say | Reuters

• Cyber-defence systems seek to outduel criminals in AI race (techxplore.com)

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• AI risk must be treated as seriously as climate crisis, says Google DeepMind chief | Technology | The Guardian

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Don't use AI-based apps, Philippine defence ordered its personnel (securityaffairs.com)

• Businesses ignorant to gen AI security threats suggests research (ship-technology.com)

• Inside the battle to contain – and capitalise on – artificial intelligence | World news | The Guardian

• AI to Create Demand for Digital Trust Professionals, ISACA Survey Find - Infosecurity Magazine (infosecurity-magazine.com)

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• Artificial Intelligence Bad News For Cyber Threats, Report Warns - TechRound

• Bracing for AI-enabled ransomware and cyber extortion attacks - Help Net Security

• Britain’s Big AI Summit Is a Doom-Obsessed Mess | WIRED

• Oops! When tech innovations create new security threats | CSO Online

• UK officials use AI to decide on issues from benefits to marriage licences | Artificial intelligence (AI) | The Guardian

2FA/MFA

• Okta support system breach highlights need for strong MFA policies | CSO Online

Malware

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• OpenText Cyber Security Nastiest Malware of 2023 Shows Ransomware-as-a-Service Now Primary Business Model (prnewswire.com)

• Hackers are using an incredibly sneaky trick to hide malware | Digital Trends

• Vietnamese Hackers Target UK, US, and India with DarkGate Malware (thehackernews.com)

• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar (thehackernews.com)

• Dangerous new malware can crack encrypted USB drives | TechRadar

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• 'Grandoreiro' Trojan Targets Global Banking Customers (darkreading.com)

• Cl0p named 'nastiest' malware of 2023 | Security Magazine

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

Mobile

• Android trojan spotted in the wild can record audio and phone calls | ZDNET

• Samsung Galaxy S23 hacked twice in one day at Pwn2Own contest (androidauthority.com)

• iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation (thehackernews.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• A huge amount of financial apps contain security flaws - and this is the best scoring industry | TechRadar

• Intellexa: Irish-linked spyware used in 'brazen attacks' - report - BBC News

• Longer Support Periods Raise the Bar for Mobile Security (darkreading.com)

• Android adware apps on Google Play amass two million installs (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• This DDoS attack is the biggest in internet history. | World Economic Forum (weforum.org)

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

• Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (thehackernews.com)

Internet of Things – IoT

• How an explosion of 'smart' devices is threatening US households -- and national security (nypost.com)

• UK government finalises IoT cyber security requirements - Lexology

Data Breaches/Leaks

• Okta says hackers breached its support system and viewed customer files | Ars Technica

• Okta support system breach highlights need for strong MFA policies | CSO Online

• 1Password suffers cyber security incident after latest Okta breach - Tech Monitor

• Okta stock falls after company says client files accessed by hackers via support system (cnbc.com)

• Hacker accused of breaching Finnish psychotherapy centre facing 30,000 counts (therecord.media)

• City of Philadelphia discloses data breach after five months (bleepingcomputer.com)

• 500k Irish National Police records exposed by third party • The Register

• The 23andMe data breach reveals the vulnerabilities of our interconnected data (theconversation.com)

• iLeakage attack exploits Safari to steal data from Apple devices (securityaffairs.com)

• DC Board of Elections: Hackers may have breached entire voter roll (bleepingcomputer.com)

Organised Crime & Criminal Actors

• More than 500 potential cyber attacks logged every second, BT says | The Independent

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Cryptojacking campaign Qubitstrike targets exposed Jupyter Notebook instances | CSO Online

• Powerful Malware Disguised as Crypto Miner Infects 1M+ Windows, Linux PCs (pcmag.com)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insider Risk and Insider Threats

• Forget the outside hacker, the bigger threat is inside • The Register

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Human-centric Security Design Reduces Threats by Changing User Behavior (prweb.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

Fraud, Scams & Financial Crime

• New Hotel Phishing Scam — Be Careful If You're Offered a Discounted Rate | GOBankingRates

• Booking.com customers targeted by scam ‘confirmation’ emails | Scams | The Guardian

• Purchase Scams Surge as Fraud Losses Hit £580m - Infosecurity Magazine (infosecurity-magazine.com)

• Top crypto firms named in $1bn fraud lawsuit - BBC News

• Online scammers target desperate loan seekers using online fraud | TechRadar

• Christmas scams to watch out for this festive season (nationalworld.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Deepfakes

• Deepfakes: Navigating Data Privacy and Cyber Security Risks | DRI - JDSupra

• 70% of Crypto Companies Report Deepfake Fraud Rise (darkreading.com)

Insurance

• Telling Small Businesses to Buy Cyber Insurance Isn't Enough (darkreading.com)

• Stemming Losses That Go Uncovered by Cyber Insurance | Esquire Deposition Solutions, LLC - JDSupra

• Aviva: SMEs ‘woefully underserved’ for cyber cover - Insurance Post (postonline.co.uk)

Dark Web

• A Look at Key Dark Web Statistics (2023 Data Update) (techreport.com)

Supply Chain and Third Parties

• 500k Irish National Police records exposed by third party • The Register

Software Supply Chain

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

Cloud/SaaS

• The Rise of S3 Ransomware: How to Identify and Combat It (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Reveals Breach Via Stolen Credential - Infosecurity Magazine (infosecurity-magazine.com)

• Passwords - not all they are cracked up to be | TechRadar

• 'Log in With...' Feature Allows Full Online Account Takeover for Millions (darkreading.com)

• 10 Bad Password Habits You Need to Break (howtogeek.com)

Social Media

• Bad news - these fake LinkedIn job offers are just pushing malware, so don't get your hopes up | TechRadar

• Threat actor is selling access to Facebook and Instagram's Police Portal (securityaffairs.com)

Malvertising

• Malvertisers Using Google Ads to Target Users Searching for Popular Software (thehackernews.com)

Training, Education and Awareness

• Cyber Security Awareness Doesn't Cut It; It's Time to Focus on Behaviour (darkreading.com)

• This Cyber Security Awareness Month, Don't Lose Sight of Human Risk (darkreading.com)

• How to establish a great security awareness culture (att.com)

• How Cyber Security Training Lowers Risk Among Employees (forbes.com)

• The Need for a Cyber Security-Centric Business Culture (darkreading.com)

• Cyber Security Awareness Month: What's Still Needed After Twenty Years (forbes.com)

• From Snooze to Enthuse: Making Security Awareness Training 'Sticky' (darkreading.com)

Regulations, Fines and Legislation

• Managed security services [EU Legislation in Progress] | Epthinktank | European Parliament

• Report warns AI could worsen cyber threat, but government will not ‘rush to regulate’ - CIR Magazine

• UK government finalises IoT cyber security requirements - Lexology

• Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199 | Baker Donelson - JDSupra

• Will SEC Ruling Curb Encryption-Less Ransomware Attacks? | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• House Subcommittees Hold Hearing on Combating Ransomware Attacks | Patterson Belknap Webb & Tyler LLP - JDSupra

Models, Frameworks and Standards

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• CMMC 2.0: What You Need to Know - ClearanceJobs

Backup and Recovery

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

Law Enforcement Action and Take Downs

• Hacker accused of breaching Finnish psychotherapy center facing 30,000 counts (therecord.media)

• Alleged developer of the Ragnar Locker ransomware was arrested (securityaffairs.com)

• Spain arrests 34 cyber criminals who stole data of 4 million people (bleepingcomputer.com)

• Nigerian Police dismantle cyber crime recruitment, mentoring hub (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• ‘I’m looking for fewer ways to be traceable, not more’ | Financial Times

• Google Chrome's new "IP Protection" will hide users' IP addresses (bleepingcomputer.com)

• ShadowDragon: Australian spies monitor PornHub, Tinder, Fortnite (crikey.com.au)

Misinformation, Disinformation and Propaganda

• Disinformation and its often overlooked potential for denial-of-services. (thecyberwire.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Misc Nation State/Cyber Warfare/Cyber Espionage

• ICC: September Breach Was Espionage Raid - Infosecurity Magazine (infosecurity-magazine.com)

• International Criminal Court attack was targeted and sophisticated (securityaffairs.com)

• Governments and hackers agree: the laws of war must apply in cyber space (theconversation.com)

• It's Time to Establish the NATO of Cyber Security (darkreading.com)

• War Crimes Court Flags Cyber Attack That Targeted Its Work - Law360

• International Criminal Court systems breached for cyber espionage (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

Geopolitical Threats/Activity

• Cyber attacks in the Israel-Hamas war (cloudflare.com)

• Cyber criminals exploit the Israeli-Hamas conflict through scam emails and websites (iol.co.za)

• Cyber operations linked to Israel-Hamas fighting gain momentum | CyberScoop

• Rising Global Tensions Could Portend Destructive Hacks (inforisktoday.com)

China

• MI5 chief warns of Chinese cyber espionage reached an unprecedented scale (securityaffairs.com)

• Glasgow universities on red alert over Chinese spies as they join security scheme - Glasgow Live

• Navy ends tradition of Chinese laundrymen on warships over spying fears (telegraph.co.uk)

Russia

• Russia Cyber attacks Becoming More Sophisticated, Ukraine Official Says - Bloomberg

• Ukraine's IT army is a world first: here's why it is an important part of the war (theconversation.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• Ministry, police and Crimea summit websites victims of cyber attack | Radio Prague International

• Pro-Russia group behind today’s mass cyber attack against Czech institutions - Prague, Czech Republic (expats.cz)

• Major Russian bank reportedly hacked by Ukraine | SC Media (scmagazine.com)

• Hackers backdoor Russian state, industrial orgs for data theft (bleepingcomputer.com)

• Who is sabotaging underwater infrastructure in the Baltic Sea? (economist.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Russia-Ukraine War: Cyber Attack and Kinetic Warfare Timeline - | MSSP Alert

• France says Russian state hackers breached numerous critical networks (bleepingcomputer.com)

• Cyber attack a ‘serious attempt to undermine’ International Criminal Court - Lawyers Weekly

• Inside Ukraine's Cyber Army (globelynews.com)

• Former NSA employee pleads guilty to attempted selling classified documents to Russia (securityaffairs.com)

• Ex-NSA techie admits to selling state secrets to Russia • The Register

Iran

• Iran APT Targets the Mediterranean With Watering-Hole Attacks (darkreading.com)

North Korea

• US seizes sites that funnel money from North Korean IT workers for illicit activities | SC Media (scmagazine.com)

• Freelance Market Flooded With North Korean IT Actors (darkreading.com)

Vulnerability Management

• Concerns grow as LockBit knockoffs increasingly target popular vulnerabilities (therecord.media)

• Why Do We Need Real-World Context to Prioritise CVEs? (darkreading.com)

• Security Patch Management Strengthens Ransomware Defence (trendmicro.com)

Vulnerabilities

• Citrix Bleed exploit lets hackers hijack NetScaler accounts (bleepingcomputer.com)

• Exploitation of Citrix NetScaler vulns reaching dangerous levels | Computer Weekly

• Critical SolarWinds RCE Bugs Enable Unauthorised Network Takeover (darkreading.com)

• CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog - Security Affairs

• Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices (thehackernews.com)

• Cisco hackers likely taking steps to avoid identification | Computer Weekly

• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution (thehackernews.com)

• European govt email servers hacked using Roundcube zero-day (bleepingcomputer.com)

• VMware vCenter Flaw So Critical, Patches Released for End-of-Life Products - Security Week

• Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms (thehackernews.com)

• Firefox, Chrome Updates Patch High-Severity Vulnerabilities - Security Week

• The Forbidden Fruit Of Cyber Security: Hackers Take A Bite Out Of Apple (forbes.com)

• Pro-Russia hackers target inboxes with 0-day in webmail app used by millions | Ars Technica

• Apple Ships Major iOS, macOS Security Updates - Security Week

• Hackers can force iOS and macOS browsers to divulge passwords and much more | Ars Technica

• ServiceNow quietly fixes 8-year-old data exposure flaw • The Register

Tools and Controls

• 48% of organisations predict cyber attack recovery to take weeks | Security Magazine

• Businesses access to cyber insurance impacted by employee mistakes and poor security: QBE - Reinsurance News

• Ransomware attacks are getting faster: How to adjust incident response plans accordingly | SC Media (scmagazine.com)

• Cyber attack response plans need to be in place to avoid chaos - FreightWaves

• NIST provides solid guidance on software supply chain security in DevSecOps | CSO Online

• What is Network Segmentation? Virtual & Physical Segmentation | UpGuard

• AI-related security fears drive 2024 IT spending - Help Net Security

• Businesses fear generative AI will cause ‘catastrophic’ cyber attacks (siliconrepublic.com)

• Is it wise to put all your security solutions in one cyber basket? (securitybrief.co.nz)

• Cyber attacks are inevitable, so a focus on resilience is vital - James McGachie (scotsman.com)

• Cyber Resilience And Risk Management: Forces Against Cyber Threats (forbes.com)

• Are Backup Files the Missing Link in Your Cyber Security? (finextra.com)

• Unveiling the power of emerging technologies to empower cyber resilience (techuk.org)

• Cyber security concerns grow among physical security professionals | Security Magazine

• The Cyber Security Resilience Quotient: Measuring Security Effectiveness - Security Week

Other News

• MPs to examine cyber resilience of UK’s critical national infrastructure | CSO Online

• UK Parliament Opens Inquiry into Cyber-Resilience - Infosecurity Magazine (infosecurity-magazine.com)

• Strategies to overcome cyber security misconceptions - Help Net Security

• UK NCSC, NPSA launch Secure Innovation campaign to protect tech startups | CSO Online

• 5 important cyber security takeaways for law firms - Lawyers Weekly

• How Cyber Security Has Evolved In The Past 20 Years (forbes.com)

• HMRC annual report triggers cyber red alert | AccountingWEB

• Oops! When tech innovations create new security threats | CSO Online

• Spooky Cyber Statistics And Trends You Need To Know (forbes.com)

• The Changing Threat Landscape: Infostealers and the MacOS goldmine - F-Secure Blog

• Proactively preventing your company from becoming the next cyber attack headline (betanews.com)

• Cyber security trends 2023 | Allianz Commercial

• Demystifying Cyber Security: Shakespeare To The Rescue | HackerNoon

• Cyber Threat: Aviation’s Clear and Present Danger? | Aerospace Tech Review

• OT cyber attacks proliferating despite growing cyber security spend - Help Net Security

• Cost of a Data Breach: Retail Costs, Risks and Prevention Strategies (securityintelligence.com)

• What Would a US Government Shutdown Mean for Cyber Security? (darkreading.com)

• Weapons Systems Provide Valuable Lessons for ICS/OT Security - Security Week

• Cabinet Office tight-lipped on number of government cyber attacks and malware infections (civilserviceworld.com)

• Cyber attacks now biggest cause of downtime and data loss – report - CIR Magazine

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Insecurity: Many Businesses Scared They May be Hit by a Cyber Attack at Any Moment

A report from the Commvault and the International Data Corporation (IDC) found that 61% of respondents believe that a data loss within the next 12 months is "likely" or "highly likely" to occur due to increasingly sophisticated attacks. Unfortunately, most businesses do not have an unlimited budget; cyber security related spending must therefore be effective, taking an informed risk based approach to prioritise the biggest threats to businesses. To understand these threats, businesses must know the current threat landscape and how that relates to their business specifically. In order to be able to apply any threat intelligence, organisations must first ascertain what they need to protect through a documented asset register; after all you cannot protect something you do not know exists.

Sources: [PR Newswire] [TechRadar]

Cyber Security Investments Show Mature Business Mindset

Companies need to start embracing cyber security as a business enabler, rather than being viewed as a pure cost or as a regulatory burden. Good cyber security is a strong indicator of a mature business mindset, giving customers, employees, and suppliers confidence that you are running a mature, responsible operation that takes the value of its data and IP very seriously. With the perception of customers changing to be more security-based, having a high level of cyber security can establish trust and therefore distinguish a business in the marketplace.

Source: [Insider Media] [Compare the Cloud]

SMBs Struggle to Keep Pace as Cyber Threats Reach All Time High

Research conducted by Sage has found UK small and medium sized businesses (SMBs) are particularly struggling with cyber security preparedness, with 57% asking for more support with education and training and 45% not understanding what security is needed for their business. The report found that globally, 70% of SMBs highlighted cyber threats as a major concern, with 51% struggling to keep on top of new threats and 48% experiencing a cyber incident in the past year.

SMBs globally, found that their struggle related to making sure employees know what is expected of them in protecting the organisation (45%), providing education and awareness training (44%) and cost (43%).

Source: (IT Security Guru)

Phishing Attacks Hit Record Highs in Q2 2023, with Emails from HR still the Most Effective Lure

Research has found in the third quarter of this year, phishing attacks soared by 173% compared with the previous three months, and malware was up 110% over the same period, with 233.9 million malicious emails detected. Banks and financial services organisations remained a top target, with a 121% rise in phishing attacks.

In a separate report, human resource topics were found to account for more than half of the top-clicked phishing email subjects. This included emails that related to a change in dress code and updates on annual leave. It’s important for organisations to take this into account when training employees.

Sources: [SiliconANGLE1] [Beta News] [SiliconANGLE2] [TechRadar] [Security Brief]

Cyber Attacks Are a Matter of When, Not If; The Best Time to Deal with Them Is Before They Happen

Another week brings more companies added to the list of victims of cyber attacks. Just this week, UK based social care provider CareTech’s childcare subsidiary Cambian was criticised for keeping a cyber attack quiet, with individuals who had data stolen having to chase Cambian for details.

Cyber attacks happen, and companies need to admit when they have happened and inform relevant people. Honesty and clarity are key. After an attack, there are a number of things going on at once such as finding out what has happened, identifying stolen or encrypted data, fulfilling legal and regulatory requirements and communicating both internally and externally. Unfortunately, many companies do not expect to be attacked and therefore do not have anything in place to respond to an attack. In addition to having the necessary defences in place, organisations must be prepared for the event of an attack. This can be outlined in an incident response plan (IRP).

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Euronews] [The Times] [AI-CIO]

Lloyd's Of London Warns of Worst-Case-Scenario Cyber Attack

In recent modelling by a Lloyds of London researcher, a worst-case-scenario was found to have the potential to cause $3.5 trillion of economic damage within 5 years. While this may seem implausible, with the increased number of cyber attacks, especially to the financial sector, this figure is not as incredulous as it may seem.

The FBI has also stated that the average annual cost of cyber crime worldwide is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027.

Sources: [Reinsurance News] [ABS-CBN News] [The Motley Fool] [City AM]

20,000 Britons Approached by Chinese Agents on LinkedIn, Says MI5 Head

An estimated 20,000 Britons have been approached by Chinese state actors on LinkedIn in the hope of stealing industrial or technological secrets, the head of MI5 stated ahead of the Five Eyes agencies summit. This summit is a meeting of the heads of security from the Five Eyes nations – UK, US, Australia, Canada and New Zealand. The summit discussed how industrial espionage was happening at “real scale”, with 10,000 UK businesses being at risk, particularly in artificial intelligence, quantum computing or synthetic biology where China was trying to gain a march.

A 'secure innovation' guideline has been released to assist small to medium-sized enterprises, especially tech start-ups, in bolstering their defences against threats from foreign states, criminals, and competitors. This guideline offers basic security advice on areas like investments, supply chains, IT networks, and cloud computing to safeguard emerging technologies.

Sources: [Computer Weekly] [Tech Monitor] [Guardian]

Ransomware - All it Takes is One Employee Mistake, As Criminals are Aiming Third-Party Vendors

According to a report, human error is the root cause of more than 80% of all cyber breaches. The solution in this case, is for organisations to provide effective training to employees to reduce the risk of such an error happening. However, this does not have any impact on third parties that the  organisations use. A separate report found that nearly a third of ransomware claims involved a third-party vendor as a point of failure.

Whilst organisations often focus on improving their own cyber security, third parties can become an easily overlooked area. You don’t want to invest a significant amount into your organisation’s cyber security, only for it to fail due to a third party. This is why it is important for organisations to have an effective way of measuring supply chain risk, to ensure that they know what data their third parties have access to and what is being done by the third parties to protect it.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Sources: [Security Affairs] [Claims Journal]

39% of Individuals Use the Same Password for Multiple Accounts

According to a recent survey by Yubico, 80% of respondents are concerned about the security of their online accounts. Additionally, 39% admitted to using the same passwords for multiple accounts. The report found that Boomer-generation users are the least likely to reuse passwords at 20%. In comparison, Millennials are twice as likely to reuse passwords for multiple accounts at 47%. This survey highlights that whilst younger generations may be more tech savvy, having grown up with this technology, it also brings with it a more relaxed and complacent attitude when it comes to cyber security hygiene.

Source: [Security Magazine]

Why Fourth-Party Risk Management Is a Must-Have

Most organisations today are acutely aware of the risks that third-party relationships pose, and many employ some form of third-party risk management to understand and monitor these alliances. Another danger also needs to be borne in mind: the threats organisations face from their third parties’ third parties. These ‘fourth parties’, the vendors of an organisation's vendor, are becoming an increasing concern among regulators, particularly those in the banking and financial services sector. Attackers exploit fourth parties just the same as they do third parties to indirectly target an organisation. As a result, these fourth parties greatly increase an IT environment's attack surface.

Fourth parties pose reputational, operational and regulatory risks, and with new regulations such as the Digital Operational Resilience Act (DORA) in Europe coming into place, organisations need to implement a comprehensive third-party risk management program that extends to cover fourth-party risk management. This is the only way to ensure fourth parties are vetted appropriately.

Source: [Tech Target]

AI Adoption Surges but Security Awareness Lags Behind

A new survey found that security is reportedly not the primary concern for organisations when using tools such as ChatGPT and Google Bard. Respondents are more worried about inaccurate responses than the exposure of customer and employee personally identifiable information (PII), disclosure of trade secrets (33%) and financial loss (25%). Basic security practices are lacking, however, with 82% of respondents confident in their security stacks but less than half investing in technology to monitor generative AI use, exposing them to data loss risks. Only 46% have established security policies for data sharing.

Organisations need to rigorously assess and control how large language models (LLMs) handle data, ensuring alignment with regulations such as GDPR, HIPAA, and CCPA. This involves employing strong encryption, consent mechanisms and data anonymisation techniques, and ensuring control over how the organisation’s data is used, alongside regular audits and updates to ensure data handling practices remain compliant.

Source: [Infosecurity Magazine]

UK Watchdog Fines Equifax £11 Million For Role in Cyber Breach

Britain's financial watchdog has fined the consumer credit rating body Equifax £11 million ($13.4 million) for its role in "one of the largest" cyber security breaches in history. The Financial Conduct Authority (FCA) stated that "The cyber attack and unauthorised access to data was entirely preventable", identifying that the UK arm of Equifax did not find out data had been accessed until six  weeks after their parent company discover the hack.

Source: [Reuters]

Why Boards Must Understand and Govern Cyber Security Risk

The boardroom is a critical control in every company’s system of cyber security risk management. An ineffective approach to cyber security governance creates an overall system of cyber security that is weaker than it needs to be. Boards have typically viewed cyber security as something that it left to IT and have not been able to challenge or interpret the reports that they receive, if any, from their IT departments or IT providers. Governing bodies such as the US Securities Exchange Commission (SEC) have identified this and have started bringing in regulations that force the board of directors to fully understand digital cyber security risk and have a more vital role as part of the system.
Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security, by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Forbes]

Governance, Risk and Compliance

• Cyber Insecurity: Report Finds Majority of Enterprises Expect an Imminent Cyber Attack (prnewswire.com)

• Cyber Crime Costs Soar to $8 Trillion, Spotlighting the Critical Need for Cyber security Experts (globenewswire.com)

• Many cyber bosses just aren't confident in their company's defences | TechRadar

• SMBs seek help as cyber threats reach an all-time high - Help Net Security

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• The real impact of the cyber security poverty line on small organisations - Help Net Security

• Cyber security investments show mature business mindset, says IT expert | Insider Media

• Is Cyber security Finally Becoming a Business Enabler? - Compare the Cloud

• The best time to deal with cyber attacks is before they happen (thetimes.co.uk)

• ‘A matter of when not if’: Why is it crucial for businesses to protect themselves from cyber attacks? | Euronews

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Over 70% of firms hit by cyber attack in last 12 months (rte.ie)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• Getting ready for NIS2 with strong identity controls | ITPro

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• 10 Ways Boards Are Setting Their Companies Up For Cyber security Failure (forbes.com)

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• Cyber attacks to cost $23 trillion in 2027: US official | ABS-CBN News

• How Cyber security Provides the Green Light for Business Innovation (govinfosecurity.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• The Need for a Cyber security-Centric Business Culture (darkreading.com)

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Report: Cyber attacks No. 1 cause of downtime and data loss | Security Magazine

• Will CISOs Become Personally Liable for Breach Response? (inforisktoday.com)

• Keeping control in complex regulatory environments - Help Net Security

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• 7 risk mitigation strategies to protect business operations | TechTarget

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

• Regulations are still necessary to compel adoption of cyber security measures | ZDNET

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Ready For Cyber Readiness - Any Time Now (forbes.com)

• CISOs and board members are finding a common language - Help Net Security

• IT Disaster Recovery Best Practices: Preparing For The Worst (informationsecuritybuzz.com)

• When And How To Hire A vCISO For Your Company's Cyber security Program (forbes.com)

• 18 Factors And Metrics To Show The Value Of Cyber security Initiatives (forbes.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Cyber Insecurity, AI and the Rise of the CISO | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware Attacks Double: Are Companies Prepared for 2024's Cyber Threats? (thehackernews.com)

• Ransomware realities in 2023: one employee mistake can cost a company millions (securityaffairs.com)

• Ransomware Criminals Aiming at Third-Party Vendors in Hunt for ‘Big Game’ (claimsjournal.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Feds: Beware AvosLocker Ransomware Attacks on Critical Infrastructure (darkreading.com)

• Giant health insurer struck by ransomware didn't have antivirus protection (malwarebytes.com)

• CISA shares vulnerabilities, misconfigs used by ransomware gangs (bleepingcomputer.com)

• What Are the Legal Implications of Paying Ransomware Demands? | HackerNoon

• Healthcare Sector Warned About New Ransomware Group NoEscape - Infosecurity Magazine (infosecurity-magazine.com)

• New trend in ransomware: Anonymity (betanews.com)

• 63% of organisations restore data after a ransomware attack | Security Magazine

• Hacker Group GhostSec Unveils New Generation Ransomware Implant - Infosecurity Magazine (infosecurity-magazine.com)

• Black Basta ransomware is out and about, again. (thecyberwire.com)

• Ukrainian activists hack Trigona ransomware gang, wipe servers (bleepingcomputer.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• Scammers are targeting plastic surgery clinics with extortion scams | TechRadar

• BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks (bleepingcomputer.com)

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Ransomware Victims

• Lockbit ransomware gang demanded an 80 million ransom to CDW (securityaffairs.com)

• Alphv gang stole 5TB of data from Morrison Community Hospital (securityaffairs.com)

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Kansas Supreme Court Probes Potential Ransomware Attack (govinfosecurity.com)

• KwikTrip all but says IT outage was caused by a cyber attack (bleepingcomputer.com)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV (databreaches.net)

Phishing & Email Based Attacks

• More than 95 per cent of phishing attacks target the banking and finance sectors (bizhub.vn)

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• VIPRE finds 233.9 million malicious emails detected in Q3 2023 (securitybrief.co.nz)

• Make sure that email from HR is legit - it could be another phishing scam | TechRadar

• Human resources emails remain top phishing targets - SiliconANGLE

• CISA, NSA, FBI publish phishing guidance | TechTarget

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing: What’s in a Name? | CISA

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

Artificial Intelligence

• AI and the Imperative to Take Cyber security Precautions (inforisktoday.com)

• AI Adoption Surges But Security Awareness Lags Behind - Infosecurity Magazine (infosecurity-magazine.com)

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• Exploring the Realm of Malicious Generative AI: A New Digital Security Challenge (thehackernews.com)

• AI-generated cyber attacks pose new risk to key UK infrastructure, experts warn | The Independent

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Research: GPT-4 Jailbreak Easily Defeats Safety Guardrails

• Generative AI is scaring CISOs – but adoption isn’t slowing down | CSO Online

• Generative AI's impact on phishing attacks | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

2FA/MFA

• Google Authenticator synchronization raises MFA concerns | TechTarget

Malware

• Phishing attacks hit record high in third quarter, with malware not far behind - SiliconANGLE

• Valve upgrades Steam's security after several games are hacked and filled with malware | Rock Paper Shotgun

• DarkGate malware spreads through compromised Skype accounts (bleepingcomputer.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• Discord still a hotbed of malware activity — Now APTs join the fun (bleepingcomputer.com)

• Researchers warn of increased malware delivery via fake browser updates - Help Net Security

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Beware - that Google Chrome update alert might actually just be malware | TechRadar

Mobile

• SpyNote: Beware of This Android Trojan that Records Audio and Phone Calls (thehackernews.com)

• The top 9 mobile security threats and how you can avoid them | ZDNET

• Hackers exploit security flaw to target iOS 17 iPhones with 'notification attack' | Macworld

• Google Play Protect adds real-time scanning to fight Android malware (bleepingcomputer.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• DDoS Attacks in 2024: Distributed DoS Explained | Splunk

Internet of Things – IoT

• Inadequate IoT protection can be a costly mistake - Help Net Security

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Logistics Matters - Alert: How hackers use printers to gain access

• Microsoft HoloLens for the military: Hacker attacks on VR headset may cause physical pain - NotebookCheck.net News

Data Breaches/Leaks

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• Casio discloses data breach impacting customers in 149 countries (bleepingcomputer.com)

• 530K people's info stolen from cloud PC gaming's Shadow • The Register

• Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2) (databreaches.net)

• D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack (thehackernews.com)

• Hackers stole a million people's DNA. But what will they do with it? | Tech News | Metro News

• 23AndMe Hacker Leaks New Tranche of Stolen Data (darkreading.com)

• Healthcare breach costs soar requiring new thinking for safeguarding data (securityintelligence.com)

• Lost and Stolen Devices: A Gateway to Data Breaches and Leaks - SecurityWeek

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

• Care provider under fire over response to cyber attack (thetimes.co.uk)

• Some people whose personal data stolen in HWL Ebsworth hack not told for six months | Cyber crime | The Guardian

• ServiceNow leak: thousands of companies at risk | Cybernews

Organised Crime & Criminal Actors

• Cyber attacks -- where they come from and the tactics they use (betanews.com)

• Cyber criminals register .AI domains of trusted brands for malicious activity | CSO Online

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Single Sign On and the Cyber crime Ecosystem (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

Insider Risk and Insider Threats

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• Employees leaving businesses open to cyber attack – QBE research - CIR Magazine

• Why disaffected employees are your greatest cyber security risk | Federal News Network

• Ex-Navy IT head gets 5 years for selling people’s data on darkweb (bleepingcomputer.com)

Insurance

• Lloyd’s systemic risk scenario reveals potential cyber attack losses of $3.5tn (insuranceinsider.com)

• How MOVEit Is Likely to Shift Cyber Insurance Calculus (darkreading.com)

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

Supply Chain and Third Parties

• Colonial Pipeline attributes ransomware claims to ‘unrelated’ third-party data breach (therecord.media)

• Why fourth-party risk management is a must-have | TechTarget

Identity and Access Management

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

Encryption

• Microsoft to Phase Out NTLM in Favor of Kerberos for Stronger Authentication (thehackernews.com)

Linux and Open Source

• Open To Attack: The Risks Of Open-Source Software Attacks (informationsecuritybuzz.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Report Finds Few Open Source Projects are Actively Maintained - Slashdot

Passwords, Credential Stuffing & Brute Force Attacks

• IT Admins Are Just as Guilty For Weak Password Use- IT Security Guru

• Over 40,000 admin portal accounts use 'admin' as a password (bleepingcomputer.com)

• 39% of individuals use the same password for multiple accounts | Security Magazine

• Fighting off cyber attacks? Make sure user credentials aren’t compromised (bleepingcomputer.com)

• Passkeys Are Cool, But They Aren't Enterprise-Ready (darkreading.com)

• A worrying amount of corporate IDs still aren't properly protected | TechRadar

• Rising AI-Fueled Phishing Drives Demand for Password Alternatives - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Twitter glitch allows CIA informant channel to be hijacked - BBC News

Malvertising

• The forgotten malvertising campaign (malwarebytes.com)

• Malicious Notepad++ Google ads evade detection for months (bleepingcomputer.com)

• Guide to detecting and disrupting fake ads | Netcraft

• Google-hosted malvertising leads to fake Keepass site that looks genuine | Ars Technica

• Clever malvertising attack uses Punycode to look like KeePass's official website (malwarebytes.com)

Training, Education and Awareness

• Well-informed employees act as 1st line of defence against cyber threats: Cisco’s Samir Mishra (techcircle.in)

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

Regulations, Fines and Legislation

• UK watchdog fines Equifax $13.4 million for role in cyber breach | Reuters

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

• Can open source be saved from the EU's Cyber Resilience Act? • The Register

• Security Pros Warn That EU's Vulnerability Disclosure Rule Is Risky (darkreading.com)

• SEC stepping up cyber security efforts | Inquirer Business

• The double-edged sword of heightened regulation for financial services - Help Net Security

• Top US Cyber Agency Pushing Toward First Hack Reporting Rule (bloomberglaw.com)

• Keeping control in complex regulatory environments - Help Net Security

• UN cyber crime treaty: A menace in the making – EURACTIV.com

• SEC’s New Cyber Disclosure Rule: Challenges, Consequences, And Compliance | K2 Integrity - JDSupra

Models, Frameworks and Standards

• A Third of Organisations Not Ready to Comply with NIS2 - Infosecurity Magazine (infosecurity-magazine.com)

• One year left for companies to implement NIS2 cyber security directive (wbj.pl)

• The future of cyber security regulation: what to look out for with NIS2 | TechRadar

• NIST Cyber security Framework for Small Businesses: Key Benefits (smallbiztrends.com)

• NIS2: Why organisations need a unified cyber security standard | Microscope (computerweekly.com)

Backup and Recovery

• Principles for ransomware-resistant cloud backups - NCSC.GOV.UK

• 63% of organisations restore data after a ransomware attack | Security Magazine

Data Protection

• Care provider under fire over response to cyber attack (thetimes.co.uk)

Careers, Working in Cyber and Information Security

• Over half of cyber security pros say they want to switch jobs (betanews.com)

• Compelling Reasons Why You Should Study Cyber Security - Minutehack

• Your guide to landing a job in cyber security (fastcompany.com)

• New Cyber security Salary Report Guides Hiring in an $8 Trillion Cyber Crime Landscape (prnewswire.com)

• One in five CISOs miss out on pay raise - Help Net Security

Law Enforcement Action and Take Downs

• Law enforcement operation seized Ragnar Locker group's infrastructure (securityaffairs.com)

Misinformation, Disinformation and Propaganda

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats

Misc Nation State/Cyber Warfare

• ‘Only a matter of time’ before cyber attacks are viewed as acts of war: Ex-NSA chief

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes issues five tips on thwarting nation state threats | Computer Weekly

• APT trends report Q3 2023 | Securelist

• Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure (thehackernews.com)

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• The evolution of deception tactics from traditional to cyber warfare - Help Net Security

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Government officials debate effectiveness of multilateral relations in cyber security | ZDNET

• Defence leaders recognise need to adapt to win in ‘information battlespace’ | BAE Systems

Geopolitical Threats/Activity

• How Cyber attacks Could Affect the Israel-Hamas War (govinfosecurity.com)

• Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Israelis told to secure their home security cameras against hackers • Graham Cluley

• Gaza Conflict Paves Way for Pro-Hamas Information Operations (darkreading.com)

• Pro-Israeli Hacktivist Group Predatory Sparrow Reappears (darkreading.com)

• AI-Powered Israeli 'Cyber Dome' Defence Operation Comes to Life (darkreading.com)

• Fake 'RedAlert' rocket alert app for Israel installs Android spyware (bleepingcomputer.com)

• Mideast War Has Cyber Implications | Newsmax.com

• Hamas Hijacked Victims’ Social Media Accounts to Spread Terror - The New York Times (nytimes.com)

• Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems (darkreading.com)

China

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft   | SC Media (scmagazine.com)

• Five Eyes Warn Of Chinese Cyber Espionage | Silicon UK

• Five Eyes warn of growing threat of IP 'theft' by China's hackers (techmonitor.ai)

• 20,000 Britons approached by Chinese agents on LinkedIn, says MI5 head | MI5 | The Guardian

• Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration (thehackernews.com)

• US authorities monitor China-linked Bitcoin miners amid national security concerns: Report (cointelegraph.com)

• BLOODALCHEMY provides backdoor to ASEAN secrets • The Register

• TetrisPhantom: Cyber Espionage via Secure USBs Targets APAC Governments (thehackernews.com)

• Huawei wants to know why EU labelled it high security risk • The Register

• Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw (thehackernews.com)

Russia

• Mandia: China replaces Russia as top cyber threat | CyberScoop

• Russia-based Wizard Spider is Top Threat Group: Netskope Report | MSSP Alert

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• Russian Sandworm hackers breached 11 Ukrainian telcos since May (bleepingcomputer.com)

• Exclusive: Ukraine says joint mission with US derailed Moscow’s cyber attacks (therecord.media)

• Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer (gbhackers.com)

• Russian Hackers Target Romanian Media - Valahia.News

• Highest percentage of cyber crime activity originates in Russia (securitybrief.co.nz)

• Five Eyes Warn Deep Tech Start-Ups Against Nation-State Threats - Infosecurity Magazine (infosecurity-magazine.com)

Iran

• Iranian hackers lurked in Middle Eastern govt network for 8 months (bleepingcomputer.com)

• Hamas-linked app offers window into cyber infrastructure, possible links to Iran | CyberScoop

North Korea

• North Korea has got its hands on AI - and is testing its ability to commit cyberwarfare | TechRadar

• Lazarus Group Targeting Defence Experts with Fake Interviews via Trojanized VNC Apps (thehackernews.com)

• North Korean hackers exploit critical TeamCity flaw to breach networks (bleepingcomputer.com)

• FBI: Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program - SecurityWeek

Vulnerability Management

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Microsoft Needs to Get Serious About Its Windows 10 Upgrade Problem (pcmag.com)

Vulnerabilities

• Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 - SecurityWeek

• Cisco working on fix for critical IOS XE zero-day | TechTarget

• Oracle Patches 185 Vulnerabilities With October 2023 CPU - SecurityWeek

• Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms (thehackernews.com)

• You Need to Update WinRAR, Right Now (gizmodo.com)

• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS - SecurityWeek

• Hackers exploit critical flaw in WordPress Royal Elementor plugin (bleepingcomputer.com)

• Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software (thehackernews.com)

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (thehackernews.com)

• ServiceNow leak: thousands of companies at risk | Cybernews

Tools and Controls

• Well-informed employees act as 1st line of defence against cyber threats

• SMBs seek cyber training, support as attack risk surges | CIO Dive

• Vulnerability Scanning: How Often Should I Scan? (thehackernews.com)

• Essential cyber hygiene: Making cyber defence cost effective - Help Net Security

• Preparations Are Key to Weathering Cyber security Incidents | Chief Investment Officer (ai-cio.com)

• Improve your cyber threat understanding with geopolitical context | CSO Online

• Why Zero Trust Is the Cloud Security Imperative (darkreading.com)

• 3 Essential Steps to Strengthen SaaS Security (darkreading.com)

• Cyber expert calls for renewed focus on zero-trust and recovery as threat actors scale-up - SiliconANGLE

• How hackers use printers to gain access

• Google Authenticator synchronization raises MFA concerns | TechTarget

• Cyber insurance represents ‘small proportion’ of potential economic losses from major attack | Insurance Times

• Email Security Best Practices for Phishing Prevention (trendmicro.com)

• The impact of artificial intelligence on cyber offence and defence | The Strategist (aspistrategist.org.au)

• What to Look for in Cyber Insurance Coverage | Proofpoint US

• Reinforcing cyber security: The network's role to prevent, detect, and respond to attacks - Help Net Security

• How to go from collecting risk data to actually reducing risk? - Help Net Security

• October Is Cyber security Awareness Month – It’s a Good Time to Update Your Training Program | Clark Hill PLC - JDSupra

• How do we measure cyber risk? | ITPro

• Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies (informationweek.com)

• OSINT isn't immediate ground truth--it's the result of analysis. (thecyberwire.com)

• How Data Changes the Cyber Insurance Market Outlook (darkreading.com)

• What is Structured Threat Information eXpression (STIX)? (techtarget.com)

Reports Published in the Last Week

• Trustwave SpiderLabs Research: Cyber security in the Financial Services Sector

• APT trends report Q3 2023 | Securelist

• New CISO research sets out priorities, challenges and tips for success in a challenging landscape post - BSS

• ENISA THREAT LANDSCAPE REPORT 2023 REPORT IS OUT! (securityaffairs.com)

• Elastic Global Threat Report 2023 Reveals Dominance of Ransomware | Business Wire

• The CISO Report | Splunk

• VIPRE Security Group’s Q3 2023 Email Threat Report Reveals PDFs, Callback Phishing and Malware Via Google Drive Growing in Popularity Among Criminals - VIPRE

Other News

• SMBs Struggle to Keep Pace with Cyber Security Threats - IT Security Guru

• Many SMBs really don't know exactly what security tools they need | TechRadar

• Hackers Hit The IT Industry: 12 Companies Targeted In 2023 | CRN

• What the Hollywood Writers Strike Resolution Means for Cyber security (darkreading.com)

• Progress gets SEC subpoena over MOVEit breach – and more! • The Register

• 51% of Financial Services Firms Reporting Breaches are From US: Trustwave Threat Landscape Report | The Fintech Times

• Cyber attacks on healthcare organisations affect patient care - Help Net Security

• Zoom, Investors Reach $150 Million Deal Over Security Flaws Suit (bloomberglaw.com)

• Thinking about the phrase 'cyber security' | Microscope (computerweekly.com)

• Cyber risk report says shipping remains ‘easy target’, paying an average $3.2m In cyber attacks (shipmanagement idcinternational.com)

• Space industry group turns up volume on satellite vulnerabilities - SpaceNews

• 5 Tips for Improving Security in Public Sector (govinfosecurity.com)

• Marketers Must Make Cyber security A Priority Every Day (forbes.com)

• UK at risk of massive security breach from national HMRC IT meltdown | The Independent

• UK warns nuclear power plant operator of cyber security failings (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)