Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices

Newly released research found that 75% of organisations worldwide are currently implementing or considering bans on ChatGPT and other generative Artificial Intelligence (AI) applications within the workplace, with 61% stating that it will be a long term or permanent solution. Despite this, the majority recognised the opportunity such applications bring to the workplace, with 55% believing it would increase efficiency. All in all, 81% remained in favour of AI, highlighting that whilst organisations see the benefit, they are not ready to take the plunge for fear of being caught flat-footed.

Many organisations may simply not have the expertise-in house or confidence to employ AI effectively. These organisations lack an effective AI management plan, which governs the usage of AI in the corporate environment, rather than banning it outright. By having a clear-set AI plan, organisations can use AI to improve their efficiency, whilst maintaining cyber resilience. An increasing number of organisations have approached us at Black Arrow to discuss how to embrace AI securely; contact us to see how we can help you.

Source: [Dark Reading]

How an Eight-Character Password Could be Cracked in Just a Few Minutes

Strong and complex passwords are necessary to protect online accounts and data from cyber criminals. Complex passwords typically use lowercase and uppercase characters, numbers, and special characters. But complexity by itself can still open your password to cracking if it doesn’t contain enough characters, according to research by security firm Hive Systems. The report found that a complex password of eight characters can be cracked in only five minutes, and other weaker or shorter passwords are cracked instantly. However, passwords that have a greater number of characters are less vulnerable: for example an 18 character password, even if only lowercase letters, would take 481,000 years for a computer to crack.

Since creating and remembering multiple complex and lengthy passwords on your own is impossible, a password manager is your best bet. By using a password manager for yourself or within your organisation, you can generate, store and apply strong passwords for websites and online accounts.

Source: [Techrepublic]

Ransomware Victims Surge 143% as Threat Actors Pivot to Zero-Day Exploits

The number of organisations that became victims of ransomware attacks surged 143% between the first quarter of 2022 and first quarter of this year, as attackers increasingly leveraged zero-day vulnerabilities to break into target networks.

In many of these attacks, threat actors did not bother to encrypt data belonging to victim organisations. Instead, they focused solely on stealing their sensitive data and extorting victims by threatening to sell or leak the data to others. The tactic left even those with otherwise robust backup and restoration processes backed into a corner; this highlights the need for organisations to be able to detect and ideally block anomalous exfiltration of data, and have effective and rehearsed incident response plans to address the concept of pure exfiltration, because having backups is not enough.

The costs of these types of controls continue to fall making them viable for even smaller businesses. Without tools like Managed Detection and Response (MDR) and Data Loss Prevention (DLP), attacks of this nature cannot be detected until it is too late to do anything to stop them.

Source: [Dark Reading]

How Executives’ Personal Devices Threaten Business Security

Individuals, including executives, are considered a major target for cyber attacks. Motivated attackers know the right individual people they want to go after to achieve their larger organisational goal, and they’ll use any means necessary to be successful.

A recent report found that most executives are using their personal devices for work, creating a “backdoor” for cyber criminals to access large organisations. 50% of executive respondents reported receiving work-related scams in their personal emails.

Personal device use can be effective for organisations, however they need to implement an effective bring-your-own-device (BYOD) procedure and provide employees, including executives, with frequent user awareness and education training. All users at all levels within an organisation need to understand the risks, and importantly the role they play in keeping the organisation secure.

Sources: [Help Net Security] [Security Affairs]

77% of Financial Firms Saw an Increase in Cyber Attack Frequency

According a recent report on the financial services sector, 77% of firms reported an increase in attack frequency, and 87% said attacks were more severe. These firms unanimously said they would look to outsource their cyber security programs to third-party providers to shore up their cyber defences. Among the respondents, firms need to protect hybrid work environments (62%), consolidate cyber security and managed IT services (41%) and tap industry-specific and regulatory expertise (33%).

Source: [SecurityMagazine]

Protecting Against Sophisticated Cyber Attacks Requires Layered Defences

Faced with an influx of sophisticated cyber threats, including usage of AI to further enhance the efficacy of social engineering attacks, and the growth of both malware-as-a-service (MaaS) and ransomware-as-a-service (RaaS), it is critical for organisations to invest in layered security defences.

Services like managed detection and response (MDR) are integral to monitoring, investigating and responding to threats in real time. But without a strong and comprehensive foundational cyber security posture, managed services alone cannot effectively mitigate threats. To ensure comprehensive defences against emerging threats, organisations must prioritise proactive measures that can stop attacks before they even start. As adversaries continue to refine their attack techniques, layered protection that covers every stage in the attack chain becomes imperative.

Source: [Forbes]

Managing Human Cyber Risks Matters Now More Than Ever

As artificial intelligence (AI) amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital, according to the SANS Institute. It makes sense as no matter the technological advancement, the human element has always been a point of entry for attackers.

A recent study found that mature security programs, marked by robust teams and leadership support, are characterised by having at least three full-time employees in their security awareness teams. In some cases, this isn’t feasible for an organisation and this is where outsourcing comes in. By outsourcing security awareness, organisations can ensure that they have access to security awareness experts, to keep their organisation educated. Here at Black Arrow we offer regular security and awareness training, bespoke to your organisation, for your employees and leadership team.

Source: [Help Net Security]

Hackers are Targeting Top Executives’ Microsoft 365 Accounts to Steal Work Logins

Cyber security provider Proofpoint reported that high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks. More alarmingly, according to Proofpoint, around one-third (35%) of the compromised users had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool that allows attackers to steal even MFA-protected credentials. In the three months to June 2023, around 120,000 EvilProxy phishing emails were observed being sent to hundreds of targeted organisations globally, with many targeting Microsoft 365 user accounts in particular. Approximately 39% of the victims were C-level executives of which 17% were Chief Financial Officers, and 9% were Presidents and CEOs. Users must be trained effectively, to help mitigate the chance of them suffering a phishing attack. The C-suite is no exception.

Sources: [Help Net Security] [Security Affairs]

UK Shaken by Major Data Breaches

Recent major data breaches impacting crucial institutions like the UK Electoral Commission (which exposed the data of 40 million UK voters) and the Police Service of Northern Ireland, have brought attention to potential risks. Following a recent freedom of information request 10,000 police officers and staff details where published including details such as first name and surname, their rank or grade and the unit and where they are based. This breach occurred when a junior member of staff forgot to remove the master spreadsheet containing sensitive data when responding to the request.

Sources: [Telegraph] [Tech Crunch]

Threat of Cyber Attacks to UK National Security Upgraded: Compared to Chemical Weapons or Nuclear Attack

The UK government has raised the threat level posed by cyber attacks, now deeming the risk of cyber attacks to be more severe than that presented by small-scale chemical, biological, radiological, or nuclear (CBRN) attacks according to the latest National Risk Register (NRR) report for 2023. The report also highlighted artificial intelligence (AI) as a “chronic risk” – that is, one that poses “continuous challenges that erode our economy, community, way of life, and/or national security”.

Sources: [ITPro] [Infosecurity Magazine]

Mac Users are Facing More Dangerous Security Threats Than Ever Before

Apple’s MacBook Pro or iPhone devices are often perceived as safer, from a cyber security standpoint, compared to those from Microsoft or Google, mostly because of its “walled garden” approach. However, another key reason why hackers were not historically as interested in Apple was the smaller market share Apple held. That is no longer the case and as attacks are rising against Apple devices, this is something we expect to see continuing to accelerate.

In the last 10 years, Apple’s market share on desktop has increased from less than 7.5% to just over 20% today. Apple frequently patches actively exploited vulnerabilities, with overall 261 security vulnerabilities addressed so far this year. A recent report found that Mac users are targeted by three key threats: Trojans, Adware, and Potentially Unwanted Applications (PUA). Of the three, Trojans are the biggest single threat, making up more than half of all threat detections. Of all those detections, around half (52.7%) were for the EvilQuest encryption malicious software.

Source: [Techradar]

Cyber Attack to Cost Outsourcing Firm Capita up to £25m

Capita expects to take a financial hit of as much as £25m as a result of a cyber attack that began in March, pushing the outsourcing group to a pre-tax loss of almost £68m for the first half of the year. The group is still recovering from the attack by the Black Basta ransomware group, which hacked its Microsoft Office 365 software and accessed the personal data of staff working for the company and dozens of clients. Capita, which runs crucial services for local councils, the military, and the NHS, estimated that the financial costs associated with what it called the “cyber incident” would be between £20m and £25m. Previous estimates had put the cost at £15m to £20m.

The group said this new figure reflected the complexities of analysing the “exfiltrated” data, as well as costs of recovery and remediation and new investment to improve its cyber security. However, Capita said it was not currently able to estimate the level of any potential fine related to the incident and had not yet made any provision to cover any future costs. The company’s shares fell by more than 12% in morning trading on Friday after the release of its results, making it the biggest faller on the FTSE 250.

Source: [Guardian]

Government and Public Services Face 40% More Cyber Attacks and Struggle to Protect Due to Lack of Resources

A report published by BlackBerry noted a 40% rise in cyber attacks against public sector organisations and government institutions. One of the reasons is the limited resources and resistance that these government and public have; this makes it much easier for an attacker. An easy target is an attractive target.

Source: [Financial Express]

Governance, Risk and Compliance

• SMB cyber security: Cyber Security challenge: SMBs and large enterprises face common threat but separate response routes - The Economic Times (indiatimes.com)

• Protecting Against Sophisticated Cyber attacks Requires Layered Defense (forbes.com)

• Managing human cyber risks matters now more than ever - Help Net Security

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• Recent threat intelligence study indicates reactive measures are prioritized by most organisations over proactive | SC Media (scmagazine.com)

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Cyber attack to cost outsourcing firm Capita up to £25m | Capita | The Guardian

• 9 common risk management failures and how to avoid them | TechTarget

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Safeguarding Businesses From Data Privacy And Cyber security Risk (forbes.com)

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• What happens if cyber insurance becomes unviable? - Raconteur

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• NIST announces rare overhaul of security framework, focusing on organisational leadership | ITPro

• Protection is No Longer Straightforward – Why More Cyber Security Solutions Must Incorporate Context - Security Week

• Cyber Security Must Focus on the Goals of Criminals (informationweek.com)

• Going Up! How to Handle Rising Cyber Security Costs (securityintelligence.com)

• Maintaining Data Security Amidst Rising Concerns of Cyber attacks (techreport.com)

• Why it’s time for everyone to reorient their thinking about cyber security | Federal News Network

• 'Confusing, misleading or just plain wrong': Researchers explain why cyber security is needlessly complex - Study Finds

• It's Time for Cyber security to Talk About Climate Change (darkreading.com)

• Prioritizing cyber attacks still needs a lot of work, according to new Picus Labs report - SiliconANGLE

• It's not always malware (betanews.com)

• Act Before You're Hacked (forbes.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Healthcare and Finance Firms Ranked as Leading Targets for Cyber Attacks - MSSP Alert

• Ransomware victim numbers surge as attackers target zero-day vulnerabilities | CSO Online

• Definitive Guide to Ransomware 2023 | IBM whitepaper | ITPro | ITPro

• UK Think Tank Proposes Greater Ransomware Reporting From Cyber Insurance to Government – Security Week

• The ransomware rollercoaster continues as criminals advance their business models - Help Net Security

• Data exfiltration is now the go-to cyber extortion strategy - Help Net Security

• Clop ransomware now uses torrents to leak data and evade takedowns (bleepingcomputer.com)

• Spot Fake Extortion Attacks Without Wasting Time and Money (securityintelligence.com)

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• New Yashma Ransomware Variant Targets Multiple English-Speaking Countries (thehackernews.com)

• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits (darkreading.com)

• Recent ransomware attacks share curiously similar tactics - Help Net Security

• Ransomware Attacks: 20 Essential Considerations For Prep And Response (forbes.com)

• Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims | Tripwire

• Navigating the gray zone of ransomware payment practices - Help Net Security

• Anatomy of a Black Basta Ransomware Attack on BankCard USA - MSSP Alert

• Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics (darkreading.com)

• Clop Gang Offers Data Downloads Via Torrents - Infosecurity Magazine (infosecurity-magazine.com)

• The volume of ransomware attacks is dropping - but it’s no time to get complacent (networkingplus.co.uk)

• FortiGuard Labs: Organisations Detecting Ransomware Decline as the Volume and Impact of Targeted Attacks Continue to Rise (fortinet.com)

• Suspected Vietnamese hacker targets Chinese, Bulgarian organisations with new ransomware (therecord.media)

• Ransomware gangs are targeting public schools | Fortune

• New Report Exposes Vice Society's Collaboration with Rhysida Ransomware (thehackernews.com)

• White House Holds First-Ever Summit on Ransomware Crisis Plaguing Public Schools (insurancejournal.com)

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• Best practices for reporting ransomware attacks | TechTarget

• Ransomware, healthcare and incident response: Lessons from the Allscripts attack | CSO Online

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Threat Report: Ransomware Down, Targeted Attacks on the Rise (inforisktoday.com)

• Rasnake: Ransomware Now Threatens All, Not Just Elites | Newsmax.com

• The Ransomware Prevention Guide For SMBs - GovInfoSecurity

Ransomware Victims

• Hospital System Goes Back To Paper Following Ransomware Attack (forbes.com)

• ‘Data Security Incident’: 16 Hospitals across Four States Forced to Close after Cyber attack - News18

• Cyber attack forces hospitals to divert ambulances in Connecticut and Pennsylvania | CNN Politics

• Dallas pays millions for ransomware expenses after May attack – NBC 5 Dallas-Fort Worth (nbcdfw.com)

• Colorado Department of Higher Education warns of massive data breach (bleepingcomputer.com)

• Israel hospital hacking disrupts services; cyber attackers unknown - Israel News - The Jerusalem Post (jpost.com)

• Bnei Brak hospital hit by cyber attack, bringing down computers | The Times of Israel

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

• Breach Connected to MOVEit Flaw Affects Missouri Medicaid Recipients - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker stole more than $6 million from New Haven Public Schools (wfsb.com)

Phishing & Email Based Attacks

• Hackers are targeting top executives to steal their work logins | TechRadar

• Microsoft 365 accounts of execs, managers hijacked through EvilProxy - Help Net Security

• 9 of 10 Cyber attacks Start with a Phish, Comcast Study Shows - MSSP Alert

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• First quarter of 2023 saw 88% rise in phishing attacks: Kaspersky | The Peninsula Qatar

• RTL Today - Up to 80% of all cyber attacks: Phishing attempts surge in post-pandemic age

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

BEC – Business Email Compromise

• 37% of third-party applications have high-risk permissions - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Social engineering biggest threat to online safety - Avast (securitybrief.co.nz)

Artificial Intelligence

• 75% of Organisations Worldwide Set to Ban ChatGPT and Generative AI Apps on Work Devices (darkreading.com)

• When your teammate is a machine: 8 questions CISOs should be asking about AI | CSO Online

• Generative AI In Cyber Should Worry Us, Here’s Why (forbes.com)

• How to Prepare for ChatGPT's Risk Management Challenges (darkreading.com)

• AI chatbots like ChatGPT could be security nightmares - and experts are trying to contain the chaos | TechRadar

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• White House offers prize money for hacker-thwarting AI (techxplore.com)

• Criminals Have Created Their Own ChatGPT Clones | WIRED UK

• AI making cyber attacks more effective - Tech Monitor

• AI tools like ChatGPT increasingly used by cyber criminals for phishing, experts warn | NL Times

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

• Hackers Released New Black Hat AI Tool Evil-GPT (cybersecuritynews.com)

• Cyber security In The Age Of AI (forbes.com)

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• Microsoft AI Red Team building future of safer AI | Microsoft Security Blog

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Why We Need to Manage the Risk of AI Browser Extensions - Infosecurity Magazine (infosecurity-magazine.com)

• AI hacking gets White House backing; some already go rogue (9to5mac.com)

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• OpenAI to Unleash New Web Crawler to Devour More of the Open Web - Decrypt

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

2FA/MFA

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• Microsoft Authenticator will soon provide codes via WhatsApp - gHacks Tech News

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Malware

• In the age of ChatGPT, Macs are under malware assault | Digital Trends

• Mac users are facing more dangerous security threats than ever before | TechRadar

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• This PowerPoint could help hackers empty your bank account | Digital Trends

• Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle (bleepingcomputer.com)

• Israel cyber security agency says no breach after senior official self-infects home PC with malware | TechCrunch

• Latest Batloader Campaigns Use Pyarmor Pro for Evasion (trendmicro.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Malicious npm Packages Found Exfiltrating Sensitive Data from Developers (thehackernews.com)

• Fake VMware vConnector package on PyPI targets IT pros (bleepingcomputer.com)

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• This Mac Utility Is Now Malware (howtogeek.com)

• Hackers use open source Merlin post-exploitation toolkit in attacks (bleepingcomputer.com)

• New Statc Stealer Malware Emerges: Your Sensitive Data at Risk (thehackernews.com)

• Gafgyt malware exploits five-years-old flaw in EoL Zyxel router (bleepingcomputer.com)

• CISA: New Whirlpool backdoor used in Barracuda ESG hacks (bleepingcomputer.com)

Mobile

• Google explains how Android malware slips onto Google Play Store (bleepingcomputer.com)

• Czech cyber security experts warn against BaiRBIE.me app | Radio Prague International

• Removing Spyware From Your Android Phone: A How-To Guide (slashgear.com)

• How executives' personal devices threaten business security - Help Net Security

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• 40 Vulnerabilities Patched in Android With August 2023 Security Updates - Security Week

• Android 14 to let you block connections to unencrypted cellular networks (bleepingcomputer.com)

Botnets

• QakBot Malware Operators Expand C2 Network with 15 New Servers (thehackernews.com)

• Two-Thirds of UK Sites Vulnerable to Bad Bots - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Analysing Network Chaos Leads to Better DDoS Detection (darkreading.com)

• How to accelerate and access DDoS protection services using GRE - Help Net Security

• Researchers Strengthen Defences Against Common Cyber attack - CleanTechnica

Internet of Things – IoT

• What is IoT Security? | TechTarget

• Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED

• Disposed-of Gadgets Can Lead to Wi-Fi Network Hacks, Kaspersky Says (darkreading.com)

• The new technology that is making cars easier for criminals to steal, or crash (techxplore.com)

Data Breaches/Leaks

• Executives 'sleepwalking into cyber catastrophe', warns cyber security boss (cityam.com)

• Over 200 Million Brits Have Data Compromised in Four Years - Infosecurity Magazine (infosecurity-magazine.com)

• The Top 10 Countries Being Bombarded by Data Breaches (gizmodo.com)

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• UK Electoral Commission hacked by 'hostile actors' | Reuters

• PSNI officers who work with MI5 face relocation after ‘humongous’ security breach (telegraph.co.uk)

• Northern Ireland police investigate second data breach after documents containing officers' names stolen | UK News | Sky News

• Burger King Serves Up Sensitive Data, No Mayo (darkreading.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• TunnelCrack attack may cause vulnerable VPNs to leak traffic • The Register

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• How safe is my data after a hack or leak? - BBC News

Organised Crime & Criminal Actors

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs (thehackernews.com)

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol Shuts Down African Cyber crime Group, Seizes $2 Million (darkreading.com)

• Cyber security Must Focus on the Goals of Criminals (informationweek.com)

• How fame-seeking teenagers hacked some of the world’s biggest targets | Ars Technica

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• BlackBerry Discloses Major Crypto-Based Malware - The Tech Report

• FBI warns of phishing scams and social media account hijackers (cointelegraph.com)

• Crypto heavyweights back new cyber security standards after nearly $4 billion was lost to hacks in 2022 | Fortune Crypto

• Only 6 out of 45 crypto wallet brands have undergone penetration testing: Report (cointelegraph.com)

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

Insider Risk and Insider Threats

• Managing human cyber risks matters now more than ever - Help Net Security

• History’s Greatest Insider Threats - IT Security Guru

• US Navy sailors charged with stealing secret info for China • The Register

• Get consent before you monitor your staff, UK MPs suggest • The Register

Fraud, Scams & Financial Crime

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

• Extended warranty robocallers fined $300 million after 5 billion scam calls (bleepingcomputer.com)

• Experience: scammers used AI to fake my daughter’s kidnap | Family | The Guardian

• Data attacks set to enter new era under 'FraudGPT', warn cyber security execs (cityam.com)

Impersonation Attacks

• Rise in fraudsters spoofing the websites of leading UK banks | Computer Weekly

Insurance

• What happens if cyber insurance becomes unviable? - Raconteur

• Cyber Insurance Experts Make a Case for Coverage, Protection (darkreading.com)

• 5 Pitfalls and Possibilities AI Brings to Cyber Insurance (informationweek.com)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Dark Web

• Dark web activity targeting the financial sector - Help Net Security

• ChatGPT Security Concerns: Credentials on the Dark Web and More (techrepublic.com)

• Dark Web Threat Actors Targeting macOS | Accenture

Supply Chain and Third Parties

• Government contractor plunges after £25m cyber attack - The Mail (mailplus.co.uk)

• 37% of third-party applications have high-risk permissions - Help Net Security

Software Supply Chain

• Unravelling the importance of software supply chain security - Help Net Security

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• 37% of third-party applications have high-risk permissions - Help Net Security

Cloud/SaaS

• Attackers Use EvilProxy to target C-suite Executives (inforisktoday.com)

• 100K+ VIP Microsoft 365 users got targeted by phishers - OnMSFT.com

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Microsoft OneDrive is a willing 'ransomware double agent' • The Register

• Managing and Securing Distributed Cloud Environments - Security Week

• How hybrid cloud is transforming cyber security | ITPro

• Microsoft 365 guests + Power Apps = security nightmare • The Register

Containers

• Kubernetes clusters under attack in hundreds of organisations | CSO Online

Identity and Access Management

• CrowdStrike observes massive spike in identity-based attacks | TechTarget

• Keeper Security reveals SMBs at risk due to lack of PAM (securitybrief.co.nz)

• Understanding Active Directory Attack Paths to Improve Security (thehackernews.com)

• 91% of IT leaders better protected with PAM but want more affordable solutions - IT Security Guru

• Strong authentication best defence against Ransomware: Yubico (securitybrief.co.nz)

• WhatsApp is working on phishing-proof passkey authentication (androidpolice.com)

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

Encryption

• Cyber security Breakthrough: New Cipher System Protects Computers Against Spy Programs (scitechdaily.com)

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

• Quantum computing: A threat to asymmetric encryption. (thecyberwire.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

Open Source

• Is Open Source Security a Ticking Cyber Time Bomb? (securityintelligence.com)

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• Kemba Walden: We need to secure open source software | TechTarget

Passwords, Credential Stuffing & Brute Force Attacks

• Credentials Account For Over Half of Cloud Compromises - Infosecurity Magazine (infosecurity-magazine.com)

• How an 8-character password could be cracked in just a few minutes (techrepublic.com)

• AI can now steal your passwords with almost 100% accuracy | Digital Trends

• US Dept. of the Interior Employees Use Accounts That Are Easily Hacked (businessinsider.com)

• LastPass removes the master password from customers’ login with FIDO2 authenticators - Help Net Security

Biometrics

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Social Media

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

Malvertising

• Invisible Ad Fraud Targets Korean Android Users - Infosecurity Magazine (infosecurity-magazine.com)

• Google Play apps with 2.5M installs load ads when screen's off (bleepingcomputer.com)

• Not so fast: Don’t click that fake Amazon or Microsoft ad. Here’s why | Fox News

Training, Education and Awareness

• Managing human cyber risks matters now more than ever - Help Net Security

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

Travel

• I'm a cyber security expert, here's why your airport selfie is a gift to scammers | Daily Mail Online

• Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform | WIRED

Parental Controls and Child Safety

• Cyber security expert warns parents of online predators, social media usage (wptv.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Most domestic abuse cases feature spyware and remote monitoring, MPs warn | E&T Magazine (theiet.org)

• Baby monitors and smart speakers enabling abuse, say MPs - BBC News

Regulations, Fines and Legislation

• SEC Adopts Final Rules on Cyber security Risk Management, Strategy, Governance and Incident Disclosure by Public Companies | Akin Gump Strauss Hauer & Feld LLP - JDSupra

• How To Deal With the Vagueness in New Cyber Regulations (darkreading.com)

• What does the Data Protection and Digital Information (DPID) Bill mean for small businesses? | ITPro

• The Problem With Cyber security (and AI Security) Regulation (darkreading.com)

• CISA Unveils Cyber security Strategic Plan for Next 3 Years - Security Week

• The 5 Ways The SEC Failed Investors On Cyber security (forbes.com)

• What if WhatsApp really does leave the UK? - Tech Monitor

• America’s messy cyber regulations are no match for its adversaries | Financial Times (ft.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Banks hit with $549 million in fines for using Signal and WhatsApp to evade regulators (nbcnews.com)

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• UK minister defends plan to demand access to encrypted messages | Privacy | The Guardian

Models, Frameworks and Standards

• NIST Drafts Major Update to Its Widely Used Cyber security Framework | NIST

• Understanding NIST CSF and MITRE ATT&CK Security Frameworks - The New Stack

• OWASP Lead Flags Gaping Hole in Software Supply Chain Security (darkreading.com)

• Understanding Changes in the OWASP API Security Top 10 List - IT Security Guru

• 5 steps to ensure HIPAA compliance on mobile devices | TechTarget

Data Protection

• UK Shaken by Major Data Breaches: Security Concerns Surge Over Data Protection Changes | Open Rights Group

• Regulator: “Harmful” Web Design Could Break Data Protection Laws - Infosecurity Magazine (infosecurity-magazine.com)

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

Careers, Working in Cyber and Information Security

• Digital skills gap is challenging the cyber security of UK businesses - IT Security Guru

• Alarming survey: Many tech experts fail a test of their cyber security knowledge - SiliconANGLE

• Using creative recruitment strategies to tackle the cyber security skills shortage - Help Net Security

• Why cyber security is a blue-collar job - Help Net Security

• Will AI kill cyber security jobs? - Help Net Security

• Will CISOs become obsolete in the future? (betanews.com)

• 6 Essential Strategies for Enterprise Cyber security Workforce Development (govinfosecurity.com)

• Seasoned cyber pros are more complacent in their skills than junior staff - Help Net Security

Law Enforcement Action and Take Downs

• IRS confirms takedown of bulletproof hosting provider Lolek (therecord.media)

• Interpol takes down phishing-as-a-service platform used by 70,000 people (therecord.media)

Privacy, Surveillance and Mass Monitoring

• Missing persons NGO alliance kicks off global facial recognition initiative | Biometric Update

• China drafts rules for using facial recognition data - Japan Today

• Norway to fine Meta $98,500 a day over user privacy breach from 14 August | Meta | The Guardian

• Zoom trains its AI model with some user data, without giving them an opt-out option - Security Affairs

• ICO threatens enforcement action against websites with 'harmful' cookie banners | ITPro

• Worldcoin is scanning eyeballs to build a global ID and finance system. Governments are not impressed (theconversation.com)

• Woman Falsely Arrested Sues Detroit Over Facial Recognition (govtech.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Electoral Commission cyber attack: Everything we know about the hack as Russia 'tops list' of suspects (inews.co.uk)

• BlueCharlie changes attack infrastructure in response to reports on its activity - Security Affairs

• The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO - Security Affairs

• Microsoft Teams used in phishing campaign to bypass multi-factor authentication (malwarebytes.com)

• SpaceX's private control of satellite internet concerns military leaders | Space

• Analysts Say Use of Spyware During Conflict Is Chilling (voanews.com)

• Ukrainian state agencies targeted with open-source malware MerlinAgent (therecord.media)

• Cyber security experts discuss wins, losses and lessons at western Ukraine gathering : NPR

• Ukrainian official: Russian hackers change tactics from disruptive attacks | CyberScoop

• Ukraine Fends Off Sandworm Battlefield Espionage Ploy (govinfosecurity.com)

• Victor Zhora on cataloging cyber war crime evidence against Russian hackers targeting Ukraine | CyberScoop

• Microsoft addresses Office vulnerability attacked by Russian spooks in latest update | Computer Weekly

• Hackers with links to Pro-Russian groups compromised foreign embassies in Belarus, researchers say | CyberScoop

• New Cyber Threat 'MoustachedBouncer' Targets Embassies in Belarus - Infosecurity Magazine (infosecurity-magazine.com)

• Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop

• US, Ukraine cyber leaders talk resilience, collaboration | TechTarget

• Kyiv Cyber Defenders Spot Open-Source RAT in Phishing Emails (govinfosecurity.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

• LockBit posts Siemens company Varian to its victim blog (techmonitor.ai)

China

• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign (thehackernews.com)

• Electric vehicle threat: China will use its EV dominance to spy: UK warning (afr.com)

• UK security must not be sacrificed to net zero (telegraph.co.uk)

• Chinese cyber attacks on Japan prompts US push for stronger defences - Nikkei Asia

• China reportedly had ‘deep, persistent access’ to Japanese networks for months | Engadget

• Why the China cyber threat demands an airtight public-private response (federaltimes.com)

• China not ahead of US in cyber and surveillance, NSA head says - Nextgov/FCW

• China drafts rules for using facial recognition data - Japan Today

• US Navy sailors charged with stealing secret info for China • The Register

• RedHotel Checks in as Dominant China-Backed Cyber Spy Group (darkreading.com)

• US Navy sailors charged with stealing secret info for China • The Register

• APT31 Linked to Recent Industrial Attacks in Eastern Europe - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft’s Role in Email Breach to Be Part of US Cyber Inquiry - BNN Bloomberg

Iran

• Iranian state ‘now biggest threat to UK’ (thetimes.co.uk)

• Iranian cyber spies are targeting dissidents in Germany, warns intelligence service (therecord.media)

North Korea

• Reptile Rootkit: Advanced Linux Malware Targeting South Korean Systems (thehackernews.com)

• When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule (securityintelligence.com)

• North Korea compromised Russian missile engineering firm NPO Mashinostroyeniya - Security Affairs

Misc/Other/Unknown

• Cloud Company Assisted 17 Different Government Hacking Groups: US Researchers | NTD

• Security News This Week: The Cloud Company at the Center of a Global Hacking Spree | WIRED

Vulnerability Management

• Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities - Security Week

• How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever | Ars Technica

• Will CVSS 4.0 be a vulnerability-scoring breakthrough or is it broken? | CSO Online

• Microsoft hits back at Tenable’s criticism of its infosec • The Register

• The Four Pillars of Vulnerability Management - GovInfoSecurity

• Has Microsoft cut security corners once too often? | Computerworld

• Why Shellshock Remains a Cyber security Threat After 9 Years (darkreading.com)

• The 7 Worst Software Vulnerabilities of All Time (makeuseof.com)

Vulnerabilities

• Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws - Security Affairs

• Microsoft, Intel lead this month's security fix emissions • The Register

• Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications (darkreading.com)

• Nearly every AMD CPU since 2017 vulnerable to Inception bug • The Register

• Microsoft fixes flaw after being called irresponsible by Tenable CEO (bleepingcomputer.com)

• New PaperCut critical bug exposes unpatched servers to RCE attacks (bleepingcomputer.com)

• Google Chrome will get weekly security updates - gHacks Tech News

• Downfall: New Intel CPU Attack Exposing Sensitive Information - Security Week

• Adobe Releases Security Updates for Multiple Products | CISA

• New 'Inception' Side-Channel Attack Targets AMD Processors - Security Week

• Collide+Power, Downfall, and Inception: New Side-Channel Attacks Affecting Modern CPUs (thehackernews.com)

• Dell Credentials Bug Opens VMWare Environments to Takeover (darkreading.com)

Tools and Controls

• Managing human cyber risks matters now more than ever - Help Net Security

• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR (darkreading.com)

• MDR: Empowering Organisations with Enhanced Security (thehackernews.com)

• 9 common risk management failures and how to avoid them | TechTarget

• Why Do Cyber security Awareness Programs Often Fail? (databreachtoday.co.uk)

• Only 22% of Firms Have Mature Threat Intelligence Programs - Infosecurity Magazine (infosecurity-magazine.com)

• Here’s Why You Need Identity, Privacy, and Device Protection (finextra.com)

• What Is Content Disarm and Reconstruction? How CDR Tools Protect You From Malicious Files (makeuseof.com)

• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation (darkreading.com)

• Managing and Securing Distributed Cloud Environments - Security Week

• How to handle API sprawl and the security threat it poses - Help Net Security

• Threat intelligence's key role in mitigating malware threats - Help Net Security

• What Is Comprehensive Cyber-Resiliency? - The Futurum Group

• The Role of AI in Cyber security and Threat Detection: 5 Use Cases | by David Silva | Aug, 2023 | UX Planet

• Phishing-resistant authentication a key to breach prevention (securitybrief.co.nz)

• 10 Key Controls to Show Your Organisation Is Worthy of Cyber Insurance (darkreading.com)

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

• AI Risk Database Tackles AI Supply Chain Risks (darkreading.com)

Other News

• UK Sounds Warning Over Targeted Healthcare Attack (databreachtoday.co.uk)

• British Government Report Highlights Pressing Risks: Terrorism, Cyber Attacks, and International Conflicts - Shafaq News

• Budget constraints threaten cybersecurity in government bodies - Help Net Security

• Threat of cyber attacks to national security compared to that of chemical weapons | ITPro

• UK Government: Cyber Attacks Could Kill or Maim Thousands - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates | Microsoft Security Blog

• Cyber Security A Major Vulnerability In The Not For Profit Sector | Scoop News

• Government and public services face 40% more cyberattacks, struggle to protect due to lack of resources: Report | The Financial Express

• Hacker attacks on Mac users are 10x as high as they were in 2019, report says | iMore

• Venture Capital Investments at Risk: DynaRisk Identifies Critical Cybersecurity Gaps in Companies Backed By Some Of London’s Biggest VC Funds | Pressat

• Cyber Security Threats From Online Gaming – Analysis – Eurasia Review

• Satellites easier to hack than a Windows device | Cybernews

• Cyber attack cost Interserve more than £11m | News | Building

• Exploitable Vulnerabilities That Expose Healthcare Facilities Surged Nearly 60% Since 2022, New Research Report Finds (prweb.com)

• Environmental Regulations, OT & the Maritime Industry's New Challenges (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• The NCSC Sets Out the UK’s Cyber Threat Landscape

The current state of the UK’s cyber threat landscape was outlined by the National Cyber Security Centre (NCSC), during a keynote address on the final day of Infosecurity Europe 2022.

They described the cyber threats posed by nation-states, particularly Russia and China. Russia remains “one of the world’s most prolific cyber actors and dedicates significant resources to conducting cyber operations across the globe.”  The NCSC and international partner organisations have attributed a number of high-profile attacks related to the conflict to Russian state actors, including the Viasat incident on the eve of the invasion of Ukraine on February 24. Therefore, the NCSC recommends that organisations prepare for a dynamic situation that is liable to change rapidly.

The NCSC emphasised that a more significant long-term threat comes from China, citing GCHQ director Jeremy Fleming’s assertion that “Russia is affecting the weather, but China is shaping the climate.” She described the nation’s “highly sophisticated” activities in cyberspace, born out of its “increasing ambitions to project its influence beyond its borders.” This includes a keen interest in the UK’s commercial secrets.

In addition to nation-state attacks, the NCSC noted that cyber crime is continuing to rise, with ransomware a continuing concern. Attacks are expected to grow in scale, with threat actors likely to increasingly target managed service providers (MSPs) to gain access to a wider range of targets. More generally, cyber capabilities will become more commoditised over the next few years, meaning they are increasingly available to a larger group of would-be attackers who are willing to pay.

https://www.infosecurity-magazine.com/news/ncsc-uk-cyber-threat-landscape/

• We're Now Truly in The Era of Ransomware as Pure Extortion Without the Encryption

Increasingly cyber crime rings tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between in facilitating that, simply exfiltrating the data and demanding a fee to not leak it all is just as effective. This shift has been ongoing for many months, and is now virtually unavoidable.

The FBI and CISA this month warned about a lesser-known extortion gang called Karakurt, which demands ransoms as high as $13 million. Karakurt doesn't target any specific sectors or industries, and the gang's victims haven't had any of their documents encrypted and held to ransom. Instead, the crooks claim to have stolen data, with screenshots or copies of exfiltrated files as proof, and they threaten to sell it or leak it publicly if they don't receive a payment.

Some of these thieves offer discounted ransoms to corporations to encourage them to pay sooner, with the demanded payment getting larger the longer it takes to cough up the cash (or Bitcoin, as the case may be).

Additionally, some crime groups offer sliding-scale payment systems. So you pay for what you get, and depending on the amount of ransom paid you get a control panel, you get customer support, you get all of the tools you need."

https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/

• 5 Social Engineering Assumptions That Are Wrong

Social engineering is involved in the vast majority of cyber attacks, but a new report from Proofpoint has revealed five common social engineering assumptions that are not only wrong but are repeatedly subverted by malicious actors in their attacks.

1. Threat actors don’t have conversations with targets.

2. Legitimate services are safe from social engineering abuse.

3. Attackers only use computers, not telephones.

4. Replying to existing email conversations is safe.

5. Fraudsters only use business-related content as lures.

Commenting on the report’s findings, Sherrod DeGrippo, Proofpoint’s Vice-President Threat Research and Detection, stated that the vendor has attempted to debunk faulty assumptions made by organisations and security teams so they can better protect employees against cyber crime. “Despite defenders’ best efforts, cyber criminals continue to defraud, extort and ransom companies for billions of dollars annually. Security-focused decision makers have prioritised bolstering defences around physical and cloud-based infrastructure, which has led to human beings becoming the most relied upon entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviours and interests.”

Indeed, cyber criminals will go to creative and occasionally unusual lengths to carry out social engineering campaigns, making it more difficult for users to avoid falling victim to them.

https://www.csoonline.com/article/3664932/5-social-engineering-assumptions-that-are-wrong.html#tk.rss_news

• Gartner: Regulation, Human Costs Will Create Stormy Cyber Security Weather Ahead

Security teams should prepare for what researchers say will be a challenging environment through 2023, with increased pressure from government regulators, partners, and threat actors.

Gartner kicked off its Security & Risk Management Summit with the release of its analysts' assessments of the work ahead, which Richard Addiscott, the company's senior director analyst, discussed during his opening keynote address.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” Addiscott said. “Most security and risk leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.”

Topping Gartner's list of eight predictions is a rise in the government regulation of consumer privacy rights and ransomware response, a widespread shift by enterprises to unify security platforms, more zero trust, and, troublingly, the prediction that by 2025 threat actors will likely have figured out how to "weaponise operational technology environments successfully to cause human casualties”, the cyber security report said.

https://www.darkreading.com/attacks-breaches/gartner-regulation-human-cost-stormy-cybersecurity-weather

• Ransomware Attacks - This Is the Data That Cyber Criminals Really Want to Steal

There are certain types of data that criminals target the most, according to an analysis of attacks.

Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn't received.

These so-called double extortion attacks have become an effective tool in the arsenal of ransomware gangs, who leverage them to force victims to pay up, even in cases where data could be restored from offline backups, because the threat of sensitive information being published is too great.

Any stolen data is potentially useful to ransomware gangs, but according to analysis by researchers at cyber security company Rapid7, of 161 disclosed ransomware incidents where data was published, some data is seen as more valuable than others.

According to the report, financial services is the sector that is most likely to have customer data exposed, with 82% of incidents involving ransomware gangs accessing and making threats to release this data. Stealing and publishing sensitive customer information would undermine consumer trust in financial services organisations: while being hacked in the first place would be damaging enough, some business leaders might view paying a ransom to avoid further damage caused by data leaks to be worth it.

The second most-leaked type of file in ransomware attacks against financial services firms, featuring in 59% of disclosures from victims, is employee personally identifiable information (PII) and data related to human resources. 

https://www.zdnet.com/article/ransomware-attacks-this-is-the-data-that-cyber-criminals-really-want-to-steal/

• Cloud Email Threats Soar 101% in a Year

The number of email-borne cyber-threats blocked by Trend Micro surged by triple digits last year, highlighting the continued risk from conventional attack vectors.

The vendor stopped over 33.6 million such threats reaching customers via cloud-based email in 2021, a 101% increase. This included 16.5 million phishing emails, a 138% year-on-year increase, of which 6.5 million were credential phishing attempts.

Trend Micro also blocked 3.3 million malicious files in cloud-based emails, including a 134% increase in known threats and a 221% increase in unknown malware.

The news comes as Proofpoint warned in a new report of the continued dangers posed by social engineering, and the mistaken assumptions many users make. 

Many users don’t realise that threat actors may spend considerable time and effort building a rapport over email with their victims, especially if they’re trying to conduct a business email compromise (BEC) attack, it said.

https://www.infosecurity-magazine.com/news/cloud-email-threats-soar-101-in-a/

• 80% of Firms Suffered Identity-Related Breaches in Last 12 Months

Rapidly growing employee identities, third-party partners, and machine nodes have companies scrambling to secure credential information, software secrets, and cloud identities, according to researchers.

In a survey of IT and identity professionals from Dimensional Research, almost every organisation — 98% — experienced rapid growth in the number of identities that have to be managed, with that growth driven by expanding cloud usage, more third-party partners, and machine identities. Furthermore, businesses are also seeing an increase in breaches because of this, with 84% of firms suffering an identity-related breach in the past 12 months, compared with 79% in a previous study covering two years.

The number and complexity of identities organisations are having to manage and secure is increasing. Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts.

For the most part, organisations focus on employee identities, which 70% consider to be the most likely to be breached and 58% believe to have the greatest impact, according to the 2022 "Trends in Securing Digital Identities" report based on the survey. Yet third-party partners and business customers are significant sources of risk as well, with 35% and 25% of respondents considering those to be a major source of breaches, respectively.

https://www.darkreading.com/operations/identity-related-breaches-last-12-months

• After Being Breached Once, Many Companies Are Likely to Be Hit Again

Cymulate announced the results of a survey, revealing that two-thirds of companies who have been hit by cyber crime in the past year have been hit more than once, with almost 10% experiencing 10 or so more attacks a year.

Research taken from 858 security professionals surveyed across North America, EMEA, APAC and LATAM across a wide range of industries including technology, banking, finance and government, also highlighted larger companies hit by cyber crime are experiencing shorter disruption time and damage to business with 40% reported low damage compared with medium-size businesses (less than 2,500 employees) which had longer recovery times and more business affecting damage.

Other highlights

• 40% of respondents admitted to being breached over the past 12 months.

• After being breached once, statistics showed they were more likely to be hit again than not (66%).

• Malware (55%), and more specifically ransomware (40%) and DDoS (32%) were the main forms of cyber attacks experienced by those surveyed.

• Attacks primarily occurred via end-user phishing (56%), via third parties connected to the enterprise (37%) or direct attacks on enterprise networks (34%).

• 22% of companies publicly disclosed cyber attacks in the worst-case breaches, with 35% needing to hire security consultants, 12% dismissing their current security professionals and 12% hiring public relations consultants to deal with the repercussions to their reputations. Top three best practices for cyber attack prevention, mitigation and remediation include multi-factor authentication (67%), proactive corporate phishing and awareness campaigns (53%), and well-planned and practiced incident response plans (44%). Least privilege also ranked highly, at 43%.

• 29% of attacks come from insider threats – intentionally or unintentionally.

• Leadership and cyber security teams who meet regularly to discuss risk reduction are more cyber security-ready – those who met 15 times a year incurred zero breaches whereas those who suffered six or more breaches met under nine times on average.

https://www.helpnetsecurity.com/2022/06/21/companies-hit-by-cybercrime/

• Do You Have Ransomware Insurance? Look at the Fine Print

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance.

In recent years, ransomware insurance has grown as a product field because organisations are trying to buy protection against the catastrophic effects of a successful ransomware attack. Why try to buy insurance? Well, a single, successful attack can just about wipe out a large organisation, or lead to crippling costs – NotPetya alone led to a total of $10bn in damages.

Ransomware attacks are notoriously difficult to protect against completely. Like any other potentially catastrophic event, insurers stepped in to offer an insurance product. In exchange for a premium, insurers promise to cover many of the damages resulting from a ransomware attack.

Depending on the policy, a ransomware policy could cover loss of income if the attack disrupts operations, or loss of valuable data, if data is erased due to the ransomware event. A policy may also cover you for extortion – in others, it will refund the ransom demanded by the criminal.

The exact payout and terms will of course be defined in the policy document, also called the "fine print." Critically, fine print also contains exclusions, in other words circumstances under which the policy won't pay out. And therein lies the problem.

https://thehackernews.com/2022/06/do-you-have-ransomware-insurance-look.html

• The Price of Stolen Info: Everything on Sale on The Dark Web

What is the price for personal information, including credit cards and bank accounts, on the dark web?

Privacy Affairs researchers concluded that criminals using the dark web need only spend $1,115 for a complete set of a person’s account details, enabling them to create fake IDs and forge private documents, such as passports and driver’s licenses.

Access to other information is becoming even cheaper. The Dark Web Price Index 2022 – based on data scanning dark web marketplaces, forums, and websites, revealed:

• Credit card details and associated information cost between $17-$120

• Online banking login information costs $45

• Hacked Facebook accounts cost $45

• Cloned VISA with PIN cost $20

• Stolen PayPal account details, with minimum $1000 balances, cost $20.

In December 2021, about 4.5 million credit cards went up for sale on the dark web, the study found. The average price ranged from $1-$20.

Scammers can buy full credit card details, including CVV number, card number, associated dates, and even the email, physical address and phone number. This enables them to penetrate the credit card processing chain, overriding any security countermeasures.

https://www.helpnetsecurity.com/2022/06/22/stolen-info-sale-dark-web/

• How Companies Are Prioritising Infosec and Compliance

New research conducted by Enterprise Management Associates (EMA), examines the impact of the compliance budget on security strategy and priorities. It describes areas for which companies prioritise information security and compliance, which leaders control information security spending, how compliance has shifted the overall security strategy of the organisation, and the solutions and tools on which organisations are focusing their technology spending.

The findings cover three critical areas of an organisation’s security and compliance posture: information security and IT audit and compliance, data security and data privacy, and security and compliance spending.

One key takeaway is that merging security and compliance priorities addresses regulatory control gaps while improving the organisation’s security posture. Respondents revealed insights on how they handle compliance, who is responsible for compliance and security responsibilities, and what compliance-related security challenges organisations face.

Additional findings:

• Companies found the need to shift their information security strategy to address compliance priorities (93%).

• Information security and IT compliance priorities are generally aligned (89%).

• Existing security tools have to address data privacy considerations going forward (76%).

• Managing an organisation’s multiple IT environments and the controls that govern those environments is the greatest challenge in the IT audit and compliance space (39%).

https://www.helpnetsecurity.com/2022/06/24/companies-infosec-compliance-priorities/

• Businesses Risk ‘Catastrophic Financial Loss’ from Cyber Attacks, US Watchdog Warns

A US Government watchdog has warned that private insurance companies are increasingly backing out of covering damages from major cyber attacks — leaving businesses facing “catastrophic financial loss” unless another insurance model can be found.

The growing challenge of covering cyber risk is outlined in a new report from the Government Accountability Office (GAO), which calls for a government assessment of whether a federal cyber insurance option is needed.

The report draws on threat assessments from the National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Justice, to quantify the risk of cyber attacks on critical infrastructure, identifying vulnerable technologies that might be attacked and a range of threat actors capable of exploiting them.

Citing an annual threat assessment released by the ODNI, the report finds that hacking groups linked to Russia, China, Iran, and North Korea pose the greatest threat to US infrastructure — along with certain non-state actors like organised cyber criminal gangs.

Given the wide and increasingly skilled range of actors willing to target US entities, the number of cyber incidents is rising at an alarming rate.

https://www.theverge.com/2022/6/23/23180115/gao-infrastructure-catastrophic-financial-loss-cyberattacks-insurance

Threats

Ransomware

• Attackers exploited a Mitel VOIP zero-day to compromise a network Security Affairs

• Chinese hackers use ransomware as decoy for cyber espionage (bleepingcomputer.com)

• If you don't store valuable data, ransomware is impotent • The Register

• Ransomware-as-a-Service: Learn to Enhance Cyber security Approaches (analyticsinsight.net)

• Mitigate Ransomware in a Remote-First World (thehackernews.com)

• Delivery Firm Yodel Scrambling to Restore Operations Following Cyber attack | SecurityWeek.Com

• Black Basta Ransomware Becomes Major Threat in Two Months | SecurityWeek.Com

• These hackers are spreading ransomware as a distraction - to hide their cyber spying | ZDNet

• Conti ransomware hacking spree breaches over 40 orgs in a month (bleepingcomputer.com)

• Conti effectively created an extortion-oriented IT company, says Group-IB - Help Net Security

• Conti ransomware finally shuts down data leak, negotiation sites (bleepingcomputer.com)

• Conti ransomware group's pulse stops, but did it fake its own death? | Malwarebytes Labs

• Without Conti on the Scene, LockBit 2.0 Leads Ransomware Attacks (darkreading.com)

• Cyber attack: Gloucester council services still not back to normal - BBC News

Phishing & Email Based Attacks

• Your email is a major source of security risks and it's getting worse | ZDNet

• New Phishing Attack Infects Devices with Cobalt Strike- IT Security Guru

• Voicemail phishing emails steal Microsoft credentials • The Register

• The Risk of Multichannel Phishing Is on the Horizon (darkreading.com)

• Cops arrests nine suspected of stealing millions via email • The Register

• Cyber criminals Use Azure Front Door in Phishing Attacks - Security Affairs

• Microsoft Exchange servers hacked by new ToddyCat APT gang (bleepingcomputer.com)

• Cyber attackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign (darkreading.com)

Other Social Engineering

• Proofpoint: Social engineering attacks slipping past users (techtarget.com)

• #InfosecurityEurope2022: Actions Not Words: Hacking the Human Through Social Engineering - Infosecurity Magazine

• Inside a large-scale phishing campaign targeting millions of Facebook users - Help Net Security

Malware

• RIG Exploit Kit Now Infects Victims' PCs With Dridex Instead of Raccoon Stealer (thehackernews.com)

• Organisations Battling Phishing Malware, Viruses the Most (darkreading.com)

• This Linux botnet has found a novel way of spreading to new devices | ZDNet

• New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (thehackernews.com)

• NSA warns against silly mistake in the fight against Windows malware | TechRadar

Mobile

• This Android malware is so dangerous, even Google is worried | TechRadar

• Google is notifying Android users targeted by Hermit government-grade spyware | TechCrunch

• Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (thehackernews.com)

• This phone-wiping Android banking trojan is getting nastier | ZDNet

• BRATA Android Malware Group Now Classified As Advanced Persistent Threat - Infosecurity Magazine

• Spurred by Roe overturn, senators seek FTC probe of iOS and Android tracking | Ars Technica

Internet of Things – IoT

• Hackers can target Eufy Homebase 2 to spy on you (komando.com)

• Vulnerabilities in the Jacuzzi SmartTub app could allow to access users’ data - Security Affairs - Security Affairs

Data Breaches/Leaks

• US Bank Data Breach Impacts Over 1.5 Million Customers - Infosecurity Magazine

• CafePress fined $500,000 for breach affecting 23 million users (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Hackers steal $100 million from California cryptocurrency firm - CNN

• DARPA study finds blockchain not as decentralised as assumed • The Register

Insider Risk and Insider Threats

• Former Amazon Worker Convicted of Capital One Data Breach - Infosecurity Magazine

Fraud, Scams & Financial Crime

• Why Fraud On Linkedin A ‘Significant Threat’ To Platform And Consumer – Information Security Buzz

Supply Chain and Third Parties

• IT pros are not very confident in their organisation's supply chain security - Help Net Security

• #InfosecurityEurope2022: Tackling Widespread Data Breaches from Third Parties - Infosecurity Magazine

Cloud/SaaS

• Risk Disconnect in the Cloud (darkreading.com)

• Microsoft 365 Users in US Face Raging Spate of Attacks (darkreading.com)

• 7 Steps to Stronger SaaS Security (darkreading.com)

• Getting a Better Handle on Identity Management in the Cloud (darkreading.com)

• Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service (thehackernews.com)

Identity and Access Management

• Risky behaviour reduced when executives put focus on identity security - Help Net Security

• Access management issues may create security holes (techtarget.com)

• IAM Research: Inadequate Programs Leave Organisations Open to Cyber Attacks - MSSP Alert

• Why 84% Of US Firms Hit With Identity-Related Breaches In 2021 – Information Security Buzz

Open Source

• Open-source software risks persist, according to new reports | CSO Online

• Less Than Half of Organisations Have Open Source Security Policy - Infosecurity Magazine

• Blind trust in open source security is hurting us: Report | ZDNet

Training, Education and Awareness

• #InfosecurityEurope2022: Security Awareness Must Be in the Moment - Infosecurity Magazine

Privacy

• Privacy-focused Brave Search grew by 5,000% in a year (bleepingcomputer.com)

• Supreme Court's Roe v. Wade reversal sparks calls for strengthening privacy - CyberScoop

Regulations, Fines and Legislation

• Do Privacy and Data Protection Regulations Create as Many Problems as They Solve? | SecurityWeek.Com

Law Enforcement Action and Take Downs

• Phishing gang behind millions in losses dismantled by police (bleepingcomputer.com)

• Euro Police Target Crime Groups Grooming Ukrainian Refugees Online - Infosecurity Magazine

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Microsoft: Russian Cyber Spying Targets 42 Ukraine Allies | SecurityWeek.Com

• Italian spyware firm is hacking into iOS and Android devices, Google says | Computerworld

• NSO claims 'more than 5' EU states used its Pegasus spyware • The Register

• #InfosecurityEurope2022: Geopolitical Tensions a “Danger” to Cyber security - Infosecurity Magazine

• Examples of Cyber Warfare #TrendTalksBizSec (trendmicro.com)

• Ukraine deploys a DDoS protection service to survive the cyberwar | VentureBeat

• Lithuania warns of rise in DDoS attacks against government sites (bleepingcomputer.com)

• Russia's APT28 Launches Nuke-Themed Follina Exploit Campaign (darkreading.com)

• Ukrainian cyber security officials disclose two new hacking campaigns - IT Security Guru

• Scalper bots out of control in Israel, selling state appointments (bleepingcomputer.com)

• Research questions potentially dangerous implications of Ukraine's IT Army - CyberScoop

• Lithuania under cyber-attack after ban on Russian railway goodsSecurity Affairs

• #InfosecurityEurope2022: Disinformation Warfare – How Do We Tackle Fake News? - Infosecurity Magazine

Nation State Actors

Nation State Actors – Russia

• Microsoft reveals extent of attacks by Russian hackers on Ukraine allies - and why Estonia is striking exception | World News | Sky News

• Russia Steps Up Cyber-Espionage Against Ukraine Allies - Infosecurity Magazine

• Ukrainian organisations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons | ZDNet

• Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug | Threatpost

• Russian APT28 hacker accused of the NATO think tank hack in Germany - Security Affairs

• Russia fines Google for spreading ‘unreliable’ info defaming its army (bleepingcomputer.com)

Nation State Actors – China

• Chinese APT 'Bronze Starlight' Uses Ransomware to Disguise Cyberespionage | SecurityWeek.Com

• Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor - Security Affairs

• Chinese hackers target script kiddies with info-stealer trojan (bleepingcomputer.com)

Nation State Actors – Iran

• False Air Raid Sirens in Israel Possibly Triggered by Iranian Cyber Attack | SecurityWeek.Com

Nation State Actors – Misc APT

• Elusive ToddyCat APT Targets Microsoft Exchange Servers | Threatpost

• APT Groups Swarming on VMware Servers with Log4Shell (darkreading.com)

• How APTs Are Achieving Persistence Through IoT, OT, and Network Devices (darkreading.com)

Vulnerability Management

• Why We're Getting Vulnerability Management Wrong (darkreading.com)

Vulnerabilities

• Cisco warns of security holes in its security appliances • The Register

• Citrix Releases Security Updates for Hypervisor | CISA

• Google Patches 14 Vulnerabilities With Release of Chrome 103 | SecurityWeek.Com

• Cisco will not address critical RCE in end-of-life Small Business RV routers - Security Affairs

• Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild - Security Affairs

• Oracle spent 6 months to fix 'Mega' flaws in the Fusion Middleware - Security Affairs

• Researchers criticize Oracle's vulnerability disclosure process (techtarget.com)

• Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks (thehackernews.com)

Sector Specific

Financial Services Sector

• Flagstar Bank discloses data breach impacting 1.5 million customers (bleepingcomputer.com)

• 7 Cyber security Best Practices for Financial Services Firms - MSSP Alert

• Why Financial Institutions Must Double Down on Open Source Investments (darkreading.com)

• 10 Biggest Data Breaches in Finance | UpGuard

SMBs – Small and Medium Businesses

• How tool sprawl is becoming a common issue for SMEs - Help Net Security

• Middle market companies under attack: Threats coming from all directions - Help Net Security

• #InfosecurityEurope2022: How Should SMEs Defend Against Cyber-Risks? - Infosecurity Magazine

Legal

• #InfosecurityEurope2022: Lawyers Update Security for New Ways of Working - Infosecurity Magazine

Health/Medical/Pharma Sector

• Healthcare breaches on the rise in 2022 (techtarget.com)

Retail/eCommerce

• Magecart attacks are still around. And they are becoming more stealthy | ZDNet

• Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign- IT Security Guru

Manufacturing

• Automotive fabric supplier TB Kawashima announces cyber attack (bleepingcomputer.com)

CNI, OT, ICS, IIoT and SCADA

• Researchers disclose 56 vulnerabilities impacting thousands of OT devices - Help Net Security

• Operational Technology (OT) Security and Cyber attacks: Research Reveals Key Trends - MSSP Alert

• How To Minimise Your OT Blind Spots – Information Security Buzz

Reports Published in the Last Week

• State of Open Source Security 2022 | Snyk

Other News

• Threat Intelligence Services Are Universally Valued by IT Staff (darkreading.com)

• #InfosecurityEurope2022 Firms Face Emerging Threats as Bad Actors Evade Defences - Infosecurity Magazine

• Security pros increasingly plan to adopt MDR services in the next 12 months - Help Net Security

• Board members and the C-suite need secure communication tools - Help Net Security

• Adobe Acrobat may block antivirus tools from monitoring PDF files (bleepingcomputer.com)

• 7 Ways to Avoid Worst-Case Cyber Scenarios (darkreading.com)

• 3 threats dirty data poses to the enterprise (techtarget.com)

• Data recovery depends on how good your backup strategy is - Help Net Security

• Unsecured APIs Could Be Costing Firms $75bn Per Year - Infosecurity Magazine

• The Rise, Fall, and Rebirth of the Presumption of Compromise (darkreading.com)

• AI Is Not a Security Silver Bullet (darkreading.com)

• #InfosecurityEurope2022: Are You Prepared For The Next Big Crisis? - Infosecurity Magazine

• Ongoing PowerShell security threats prompt a call to action (techtarget.com)

• Despite known security issues, VPN usage continues to thrive - Help Net Security

• Space-based assets aren’t immune to cyber attacks | CSO Online

• Cyber security expert on how $13K of fuel was stolen from station (wtvr.com)

• Cloudflare Outage Knocks Hundreds of Websites Offline - Infosecurity Magazine (infosecurity-magazine.com)

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.