Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Intelligence Briefing 4th August 2023
Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:
-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching
-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
-The Generative AI War Between Companies and Hackers is Starting
-Spend to Save: The CFO’s Guide to Cyber Security Investment
-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
-How the Talent Shortage Impacts Cyber Security Leadership
-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
-Cyber Insurance and the Ransomware Challenge
-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
-Startups Should Move Fast and Remember Cyber Security
Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching
A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.
This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.
Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]
67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious
In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.
A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.
The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.
Source: [Security Intelligence]
Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence
Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.
Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.
Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]
The Generative AI War Between Companies and Hackers is Starting
To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.
A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.
Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.
Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]
Spend to Save: The CFO’s Guide to Cyber Security Investment
As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.
The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.
It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.
Source: [Security Intelligence]
Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril
The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.
There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.
Source [CSO Online]
How the Talent Shortage Impacts Cyber Security Leadership
The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.
Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.
The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.
Source: [Security Intelligence]
Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods
A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.
Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.
Source: [Security Brief]
Cyber Insurance and the Ransomware Challenge
The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.
While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.
Sources: [RUSI] [Dark Reading]
Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.
"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."
Source: [TheHackerNews]
66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies
A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.
In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.
Source: [ITSecurityWire]
UK legal Sector at Risk, National Cyber Security Centre Warns
Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.
The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.
Sources: [Todays Conveyancer] [Infosecurity Magazine]
Startups Should Move Fast and Remember Cyber Security
The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.
The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.
Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]
Governance, Risk and Compliance
Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
CISOs Need Backing to Take Charge of Security (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Threats
Ransomware, Extortion and Destructive Attacks
67% of data breaches start with a single click - Help Net Security
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
The race against time in ransomware attacks - Help Net Security
As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)
Ransomware gang increases attacks on insecure MSSQL servers | CSO Online
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)
Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber criminals pivot away from ransomware encryption | Computer Weekly
Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)
Ransomware Victims
MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)
Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)
Scottish university UWS targeted by cyber attackers - BBC News
Tempur Sealy isolated tech system to contain cyber burglary • The Register
US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)
Phishing & Email Based Attacks
67% of data breaches start with a single click - Help Net Security
Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)
BEC – Business Email Compromise
Other Social Engineering; Smishing, Vishing, etc
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
Artificial Intelligence
AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)
UK calls artificial intelligence a “chronic risk” to its national security | CSO Online
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)
Intersection of generative AI, cyber security and digital trust | TechTarget
Hackers are using AI to create vicious malware, says FBI | Digital Trends
The generative A.I. war between companies and hackers is starting (cnbc.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
OWASP Top 10 for LLM applications is out! - Security Affairs
Think tank wants monitoring of China's AI-enabled products • The Register
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica
Organisations want stronger AI regulation amid growing concerns - Help Net Security
Malware
Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)
Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)
IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot
Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)
Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs
New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)
New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security
MacOS malware discovered on Russian dark web forum | Security Magazine
Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)
Mobile
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)
New smartphone vulnerability could allow hackers to track user location (techxplore.com)
Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
Botnets
Denial of Service/DoS/DDOS
Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)
Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)
Russian hackers crash Italian bank websites, cyber agency says | Reuters
"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)
Internet of Things – IoT
Data Breaches/Leaks
Cyber security breaches exposed 146 million records - ITSecurityWire
Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)
Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)
Organised Crime & Criminal Actors
As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)
How Hackers Trick You With Basic Sales Techniques (makeuseof.com)
Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)
Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist
Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)
New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)
Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)
BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)
Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register
Insider Risk and Insider Threats
How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)
US military battling cyber threats from within and without • The Register
Deepfakes
Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)
AML/CFT/Sanctions
Insurance
Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)
Dark Web
'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Supply Chain and Third Parties
Doctors sign up to legal case against Capita over GP data breach - Pulse Today
Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Software Supply Chain
Cloud/SaaS
Attackers can turn AWS SSM agents into remote access trojans - Help Net Security
New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)
Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday
In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online
Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch
These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek
Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop
Identity and Access Management
Encryption
Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)
SCARF cipher sets new standards in protecting sensitive data - Help Net Security
Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post
Open Source
Open-source security challenges and complexities - Help Net Security
Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin
Social media giants on notice over foreign cyber threat (themandarin.com.au)
NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs
Travel
Regulations, Fines and Legislation
Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)
CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch
What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget
Organizations want stronger AI regulation amid growing concerns - Help Net Security
Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)
Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra
Models, Frameworks and Standards
OWASP Top 10 for LLM applications is out! - Security Affairs
Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru
What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget
Careers, Working in Cyber and Information Security
How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)
US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek
Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru
White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)
Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW
Law Enforcement Action and Take Downs
Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update
FBI: Without Section 702, we can't ID cyber criminals • The Register
Privacy, Surveillance and Mass Monitoring
UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian
Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)
Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica
Tor’s shadowy reputation will only end if we all use it | Engadget
After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage
Russia
BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)
Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)
Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent
Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)
MacOS malware discovered on Russian dark web forum | Security Magazine
Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times
Russian hackers crash Italian bank websites, cyber agency says | Reuters
Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)
China
FBI warns of broad AI threats facing tech companies and the public | CyberScoop
Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica
US senator victim-blames Microsoft for Chinese hack • The Register
Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)
US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)
Think tank wants monitoring of China's AI-enabled products • The Register
Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop
US military battling cyber threats from within and without • The Register
Iran
Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)
Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)
North Korea
Misc/Other/Unknown
Vulnerability Management
Relying on CVSS alone is risky for vulnerability management - Help Net Security
40% of Log4j Downloads Still Vulnerable (securityintelligence.com)
What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)
Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)
Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica
Vulnerabilities
Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek
Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)
New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek
Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK
US fears attacks will continue against Ivanti MDM installs • The Register
Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)
Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)
Firefox 116: improved upload performance and security fixes - gHacks Tech News
Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop
Tools and Controls
Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru
Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)
Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)
US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek
Data stolen from millions via missing web app access checks • The Register
Keeping the cloud secure with a mindset shift - Help Net Security
Strengthening security in a multi-SaaS cloud environment | TechCrunch
5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)
AI has a place in cyber, but needs effective evaluation | Computer Weekly
Top 5 benefits of SASE to enhance network security | TechTarget
MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert
What is Data Security Posture Management (DSPM)? (thehackernews.com)
Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)
What is an ISMS (Information Security Management System)? | UpGuard
VPNs remain a risky gamble for remote access - Help Net Security
Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)
Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)
Reports Published in the Last Week
Other News
UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)
Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)
How local governments can combat cyber crime - Help Net Security
Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)
Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)
Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek
80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 19 August 2022
Black Arrow Cyber Threat Briefing 19 August 2022:
-Businesses Found to Neglect Cyber Security Until it is Too Late
-Cyber Tops Staff Retention as Biggest Business Risk
-Cyber Criminals Weaponising Ransomware Data for BEC Attacks
-Callback Phishing Attacks See Massive 625% Growth Since Q1 2021
-Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022
-Are Cloud Environments Secure Enough for Today’s Threats?
-Most Q2 Attacks Targeted Old Microsoft Vulnerabilities
-Cyber Resiliency Isn't Just About Technology, It's About People
-The “Cyber Insurance Gap” Is Threatening Most Companies
-Easing the Cyber-Skills Crisis with Staff Augmentation
-Mailchimp Suffers Second Breach In 4 Months
-Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Businesses Found to Neglect Cyber Security Until it is Too Late
Businesses only take cyber security seriously after falling victim to an attack, according to a report published by the UK's Department for Culture, Media and Sport (DCMS) this week.
For the research, the UK government surveyed IT professionals and end users in 10 UK organisations of varying sizes that have experienced cyber security breaches in the past three years. This analysed their existing level of security prior to a breach, the business impacts of the attack and how cyber security arrangements changed in the wake of the incident.
Nearly all respondents said their organisation took cyber security much more seriously after experiencing a breach, including reviewing existing practices and significantly increased investment in technology solutions.
While there was a consensus among participants that there is a greater need for vigilance and investment in cyber security, there was significant variation between organisations’ practices in this area. Medium and large organisations tended to have formal plans in place and budget allocated for further cyber security investment, but smaller businesses mostly did not due to resource constraints.
https://www.infosecurity-magazine.com/news/cybersecurity-seriously-breach/
Cyber Tops Staff Retention as Biggest Business Risk
Cyber security concerns represent the most serious risk facing organisations, beating inflation, talent acquisition/retention and rising production costs, according to a new PwC study.
The PwC Pulse: Managing business risks in 2022 report was compiled from interviews with 722 US C-suite executives.
Two-fifths (40%) ranked cyber-attacks as a serious risk, rising to 51% of board members. PwC said boardrooms may be getting more attuned to cyber risk after new SEC proposals were published in March that would require directors to oversee cyber security risk and be more transparent about their cyber expertise.
In fact, executives appear to be getting more proactive with cyber security on a number of fronts.
Some 84% said they are taking action or monitoring closely policy areas related to cyber security, privacy and data protection. A further 79% said they’re revising or enhancing their cyber risk management approaches, and half (49%) pointed to increased investments in cyber security and privacy.
By way of comparison, 53% said they’re increasing investment in digital transformation and 52% in IT.
Cyber security is a strategic business enabler – technology is the central nervous system of many companies – and confirming its data is secure and protected can be brand defining.
There’s now heightened attention from a wider range of business leaders and corporate directors as they recognise that cyber security and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cyber security program is in place, and manage these risks to create opportunities.
https://www.infosecurity-magazine.com/news/cyber-tops-staff-retention-biggest/
Cyber Criminals Weaponising Ransomware Data for BEC Attacks
Cyber criminals and other threat actors are increasingly using data dumped from ransomware attacks in secondary business email compromise (BEC) attacks, according to new analysis by Accenture Cyber Threat Intelligence.
The ACTI team analysed data from the 20 most active ransomware leak sites, measured by number of featured victims, between July 2021 and July 2022. Of the 4,026 victims (corporate, non-governmental organisations, and governmental entities) uncovered on various ransomware groups’ dedicated leak sites, an estimated 91% incurred subsequent data disclosures, ACTI found.
Dedicated leak sites most commonly provide financial data, followed by employee and client personally identifiable information and communication documentation. The rise of double extortion attempts – where attack groups use ransomware to exfiltrate data and then publicise the data on dedicated leak sites – has made large amounts of sensitive corporate data available to any threat actor. The most valuable types of data most useful for conducting BEC attacks are financial, employee, and communication data, as well as operational documents. There is a significant overlap between the types of data most useful for conducting BEC attacks and the types of data most commonly posted on these ransomware leak sites, ACTI said.
The data is a “rich source for information for criminals who can easily weaponise it for secondary BEC attacks,” ACTI said. “The primary factor driving an increased threat of BEC and VEC attacks stemming from double-extortion leaks is the availability of [corporate and communication data].”
Callback Phishing Attacks See Massive 625% Growth Since Q1 2021
Hackers are increasingly moving towards hybrid forms of phishing attacks that combine email and voice social engineering calls as a way to breach corporate networks for ransomware and data extortion attacks.
According to Agari's Q2 2022 cyber-intelligence report, phishing volumes have only increased by 6% compared to Q1 2022. However, the use of 'hybrid vishing' is seeing a massive 625% growth.
Vishing, "voice phishing," involves some form of a phone call to perform social engineering on the victim. Its hybrid form, called "callback phishing," also includes an email before the call, typically presenting the victim with a fake subscription/invoice notice.
The recipient is advised to call on the provided phone number to resolve any issues with the charge, but instead of a real customer support agent, the call is answered by phishing actors.
The scammers then offer to resolve the presented problem by tricking the victim into disclosing sensitive information or installing remote desktop tools on their system. The threat actors then connect to the victim's device remotely to install further backdoors or spread to other machines.
These callback phishing attacks were first introduced by the 'BazarCall/BazaCall' campaigns that appeared in March 2021 to gain initial access to corporate networks for ransomware attacks.
The attacks work so well that multiple ransomware and extortion gangs, such as Quantum, Zeon, and Silent Ransom Group, have adopted the same technique today to gain initial network access through an unsuspecting employee.
"Hybrid Vishing attacks reached a six-quarter high in Q2, increasing 625% from Q1 2021. This threat type also contributed to 24.6% of the overall share of Response-Based threats," details the Agari report.
"While this is the second quarter hybrid vishing attacks have declined in share due to the overall increase of response-based threats, vishing volume has steadily increased in count over the course of the year."
Credential Phishing Attacks Skyrocketing, 265 Brands Impersonated in H1 2022
Abnormal Security released a report which explores the current email threat landscape and provides insight into the latest advanced email attack trends, including increases in business email compromise, the evolution of financial supply chain compromise, and the rise of brand impersonation in credential phishing attacks.
The research found a 48% increase in email attacks over the previous six months, and 68.5% of those attacks included a credential phishing link. In addition to posing as internal employees and executives, cyber criminals impersonated well-known brands in 15% of phishing emails, relying on the brands’ familiarity and reputation to convince employees to provide their login credentials. Most common among the 265 brands impersonated in these attacks were social networks and Microsoft products.
“The vast majority of cyber crime today is successful because it exploits the people behind the keyboard,” said Crane Hassold, director of threat intelligence at Abnormal Security.
“By compromising people rather than networks, it’s easier for attackers to circumvent conventional security measures. This is especially true with brand impersonation, where attackers use urgency and fear to encourage their targets to provide usernames and passwords.”
LinkedIn took the top spot for brand impersonation, but Outlook, OneDrive and Microsoft 365 appeared in 20% of all attacks. What makes these attacks particularly dangerous is that phishing emails are often the first step to compromising employee email accounts. Acquiring Microsoft credentials enables cyber criminals to access the full suite of connected products, allowing them to view sensitive data and use the account to send business email compromise attacks.
https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/
Are Cloud Environments Secure Enough for Today’s Threats?
Cyber security is a major problem right now. Not only is it the highest priority of any given business to keep their own data and their customers’ and clients’ data secure, but changes in the workplace have had a knock-on effect on cyber security. The concept of working from home has forced businesses all around the world to address old and new cyber security threats. People taking their laptops, and therefore their data, home to public networks that can be hacked or leaving access details like passwords scribbled on notebooks has meant that access to a business and therefore their customers’ data is a lot more accessible.
The saving grace was said to be the cloud. Beyond retraining cyber security in staff workforces, the practical solution was to move data into the cloud. But we’re now a few years from the point when the cloud really gained popularity. Is it still the answer to all our cyber security problems? Is there a chance of risk to using the cloud?
Cloud data breaches do happen and misconfiguration is a leading cause of them, mainly due to businesses inadequate cyber security strategies. This is due to several factors, such as the fundamental nature of the cloud designed to be easy for anyone to access, and businesses unable to completely see or control the cloud’s infrastructure and therefore relying on the cyber security controls that are provided by the cloud service provider (or CSP).
Unauthorised access is also a risk. The internet, which is a readily available public resource to most of the world, makes it easy for hackers to access data if they have the credentials to get past the cyber security set up by the individual business. This is where the ugliness of internal cloud breaches happens. If security is not configured well or credentials like passwords and secret questions are compromised, an attacker can easily access the cloud.
However, it’s not only through an employee that hackers access credentials. Phishing is a very common means of gaining information that would allow access to a customer or business data.
Plus, the simple nature of sharing data can easily backfire on a company. A lot of data access is granted with a link to someone external, which can then be forwarded, either sold or stolen, to an attacker to access the cloud’s data.
https://www.itsecurityguru.org/2022/08/16/are-cloud-environments-secure-enough-for-todays-threats/
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities
Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis.
Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw (CVE-2021-40444) last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited.
Kaspersky said it has observed threat actors exploiting the flaw in attacks on organisations across multiple sectors including the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, the adversaries have used social engineering tricks to try and get victims to open specially crafted Office documents that would then download and execute a malicious script. The flaw was under active attack at the time Microsoft first disclosed it in September 2021.
Attacks targeting a remote code execution vulnerability in Microsoft's MSHTML browser engine — which was patched last September — soared during the second quarter of this year, according to a Kaspersky analysis. Researchers from Kaspersky counted at least 4,886 attacks targeting the flaw last quarter, an eightfold increase over the first quarter of 2022. The security vendor attributed the continued adversary interest in the vulnerability to the ease with which it can be exploited. According to Kaspersky, exploits for Windows vulnerabilities accounted for 82% of all exploits across all platforms during the second quarter of 2022. While attacks on the MSHTML vulnerability increased the most dramatically, it was by no means the most exploited flaw, which was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago that was attacked some 345,827 times last quarter.
Cyber Resiliency Isn't Just About Technology, It's About People
Cyber attacks are on the rise — but if we're being honest, that statement has been true for quite a while, given the acceleration of cyber incidents over the past several years. Recent research indicates that organisations experienced 50% more attack attempts per week on corporate networks in 2021 than they did in 2020, and tactics such as phishing are becoming increasingly popular as attackers refine their tried-and-true methods to more successfully entice unsuspecting targets.
It's no surprise, then, that cyber resiliency has been a hot topic in the cyber security world. But although cyber resiliency refers broadly to the ability of an organisation to anticipate, withstand, and recover from cyber security incidents, many experts make the mistake of applying the term specifically to technology. And while it's true that detection and remediation tools, backup systems, and other resources play an important role in cyber resiliency, organisations that focus exclusively on technology risk are overlooking an equally important element: people.
People are often thought of as the weak link in cyber security. It's easy to understand why. People fall for phishing scams. They use weak passwords and procrastinate on installing security updates. They misconfigure hardware and software, leave cloud assets unsecured, and send confidential files to the wrong recipient. There's a reason so much cyber security technology is moving toward automation: removing people from the equation is seen as one of the most obvious ways to improve security. To many security experts, that's just common sense.
Except — is it, really? It's true that people make mistakes — it's called "human error" for a reason, after all — but many of those mistakes come when employees aren't put in a position to succeed. Phishing is a great example. Most people are familiar with the concept of phishing, but many may not be aware of the nefarious techniques that today's attackers deploy. If employees have not been properly trained, they may not be aware that attackers often impersonate real people within the organisation, or that the CEO asking them to buy gift cards "for a company happy hour" probably isn't legit. Organisations that want to build strong cyber-resiliency cannot pretend that people don't exist. Instead, they need to prioritise the resiliency of their people just as highly as the resiliency of their technology.
Training the organisation to recognise the signs of common attack tactics, practice better password and cyber hygiene, and report signs of suspicious activity can help ease the burden on IT and security personnel by providing them better information in a more timely manner. It also avoids some of the pitfalls that create a drain on their time and resources. By ensuring that people at every level of the business are more resilient, today's organisations will discover that their overall cyber-resiliency will improve significantly.
The “Cyber Insurance Gap” Is Threatening Most Companies
A new study by BlackBerry and Corvus Insurance confirms a “cyber insurance gap” is growing, with a majority of businesses either uninsured or under insured against a rising tide of ransomware attacks and other cyber threats.
Only 19% of all businesses surveyed have ransomware coverage limits above the median ransomware demand amount ($600,000)
Among SMBs with fewer than 1,500 employees, only 14% have a coverage limit in excess of $600,000
37% of respondents with cyber insurance do not have any coverage for ransomware payment demands
43% of those with a policy are not covered for auxiliary costs such as court fees or employee downtime
60% say they would reconsider entering into a partnership or agreement with another business or supplier if the organisation did not have comprehensive cyber insurance
Endpoint detection and response (EDR) software is frequently a key component to obtaining a policy
34% of respondents have been previously denied cyber coverage by insurance providers due to not meeting EDR eligibility requirements
Easing the Cyber-Skills Crisis with Staff Augmentation
Filling cyber security roles can be costly, slow, and chancy. More firms are working with third-party service providers to quickly procure needed expertise.
There are many possible solutions to the cyber security skills shortage, but most of them take time. Cyber security education, career development tracks, training programs, employer-sponsored academies, and internships are great ways to build a talent pipeline and develop skill sets to meet organisational needs in years to come.
But sometimes the need to fill a gap in capability is more immediate.
An organisation in the entertainment industry recently found itself in such a position. Its primary cyber security staff member quit suddenly without notice, taking along critical institutional knowledge and leaving various projects incomplete. With its key defender gone, the organisation's environment was left vulnerable. In a scarce talent market, the organisation faced a long hiring process to find a replacement — too long to leave its digital estate unattended. It needed expertise, and quickly.
According to a 2021 ESG report, 57% of organisations have been impacted by the global cyber security skills crisis. Seventy-six percent say it's difficult to recruit and hire security professionals. The biggest effects of this shortage are increasing workloads, positions open for weeks or months, and high cyber security staff burnout and attrition.
In this climate, more companies are turning to third parties for cyber security staff reinforcement. According to a NewtonX study, 56% of organisations are now subcontracting up to a quarter of their cyber security staff. Sixty-nine percent of companies rely on third-party expertise to assist in mitigating the risk of ransomware — up from 58% in 2017 — per a study by Ponemon and CBI, a Converge Company.
One way that companies gain this additional support is via third-party staff augmentation and consulting services. Cyber security staff augmentation, or strategic staffing, entails trained external consultants acting as an extension of an organisation's security team in a residency. Engagements can be anywhere from a few weeks to a few years, and roles can range from analysts and engineers to architects, compliance specialists, and virtual CISOs.
https://www.darkreading.com/operations/easing-the-cyber-skills-crisis-with-staff-augmentation
Mailchimp Suffers Second Breach In 4 Months
Mailchimp suffered another data breach earlier this month, and this one cost it a client.
In a statement Friday, Mailchimp disclosed that a security incident involving phishing and social engineering tactics had targeted cryptocurrency and blockchain companies using the email marketing platform. It was the second Mailchimp breach to target cryptocurrency customers in a four-month span.
Though Mailchimp said it has suspended accounts where suspicious activity was detected while an investigation is ongoing, it did not reveal the source of the breach or scope of the attack.
More details were provided Sunday by one of the affected customers, DigitalOcean, which cut ties with Mailchimp on Aug. 9.
The cloud hosting provider observed suspicious activity beginning Aug. 8, when threat actors used its Mailchimp account for "a small number of attempted compromises" of DigitalOcean customer accounts -- specifically cryptocurrency platforms.
While it is not clear whether any DigitalOcean accounts were compromised, the company did confirm that some email addresses were exposed. More importantly, the statement attributed a potential source of the most recent Mailchimp breach.
https://www.techtarget.com/searchsecurity/news/252523911/Mailchimp-suffers-second-breach-in-4-months
Firm Told It Can't Claim Full Cyber Crime Insurance After Social Engineering Attack
A Minnesota computer store suing its cyber insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses.
SJ Computers alleged in a November lawsuit that Travelers Casualty and Surety Co. owed it far more than paid on a claim for nearly $600,000 in losses due to a successful business email compromise (BEC) attack.
According to its website, SJ Computers is a Microsoft Authorised Refurbisher, reselling Dell, HP, Lenovo and Acer products, as well as providing tech services including software installs and upgrades.
Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud. The motion was granted with prejudice last Friday.
In the dismissal order, the US District Court for Minnesota found that the two policy agreements are mutually exclusive, as well as finding SJ's claim fell squarely into its social engineering fraud agreement with Travelers, which has a cap of $100,000.
When SJ filed its claim with Travelers, the court noted, it did so only under the social engineering fraud agreement. After realising the policy limit on computer fraud was 10 times higher, "SJ Computers then made a series of arguments – ranging from creative to desperate – to try to persuade Travelers that its loss was not the result of social-engineering-fraud (as SJ Computers itself had initially said) but instead the result of computer fraud," the district judge wrote in the order.
https://www.theregister.com/2022/08/16/social_engineering_cyber_crime_insurance/
Threats
Ransomware
Ransomware Group Threatens to Leak Data Stolen From Security Firm Entrust | SecurityWeek.Com
Cisco Confirms Hack: Yanluowang Ransom Gang Claims 2.8GB Of Data (informationsecuritybuzz.com)
Ransomware is still on the rise. Here's what you need to do to stay safe from hackers | ZDNET
Russian Man Extradited to US for Laundering Ryuk Ransomware Money | SecurityWeek.Com
‘Coopetition’ a growing trend among ransomware gangs (computerweekly.com)
Hackers Attack UK Water Supplier, Sends Ransom Demand to the Wrong Company (gizmodo.com)
SOVA malware adds ransomware feature to encrypt Android devices (bleepingcomputer.com)
BlackByte ransomware v2 is out with new extortion novelties - Security Affairs
Ransomware is back, healthcare sector most targeted - Help Net Security
Why Hackers Are Now Targeting Electric Car Charging Stations (nocamels.com)
BlackByte Ransomware Gang Returns With Twitter Presence, Tiered Pricing (darkreading.com)
Ski-Doo maker BRP resumes operations following cyber attack; shares fluctuate - MarketWatch
Argentina's Judiciary of Córdoba hit by PLAY ransomware attack (bleepingcomputer.com)
BEC – Business Email Compromise
Phishing & Email Based Attacks
Response-based attacks make up 41% of all email-based scams - Help Net Security
PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on Security
Microsoft admits it can't stop scammers fooling you with their latest tricks | ZDNET
Other Social Engineering; SMishing, Vishing, etc
Malware
Hackers Deploy Bumblebee Loader to Breach Target Networks - Infosecurity Magazine
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections (darkreading.com)
Malicious browser extensions targeted almost 7 million people (bleepingcomputer.com)
DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities (thehackernews.com)
Whack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox (darkreading.com)
Mobile
SOVA Android malware now also encrypts victims' files - Security Affairs
Malware devs already bypassed Android 13's new security feature (bleepingcomputer.com)
Google releases Android 13 with improved privacy and security features - Help Net Security
Android malware apps with 2 million installs found on Google Play (bleepingcomputer.com)
Researchers Find 35 Adware Apps on Google Play - Infosecurity Magazine
Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (thehackernews.com)
Internet of Things – IoT
How attackers are exploiting corporate IoT - Help Net Security
Amazon fixes Ring Android app flaw exposing camera recordings (bleepingcomputer.com)
Data Breaches/Leaks
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
With Plunge in Value, Cryptocurrency Crimes Decline in 2022 (darkreading.com)
Hardware-based threat defence against increasingly complex cryptojackers - Microsoft Security Blog
Insider Risk and Insider Threats
Ex-HP manager jailed for $5m company card shopping spree • The Register
Microsoft Employees Exposed Own Company’s Internal Logins (vice.com)
Fraud, Scams & Financial Crime
AML/CFT/Sanctions
Insurance
Organisations are losing cyber insurance as an important risk management tool - Help Net Security
For cyber insurance, some technology leads to higher premiums (techtarget.com)
New Study Reveals Serious Cyber-Insurance Shortfalls - Infosecurity Magazine
Supply Chain and Third Parties
Denial of Service DoS/DDoS
Cloud/SaaS
Organisations Struggle to Fend Off Cloud and Web Attacks - Infosecurity Magazine
Incident response in the cloud can be simple if you are prepared - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Credential Theft Is (Still) A Top Attack Method (thehackernews.com)
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks | SecurityWeek.Com
Over 9,000 VNC servers exposed online without a password (bleepingcomputer.com)
Privacy
Google fined $60 million over Android location data collection (bleepingcomputer.com)
New Amazon Ring Vulnerability Could Have Exposed All Your Camera Recordings (thehackernews.com)
Period and pregnancy tracking apps have bad privacy protections, report finds - The Verge
Regulations, Fines and Legislation
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
5 Russia-Linked Groups Target Ukraine in Cyberwar (darkreading.com)
Russia-linked Gamaredon APT continues to target Ukraine - Security Affairs
Microsoft shuts down accounts linked to Russian spies • The Register
State-Sponsored APTs Dangle Job Opps to Lure In Spy Victims (darkreading.com)
Estonia Repels Biggest Cyber-Attack Since 2007 - Infosecurity Magazine
NHS cyber attacks hit record levels in four in five trusts after Russian invasion (telegraph.co.uk)
Nation State Actors
Nation State Actors – Russia
Microsoft disrupts Russian hackers' operation on NATO targets (bleepingcomputer.com)
Russian APT29 hackers abuse Azure services to hack Microsoft 365 users (bleepingcomputer.com)
Microsoft Disrupts Russian Group's Multiyear Cyber-Espionage Campaign (darkreading.com)
Russian hackers target Ukraine with default Word template hijacker (bleepingcomputer.com)
Estonia says it repelled major cyber attack after removing Soviet monuments | Reuters
Nation State Actors – China
Western companies wake up to China risk | Financial Times (ft.com)
China-backed APT41 Hackers Targeted 13 Organisations Worldwide Last Year (thehackernews.com)
China-linked RedAlpha behind multi-year credential theft campaign - Security Affairs
Chinese Cyberspy Group 'RedAlpha' Targeting Governments, Humanitarian Entities | SecurityWeek.Com
China's APT41 Embraces Baffling Approach for Dropping Cobalt Strike Payload (darkreading.com)
Chinese takeover of tech company blocked over security fears (telegraph.co.uk)
3 ways China's access to TikTok data is a security risk | CSO Online
Montana flagged bugs in cow app exploited in alleged China hack | Business and Economy | Al Jazeera
APT41 group: 4 malicious campaigns, 13 victims, new tools and techniques - Help Net Security
Nation State Actors – North Korea
Vulnerability Management
Vulnerabilities
CISA adds 7 vulnerabilities to list of bugs exploited by hackers (bleepingcomputer.com)
Google patches yet another Chrome zero-day vulnerability (techtarget.com)
Chrome browser gets 11 security fixes with 1 zero-day – update now! – Naked Security (sophos.com)
Cisco fixes High-Severity bug in Secure Web Appliance - Security Affairs
Exploit out for critical Realtek flaw affecting many networking devices (bleepingcomputer.com)
Safari 15.6.1 fixes a zero-day flaw actively exploited in the wild - Security Affairs
Rapid7: Cisco ASA and ASDM flaws went unpatched for months (techtarget.com)
Windows Vulnerability Could Crack DC Server Credentials Open (darkreading.com)
ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors (thehackernews.com)
PoC exploit code for the critical Realtek RCE flaw released online - Security Affairs
Other News
Exploiting stolen session cookies to bypass multi-factor authentication (MFA) - Help Net Security
Janet Jackson music video given CVE for crashing laptops • The Register
How aware are organisations of the importance of endpoint management security? - Help Net Security
The Future of Cyber Security is Prevention | SecurityWeek.Com
DigitalOcean Discloses Impact From Recent Mailchimp Cyber Attack | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 01 April 2022
Black Arrow Cyber Threat Briefing 01 April 2022
-One Tenth of UK Staff Bypass Corporate Security
-Majority Of Data Security Incidents Caused by Insiders
-One-Third of UK Firms Suffer A Cyber Attack Every Week
-Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth
-86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack
-Multiple Hacking Groups Are Using the War in Ukraine As A Lure In Phishing Attempts
-4 Ways Attackers Target Humans to Gain Network Access
-Security Incidents Reported to FCA Surge 52% in 2021
-NCSC Suggests Rethinking Russian Supply Chain Risks
-25% Of Workers Lost Their Jobs In The Past 12 Months After Making Cyber Security Mistakes: Report
-Attackers Compromise 94% Of Critical Assets Within Four Steps Of Initial Breach
-UK Spy Chief Warns Russia Looking for Cyber Targets
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
One Tenth of UK Staff Bypass Corporate Security
A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation’s security measures.
The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace.
The research has revealed that many hybrid workers do not see cyber security as their responsibility, with many actively finding workarounds or engaging in risky behaviours such as password reuse.
19% of employees said they reuse passwords for multiple accounts and applications, with only 15% using password managers.
The problem seems to stem from user friction in existing security measures. Only 44% of survey participants said they found it easy to securely access their IT equipment.
A majority said they would be willing to use biometric authentication, a reflection of how enterprise security is still catching up to consumer functionality.
https://www.itsecurityguru.org/2022/03/28/one-tenth-of-uk-staff-bypass-corporate-security/
Majority Of Data Security Incidents Caused by Insiders
New research from Imperva has revealed that 70% of EMEA organisations have no insider risk strategy, despite 59% of data security incidents being caused by employees.
The shocking revelation comes as part of a wider study carried out by Forrester: Insider Threats Drive Data Protection Improvements. The study involved interviewing 150 security and IT professionals in EMEA.
An insider threat is defined by Imperva as originating from “inappropriate use of legitimate authorised user accounts” by either their rightful owner or a threat actor who has managed to compromise them.
The study found that insider threats were responsible for 59% of incidents impacting sensitive data in the past 12 months. This supports a previous Imperva analysis of the most significant breaches of the past five years, revealing that 24% were caused by either human error or compromised credentials.
https://www.itsecurityguru.org/2022/04/01/majority-of-data-security-incidents-caused-by-insiders/
One-Third of UK Firms Suffer a Cyber Attack Every Week
Cyber attacks and related incidents at UK organisations continue their seemingly unstoppable upward trajectory, with new statistics from the Department for Digital, Culture, Media and Sport (DCMS) revealing that 31% of businesses and 26% of charity organisations now experience incidents on a weekly basis.
The data, contained in the annual cyber security breaches survey report, paints a stark picture of the scale of the threat facing the average organisation, and the urgent need to boost standards and defences.
It is vital that every organisation takes cyber security seriously as more and more business is done online and we live in a time of increasing cyber risk. No matter how big or small your organisation is, you need to take steps to improve digital resilience.
Some 20% of businesses and 19% of charities said they had experienced a negative outcome as a direct consequence of an attack. The average cost of an attack, spread out across all organisations, now works out at £4,200, or £19,400 if only medium and large businesses are considered, although there is probably a vast amount of under-reporting, so the true figures are certainly higher.
Meanwhile, 35% of businesses and 38% of charities said they had experienced some kind of negative impact during the incident, such as service downtime.
https://www.computerweekly.com/news/252515288/One-third-of-UK-firms-suffer-a-cyber-attack-every-week
Russia's Cyber Criminals Fear Sanctions Will Erase Their Wealth
Punitive economic sanctions over Russia's invasion of Ukraine had crooks discussing the best ways to adapt to the new reality.
Members of Russian-language underground forums are not immune to the latest news. Russia's invasion of Ukraine and subsequent economic sanctions against Moscow got forum users to discuss how to live in this new world they find themselves in.
According to a report by the Digital Shadows Photon team, dark web forums are teeming with questions on how to ensure the safety of funds held in Russia-based accounts.
One user sought advice on what to do with dollars held in a Russian bank, with others suggesting converting dollars to rubles for a few months.
"I hope you were joking about [holding the funds in rubles for] half a year? After half a year, your rubles will only be good for lighting a fire, they will not be good for anything else," a forum user responded.
https://cybernews.com/news/russias-cybercriminals-fear-sanctions-will-erase-their-wealth/
86% Of Organisations Believe They Have Suffered a Nation-State Cyber Attack
A new study by Trellix and the Center for Strategic and International Studies (CSIS) has revealed that 86% of organisations believe they have fallen victim to a nation-state cyber attack.
The research surveyed 800 IT decision-makers in Australia, France, Germany, India, Japan, the UK and US.
It has also been revealed that 92% of respondents have faced, or suspect they have faced, a nation-state backed cyber attack in the past 18 months, or anticipate one in the future.
Russia and China were identified as the most likely suspects behind said attacks. 39% of organisations that believe they have been hit with a nation-state cyber attack believe Russia were the perpetrators.
Multiple Hacking Groups Are Using the War in Ukraine as A Lure in Phishing Attempts
Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyber attacks designed to steal login credentials, sensitive information, money and more from victims around the world.
According to cyber security researchers at Google's Threat Analysis Group (TAG), government-backed hackers from Russia, China, Iran and North Korea, as well as various unattributed groups and cyber criminal gangs, are using various themes related to the war in Ukraine to lure people into becoming victims of cyber attacks.
In just the last two weeks alone, Google has seen several hacking groups looking to take advantage of the war to fulfil their malicious aims, whether that's stealing information, stealing money, or something else.
4 Ways Attackers Target Humans to Gain Network Access
Since the day we started receiving email, we hope that our antivirus or endpoint protection software alerts us to problems. In reality, it often does not. When technology fails, it’s likely because the attacker made an end run around it by targeting humans. Here are four ways they do it:
1. The targeted human attack
2. Fraudulent wire transfer email
3. Tricking users into handing over credentials
4. Bypassing multi-factor authentication
Security Incidents Reported to FCA Surge 52% in 2021
The number of cyber security incidents reported to the UK’s financial regulator surged by over 50% last year after a significant increase in cyber-attacks, according to new figures from Picus Security.
The security vendor submitted Freedom of Information (FoI) requests to the Financial Conduct Authority (FCA) to compile its latest report, Cyber Security Incidents in the UK Financial Sector.
The 52% year-on-year increase in “material” security incidents reported to the FCA seems to have been driven by cyber-attacks, which comprised nearly two-thirds (65%) of these reports.
Picus Security claimed that the rest are likely explained by “system and process failures and employee errors.”
In addition, a third of incident reports were about corporate or personal data breaches, and a fifth involved ransomware.
Picus Security explained that to qualify as a material incident, there needs to have been a significant loss of data, operational IT outages, unauthorized IT access, and/or an impact on a large number of customers.
https://www.infosecurity-magazine.com/news/security-incidents-reported-fca/
NCSC Suggests Rethinking Russian Supply Chain Risks
The National Cyber Security Centre (NCSC) of the UK has urged organisations to reconsider the risks associated with “Russian-controlled” parts of their supply chains.
Ian Levy, technical director of the NCSC argued that “Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war. We also have hacktivists on each side, further complicating matters, so the overall risk has materially changed.”
Levy has suggested that while there is currently nothing to suggest that the Russian state intends to force commercial providers to sabotage UK interests, that doesn’t mean it will not happen in the future.
https://www.itsecurityguru.org/2022/03/30/ncsc-suggests-rethinking-russian-supply-chain-risks/
25% Of Workers Lost Their Jobs in The Past 12 Months After Making Cyber Security Mistakes: Report
For business leaders, there is never a good time for their employees to make mistakes on the job. This is especially true now for workers who have anything to do with the cyber security of their companies and organisations. Given the growing risks of cyber attacks across the world and the increased threats posed by Russia in the aftermath of their invasion of Ukraine, these are certainly perilous times.
Indeed, a new study released by email security company Tessian found that one in four employees (26%) lost their job in the last 12 months after making a mistake that compromised their company’s security.
According to the second edition of Tessian’s Psychology of Human Error report, people are falling for more advanced phishing scams—and the business stakes for mistakes are much higher.
The study also found that:
Two-fifths (40%) of employees sent an email to the wrong person, with almost one-third (29%) saying their business lost a client or customer because of the error
Over one-third (36%) of employees have made a mistake at work that compromised security and fewer are reporting their mistakes to IT.
Attackers Compromise 94% of Critical Assets Within Four Steps of Initial Breach
New research from XM Cyber analysing the methods, attack paths, and impacts of cyber attacks has discovered that attackers can compromise 94% of critical assets within just four steps of initial breach points. The hybrid cloud security company’s Attack Path Management Impact Report incorporates insights from nearly two million endpoints, files, folders, and cloud resources throughout 2021, highlighting key findings on attack trends and techniques impacting critical assets across on-prem, multi-cloud, and hybrid environments.
The findings showed that 75% of an organisation’s critical assets are open to compromise in their current security state, while 73% of the top attack techniques used last year involved mismanaged or stolen credentials. Just over a quarter (27%) of most common attack techniques exploited a vulnerability or misconfiguration.
UK Spy Chief Warns Russia Looking for Cyber Targets
A UK intelligence chief warned that the Kremlin is hunting for cyber targets and bringing in mercenaries to shore up its stalled military campaign in Ukraine.
Jeremy Fleming, who heads the GCHQ electronic spy agency, praised Ukrainian President Volodymyr Zelenskyy’s “information operation” for being highly effective at countering Russia’s massive disinformation drive spreading propaganda about the war.
While there were expectations that Russia would launch a major cyber attack as part of its military campaign, Fleming said such a move was never a central part of Moscow’s standard playbook for war.
“That’s not to say that we haven’t seen cyber in this conflict. We have — and lots of it,” Fleming said in a speech in Canberra, Australia, according to a transcript released in London on Wednesday.
He said GCHQ’s National Cyber Security Centre has picked up signs of “sustained intent” by Russia to disrupt Ukrainian government and military systems.
“We’ve seen what looks like some spillover of activity affecting surrounding countries,” Fleming said. “And we’ve certainly seen indicators which suggest Russia’s cyber actors are looking for targets in the countries that oppose their actions.”
He provided no further details. He said the UK and other Western allies will continue to support Ukraine in beefing up its cyber security defences.
https://www.securityweek.com/uk-spy-chief-warns-russia-looking-cyber-targets
Threats
Ransomware
Ransomware Payments Hitting New Records In 2021 - Help Net Security
UK Ransomware Attacks Double In Past Year, Expert Insight - Information Security Buzz
Ransomware, Endpoint Risks Are Top Concerns for DFIR Professionals | CSO Online
Not Enough Businesses Have A Formal Ransomware Plan In Place - Help Net Security
Ukraine, Conti, and the law of unintended consequences | CSO Online
FBI Investigating More than 100 Ransomware Variants - Infosecurity Magazine
Precursor Malware Is an Early Warning Sign for Ransomware (darkreading.com)
Cyber Blackmail Gains Traction in Ransomware Hijackers' Tool Set - MSSP Alert
Services Giant Admits $42m Fallout from Ransomware Attack - Infosecurity Magazine
Hive Ransomware Uses New 'IPfuscation' Trick to Hide Payload (bleepingcomputer.com)
Shutterfly, Hit By Conti Ransomware Group, Warns Staff Their Data Has Been Stolen • Graham Cluley
FBI: Ransomware Attacks Are Piling Up The Pressure On Public Services | ZDNet
BEC – Business Email Compromise
Phishing & Email Based Attacks
Calendly Actively Abused in Microsoft Credentials Phishing (bleepingcomputer.com)
Phishing Attacks: Malicious URLs May Outpace Email Attachment Risks - MSSP Alert
Phishing uses Azure Static Web Pages to impersonate Microsoft (bleepingcomputer.com)
Other Social Engineering
5 Old Social Engineering Tricks Employees Still Fall For, And 4 New Gotchas | CSO Online
Fraudsters Use 'Fake Emergency Data Requests' To Steal Info • The Register
Malware
Mobile
IoT
Organised Crime & Criminal Actors
Sanctions Hitting Russian Cyber-Criminals Hard - Infosecurity Magazine
Secret World of Pro-Russia Hacking Group Exposed in Leak - WSJ
UK Police Charges Two Teenagers for Their Alleged Role in Lapsus$ Group - Security Affairs
LAPSUS$ Hacks Globant. 70GB of Data Leaked from IT Firm (bitdefender.com)
Cryptocurrency/Cryptomining/Cryptojacking
How CISOs can Mitigate Cryptomining Malware (trendmicro.com)
Ronin Blockchain Hit With $620 Million Crypto Heist - IT Security Guru
Insider Risk and Insider Threats
Yale Finance Director Stole $40m In Computers to Resell • The Register
Making Security Mistakes May Come With A High Price For Employees - Help Net Security
Fraud, Scams & Financial Crime
Europol Dismantles Massive Call Centre Investment Scam Operation (bleepingcomputer.com)
Emily Maitlis Opens Up About Terrifying Bank Scam: ‘I Feel Sick’ | The Independent
Supply Chain
Denial of Service DoS/DDoS
DDoS Attacks Becoming Larger And More Complex, Finance Most Targeted Sector - Help Net Security
Number of DDoS Attacks in 2021 Reached 9.75 Million - Help Net Security
Beastmode Botnet Boosts DDoS Power With New Router Exploits (bleepingcomputer.com)
Passwords & Credential Stuffing
Spyware, Espionage & Cyber Warfare
Russian Invasion of Ukraine
Anonymous Targets Oligarchs' Russian Businesses - Security Affairs
With War Next Door, EU is Warned on Cyber Security Gaps | SecurityWeek.Com
Ukraine Intelligence Leaks Names of 620 Alleged Russian FSB Agents - Security Affairs
Russian Credential Thieves Target NATO, European Military • The Register
Viasat Confirms Satellite Modems Were Wiped with AcidRain Malware (bleepingcomputer.com)
Internet Provider to Ukrainian Military Hit With Major Cyber Attack - WSJ
GhostWriter APT Targets State Entities of Ukraine with Cobalt Strike Beacon - Security Affairs
Hacked WordPress Sites Force Visitors to DDoS Ukrainian Targets (bleepingcomputer.com)
Russia Facing Internet Outages Due to Equipment Shortage (bleepingcomputer.com)
Anonymous Is Working On A Huge Data Dump That Will Blow Russia Away - Security Affairs
Phishing Campaign Targets Russian Govt Dissidents With Cobalt Strike (bleepingcomputer.com)
Leaked Hacker Logs Show Weaknesses of Russia’s Cyber Proxy Ecosystem | CSO Online
Russian Aviation Authority Switches to Paper After Losing 65TB of Data | CyberNews
Anonymous Hacked Russian Thozis Corp, But Denies Attacks on Rosaviatsia - Security Affairs
ZTE Whistleblower: Chinese Companies Will Sell to Russia • The Register
Nation State Actors
Nation State Actors – Russia
UK Spy Boss Warns About Russia-China Tech Collaboration • The Register
UK Cyber Security Centre Advises Review of Russian Tech • The Register
Russia Ranks Top For State-Linked Online Misinformation • The Register
Google: Russian phishing attacks target NATO, European military (bleepingcomputer.com)
Russian Spies Unmasked In Embarrassing Blow For Vladimir Putin (telegraph.co.uk)
Nation State Actors – China
Vulnerabilities
CISA Adds 66 Vulnerabilities to 'Must Patch' List | SecurityWeek.Com
Apple Rushes Out Patches for Two 0-days Threatening iOS and macOS Users | Ars Technica
Chrome Browser Gets Major Security Update | SecurityWeek.Com
Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances (thehackernews.com)
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors | Threatpost
Experts Warn Defenders: Don't Relax on Log4j | SecurityWeek.Com
Google Chrome, Microsoft Edge Updated to Close Security Hole • The Register
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn | Threatpost
Spring4Shell: No need To Panic, But Mitigations Are Advised - Help Net Security
Sophos Firewall Affected by A Critical Authentication Bypass Flaw - Security Affairs
CVE-2022-1162 Flaw in GitLab Allowed Threat Actors To Take Over Accounts - Security Affairs
Trend Micro Fixed High Severity Flaw In Apex Central Product Console - Security Affairs
Zyxel Urges Customers To Patch Critical Firewall Bypass Vulnerability | ZDNet
QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices (thehackernews.com)
Sector Specific
Health/Medical/Pharma Sector
Hive Ransomware Group Claims Partnership HealthPlan of California Data Breach | CSO Online
LockBit Victim Estimates Cost of Ransomware Attack To Be $42 Million (bleepingcomputer.com)
Retail/eCommerce
Shopping Trap: The Online Stores’ Scam That Hits Users Worldwide - Security Affairs
Automotive
Automaker Cyber Security Lagging Behind Tech Adoption, Experts Warn | Threatpost
CNI, OT, ICS, IIoT and SCADA
The Spectre of Stuxnet: CISA Issues Alert on Rockwell Automation ICS Vulnerabilities | ZDNet
Other News
Protecting Your Organisation Against a New Class of Cyber Threats: HEAT (darkreading.com)
Why Do Organisations Need To Prioritize Cyber Resiliency? - Help Net Security
How Security Complexity Is Being Weaponized (darkreading.com)
In Charts: Cyber Security Risks And Companies’ Readiness | Financial Times (ft.com)
CISA Warns of Attacks Against Internet-Connected UPS Devices | CSO Online
Hackers Posing as Police Convinced Apple and Meta to Share Basic Subscriber Info (softpedia.com)
Exploring the Intersection of Physical Security and Cyber Security (darkreading.com)
The Current State Of Enterprise Backup And Recovery - Help Net Security
Why Metrics Are Crucial To Proving Cyber Security Programs’ Value | CSO Online
COVID Bounce: A Massive 2021 Resurgence of Cyber Threats - Help Net Security
Rapid7 Finds Zero-Day Attacks Surged In 2021 (techtarget.com)
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.