Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

FBI Reports Cyber Crime Losses Reached $12.5 billion in 2023, Ransomware Losses Surged by 74%, Average Ransom Demand Reaching $600k

An FBI report into the cost of cyber crime has found that estimated losses in the US alone reached $12.5 billion in 2023. Ransomware accounted for $59.6 million, a 74% increase from the previous year’s report. Of note, the FBI report only deals with complaints made to the FBI; it therefore excludes other countries, and relies on the US organisations to identify that they have been impacted. It is therefore likely that the figure in the US, let alone globally, is significantly higher.

Sources: [Security Boulevard] [Security Week] [Infosecurity Magazine] [Tripwire] [Security Affairs]

Capita Plans £100 Million in Cost Cuts as it Continues to Grapple With 2023 Cyber Attack, Resulting in Significant Job Losses

In the aftermath of a significant cyber attack in 2023, Capita faces a steep financial hurdle with reported losses amounting to £106.6 million. Originally forecasted at £25 million, the revised figure underscores the substantial impact of the breach. Capita’s response strategy, including significant investments in recovery and cyber security bolstering, emphasises the escalating costs associated with data breaches. CEO Adolfo Hernandez announced plans for a substantial cost reduction of over £100 million, indicating the critical need for efficiency improvements to mitigate the financial strain. Capita’s experience serves as a potent reminder of the critical importance of robust cyber resilience strategies. These strategies are not just about preventing attacks, but also about mitigating the potentially devastating financial consequences should a breach occur.

Source: [ITPro]

Employment Law Firm Sues IT Company Over Ransomware Attack

A law firm in California has sued an IT solutions company, saying that after hiring the company to install a network system and server, the law firm suffered a ransomware attack. The law firm found that not long after the network was installed, they were unable to access their data, and when they had gone to retrieve a cloud backup, they had found this was already deleted, forcing them to pay the ransom to get their data back. The law firm is accusing the IT company of negligence and breach of contract and is seeking damages of at least $1 million.

Source: [Law360]

Stolen Passwords are a Hacker Goldmine

Passwords are not only crucial for organisational security, but they also come with significant costs and vulnerabilities. From the time spent by service desks on resets, to the expense of security incidents and breaches, the financial toll is substantial. Weak or reused passwords heighten the vulnerability, with breaches involving stolen credentials costing an average of $4.45 million. Cyber threats are evolving, with hackers increasingly favouring stolen user accounts over traditional malware. This shift, underscored by a notable 71% increase in attacks leveraging valid login credentials in 2023 as reported by CrowdStrike and IBM, highlights the repercussions of compromised credentials. Embracing technologies like multi-factor authentication (MFA) and single sign-on (SSO), along with employee education, can bolster security while alleviating financial strains. Robust identity management and zero-trust security frameworks are essential to mitigate risks further, especially in the face of rising cloud intrusions. Proactive investments in password security software such as password managers can help streamline operations and enhance overall organisational resilience against these evolving threats.

Sources: [Bleeping Computer] [Axios] 

Phishing Attacks Up 40 Percent in 2023; Attackers Leverage Social Engineering for Greater Success

Kaspersky recently released their annual spam and phishing report in which they identified over 709 million attempts to access phishing and scam websites, a 40% increase from the previous year. It should be noted that this number is just related to Kaspersky’s identification; the figure is likely far greater. With reports identifying that 90% of phishing involves social engineering, it is important to understand how it is leveraged.

Phishing attacks generally include an element of trust; for example, a bad actor impersonating a reputable brand or providing details about an individual that makes the attack more credible. Often, social engineering will rely on human characteristics, such as urgency, emotion and habit to try to manipulate the target to perform particular actions. Whilst the tools may change, the basis is the same; a successful phish requires user interaction. To mitigate the impact of phishing in corporate environments, organisations must stay informed about the latest adversarial activity and prioritise security measures such as multi-factor authentication (MFA) and providing employee awareness and education training that goes beyond ticking boxes.

Sources: [Beta News] [CSO Online] [Security Boulevard] [DarkReading]

Business Leaders Don’t Even Know They’ve Been Hacked

A survey of over 10,000 business leaders across various industries has found that a number of business leaders know little when it comes to their organisation’s cyber security landscape, with 1 in 10, “unsure” and unable to provide a definitive answer as to whether their organisation has had a data breach in 2023. The report highlights that there are a number of leadership positions that are not receiving sufficient information about their organisation’s data security situation.

Receiving regular reports with metrics about the organisation’s cyber security posture is key to organisations achieving and maintaining a solid level of governance, something that is required in various standards and regulations.

Source: [Tech.Co]

Rising Cyber Security Risks: Insider Threat Main Concern Among Mid-Market Firms

According to the 2023 CyberArk Identity Security Threat Landscape Report, insider threats are on the rise, with 68% of organisations reporting an increased frequency in the past year. These threats, considered one of the top concerns over the next 12 months, stem from within an organisation where authorised employees exploit their access to steal or leak sensitive data. Factors such as flexible working, an increase in job transitions, workforce reductions, third-party relationships, economic uncertainties, and employee stress levels further compound these challenges. Negligence, accounting for 62% of insider incidents, plays a significant role; these threats aren’t always malicious but can also be negligent or accidental. As these threats evolve, the potential consequences, including revenue loss and reputational damage, are becoming more apparent to business leaders. To mitigate risks, companies must prioritise improving identity security, particularly in controlling privileged access, and embrace a Zero Trust approach. This ensures full visibility and control over access to sensitive data, safeguarding critical assets and enhancing cyber resilience in an increasingly volatile landscape. Other key identified threats include AI-related risks, ransomware, deep fakes, and malware.

Sources: [TechRadar] [Comms Business]

C-Suite Executives: An Attacker’s Dream?

Cyber criminals are increasingly focusing on high-value targets, particularly C-suite executives who hold extensive organisational access. These executives, often overlooked in security practices and training, have become vulnerable links. The cyber security landscape of 2023 saw significant advancements but also revealed vulnerabilities, exacerbated by global conflicts and strategic cyber attacks. Cyber actors are now targeting entities with high return potential, with ransomware attackers tailoring their strikes to maximise revenues, often from smaller organisations. Interestingly, while automation is on the rise, cyber criminals are opting for a human touch, with human operatives often behind attacks. A report last year showed a nearly 30% spike in fraud specifically targeting senior executives, highlighting the vulnerability of the C-suite. This emphasises the need for robust cyber resilience strategies to safeguard these high-value targets.

Source: [SecurityBrief New Zealand]

Security Risks Plague SMEs in Shift to Remote Working

In the wake of the COVID-19 pandemic, remote working surged, offering businesses newfound flexibility and cost efficiencies. However, this paradigm shift comes with its own set of security challenges, particularly impacting startups and small businesses. The inherent flexibility of remote work exposes companies to risks like unauthorised access, IP theft, and malware. These threats are especially potent for SMEs, jeopardising their financial stability and reputation. Robust security measures include VPNs, enforcing regular software updates, and employee training to mitigate these risks. By embracing these strategies, SMEs can navigate the remote work landscape securely, unlocking its benefits while safeguarding against potential threats.

Source: [SecurityBrief New Zealand]

After Collecting $22 Million, Ransomware Group Stages FBI Takedown

The ransomware group responsible for facilitating a huge attack against a US prescription drug company for $22 million has gone dark, days after receiving the payment and standing accused of scamming their own affiliate out of their share of the gains. Days after the payment was made, AlphV’s public website started displaying a message saying it had been seized by the FBI as part of an international law enforcement action. Ransomware researchers have since said that it has not actually been seized, but appears to be a ploy to exit scam affiliates of the ransomware group. This proves the old adage that there really is no honour among thieves.

Source: [Ars Technica]

Cyber Attacks Remain Chief Concern for Businesses

A recent report has underscored the growing concern among UK corporate businesses regarding cyber attacks as the primary fraud threat in the upcoming year, with 73% of respondents expressing worry. As businesses grapple with the shift to hybrid and remote work models, ensuring robust counter-fraud measures and internal controls is imperative to safeguarding workforces regardless of location. This situation emphasises the critical importance of investing in employee training to combat evolving fraud threats. It highlights the far-reaching consequences that fraud can have on organisations and underscores the necessity of fostering an anti-fraud culture across all levels of the enterprise.

Source: [TheHRDirector]

Two New Ransomware Groups Join Forces to Launch Joint Attacks

Two ransomware groups, Ghostsec and Stormous, have joined forces to conduct double extortion ransomware attacks on various businesses across multiple countries. As part of this, their new ransomware-as-a-service (RaaS) program, STMX_GhostLocker, provides various options for their affiliates. GhostSec is already part of a coalition called the five families, involving 4 other entities. The group ventured into RaaS last year, offering services for as little as $269.99 per month.

Source: [The Hacker News]

Governance, Risk and Compliance

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• Cyber attacks remain chief concern for businesses | theHRD (thehrdirector.com)

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• What Cyber Security Chiefs Need From Their CEOs (darkreading.com)

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CISOs Tackle Compliance With Cyber Guidelines (informationweek.com)

• Are C-suite executives cyber security's weakest link? (securitybrief.co.nz

• 30 years of the CISO role – how things have changed since Steve Katz | CSO Online

• How to create an efficient governance control program - Help Net Security

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Cyber Insights 2024: A Dire Year for CISOs? - Security Week

• Cyber Pros’ Knowledge Gaps Lead to Errors | MSSP Alert

• Research finds that cyber security leaders are taking on multiple roles | Security Magazine

• How Security Leaders Can Break Down Barriers to Enable Digital Trust - Infosecurity Magazine (infosecurity-magazine.com)

Threats

Ransomware, Extortion and Destructive Attacks

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• FBI: US Ransomware Losses Surge 74% to $59.6 Million in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Report: Average Initial Ransomware Demand in 2023 Reached $600K - Security Boulevard

• What’s Fueling the Ransomware Epidemic? | Symantec Enterprise Blogs (security.com)

• Banning ransomware payments back on the agenda | Computer Weekly

• BlackCat Goes Dark After Ripping Off Change Healthcare Ransom (darkreading.com)

• Inside an Alphv/BlackCat ransomware attack | TechTarget

• Healthcare facing record ransom as cyber criminals continue to target sector - Emerging Risks Media Ltd

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The Register

• Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (thehackernews.com)

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• US cyber and law enforcement agencies warn of Phobos ransomware attacks (securityaffairs.com)

• Experts echo calls for ransomware ban as LockBit rallies • The Register

• Government urged to ban ransom payments to cyber criminals (computing.co.uk)

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Ransomware spikes against critical infrastructure, says FBI • The Register

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

• Government was third-largest ransomware target last year: FBI - Defense One

• JetBrains TeamCity under attack by ransomware thugs • The Register

Ransomware Victims

• A Deep Dive into the 2024 Prudential and LoanDepot Breaches - Security Boulevard

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• After collecting $22 million, AlphV ransomware group stages FBI takedown | Ars Technica

• Change Healthcare hack cripples payment systems across health providers - The Washington Post

• Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED

• Capita raises threat of further job cuts under plans to save another £100m | BelfastTelegraph.co.uk

• Capita drops 18% on £107m loss as financial impact of cyber attack is revealed | LSE:CPI (proactiveinvestors.co.uk)

• Fidelity Investments Notifying 28,000 People of Data Breach - Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• UnitedHealth's cyber attack should be a 'wake-up call' for healthcare (yahoo.com)

• Ransomware Attackers Leak Sensitive Swiss Government Documents, Login - Infosecurity Magazine (infosecurity-magazine.com)

• Security leaders weigh in on the recent UnitedHealth cyber attack | Security Magazine

• LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage (securityaffairs.com)

• Canada's anti-money laundering agency offline after cyber attack (bleepingcomputer.com)

• Uncle Sam intervenes in Change Healthcare ransomware fiasco • The RegisterFidelity Investments Notifying 28,000 People of Data Breach - Security Week

• Duvel says it has "more than enough" beer after ransomware attack (bleepingcomputer.com)

• Thousands of Dutch passports stolen in ransomware attacks available on dark web | NL Times

• Corporate Greed Made the Change Healthcare Cyber attack Worse (nymag.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• Action needed to avoid repeat of Southern Water cyber attack - Utility Week

Phishing & Email Based Attacks

• Phishing attacks up 40 percent in 2023 (betanews.com)

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• How attackers leverage social engineering for greater scamming success | CSO Online

• Cyber Criminals Spoof US Government Organisations in BEC, Phishing Attacks - Security Week

• Annual State of Email Security by the Numbers - Security Boulevard

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes - Help Net Security

• Kaspersky spam and phishing report for 2023 | Securelist

Other Social Engineering

• How attackers leverage social engineering for greater scamming success | CSO Online

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• The Rise of Social Engineering Fraud in Business Email Compromise (darkreading.com)

Artificial Intelligence

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• AI tools put companies at risk of data exfiltration - Help Net Security

• Don't Give Your Business Data to AI Companies (darkreading.com)

• Act now to stop WordPress and Tumblr selling your content to AI firms • Graham Cluley

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• 95% believe LLMs making phishing detection more challenging - Help Net Security

• Immediate AI risks and tomorrow's dangers - Help Net Security

• Defence: Leonardo CEO says stupidity poses a bigger threat than AI (cnbc.com)

2FA/MFA

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

Malware

• No “Apple magic” as 11% of macOS detections last year came from malware | Malwarebytes

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• GTPDOOR backdoor is designed to target telecom carrier networks (securityaffairs.com)

• Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware (thehackernews.com)

• Linux variant of BIFROSE RAT uses deceptive domain strategies (securityaffairs.com)

• Self-Propagating Worm Created to Target Generative AI Systems - Infosecurity Magazine (infosecurity-magazine.com)

• New Linux malware found targeting mobile networks across the world | TechRadar

• ScreenConnect flaws exploited to drop new ToddleShark malware (bleepingcomputer.com)

• Malware is coming for your ChatGPT credentials • The Register

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

• AI worm that infects computers and reads emails created by researchers | The Independent

• New WogRAT malware abuses online notepad service to store malware (bleepingcomputer.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

Mobile

• Jamf says 9% of smartphone have fallen for phishing attacks (appleinsider.com)

• Mobile banking malware growing rapidly, ThreatFabric warns | Biometric Update

• Apple warns of increased iPhone security risks | Computerworld

• The Privacy Danger Lurking in Push Notifications | WIRED

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Adds Android Pixel and Sunhillo Sureline Bugs to Its Known Exploited Vulnerabilities Catalog

• The Importance of Cyber security for Your Smart Devices | HackerNoon

• Phone hacking is a real danger. How to keep your data, location secure (usatoday.com)

Denial of Service/DoS/DDOS

• DDoS Attacks on Financial Services Industry Up 154%, According to New FS-ISAC/Akamai Report (prnewswire.com)

Internet of Things – IoT

• Someone is hacking 3D printers to warn owners of a security flaw (bitdefender.com)

• Popular doorbell camera brands contain security flaws, making them easy to hack: Report  | The Hill

• NCSC flags up cyber security for connected places | UKAuthority

• The Importance of Cyber Security for Your Smart Devices | HackerNoon

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

• Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (bleepingcomputer.com)

Data Breaches/Leaks

• The State Of Cyber Security (Part One): Why Are There Still So Many Data Breaches? (forbes.com)

• A leaky database spilled 2FA codes for the world’s tech giants | TechCrunch#

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Fidelity Investments Notifying 28,000 People of Data Breach - Security Week

• AI tools put companies at risk of data exfiltration - Help Net Security

• 4 Instructive Postmortems on Data Downtime and Loss (thehackernews.com)

Organised Crime & Criminal Actors

• FBI: Cyber Crime Losses Exceeded $12.5 Billion in 2023 - Security Week

• 2023 FBI Internet Crime Report reported cyber crime losses reached $12.5 billion in 2023 (securityaffairs.com)

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• $12.5 billion lost to cyber crime, amid tidal wave of crypto investment fraud | Tripwire

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users (thehackernews.com)

• Crypto fraud in 2023: How can security teams fight (securityintelligence.com)

Insider Risk and Insider Threats

• Comms Business - Insider threat main concern among mid-market firms

• Current workforce trends feed into rising cyber security risks | TechRadar

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Army Vet Spills National Secrets to Fake Ukrainian Girlfriend (darkreading.com)

• Chinese engineer accused of stealing Google's GPU and TPU secrets, transferring them to China-based startups | Tom's Hardware (tomshardware.com)

Supply Chain and Third Parties

• Employment Law Firm Sues IT Co. Over Ransomware Attack - Law360

• Capita plans £100 million in cost cuts as it continues to grapple with 2023 cyber attack | ITPro

• First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches (darkreading.com)

• American Express credit cards exposed in third-party data breach (bleepingcomputer.com)

• Hackers target FCC, crypto firms in advanced Okta phishing attacks (bleepingcomputer.com)

• Switzerland: Play ransomware leaked 65,000 government documents (bleepingcomputer.com)

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

Cloud/SaaS

• 10 Essential Processes for Reducing the Top 11 Cloud Risks (darkreading.com)

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Hackers target Coinbase, Binance staff with phishing clones of Gmail, iCloud (crypto.news)

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

Identity and Access Management

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• Major shifts in identity, ransomware, and critical infrastructure threat trends - Help Net Security

Encryption

• Preparing for the post-quantum cryptography environment today | CSO Online

Linux and Open Source

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Linux Malware Campaign Targets Misconfigured Cloud Servers - Security Week

• Linux Variants of Bifrost Trojan Evade Detection via Typosquatting (darkreading.com)

• Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Hacked WordPress sites use visitors' browsers to hack other sites (bleepingcomputer.com)

• Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets (thehackernews.com)

• Malware is coming for your ChatGPT credentials • The Register

• Stolen passwords are a hacker goldmine now, CrowdStrike and IBM find (axios.com)

• Passwords are Costing Your Organisation Money - How to Minimize Those Costs (bleepingcomputer.com)

• Poor Credential Hygiene - Security Boulevard

• US State AGs tell Meta to fix rampant account takeovers • The Register

Social Media

• Google and Meta users see their 2FA security codes leaked online - Root-Nation.com

• IP address X-posure now a feature on Twitter • The Register

• “Technical Issue” Takes Facebook Offline, Offers No Cyber Security Reassurance | MSSP Alert

• Facebook and Instagram Overrun by Account Hackers, States Warn (bloomberglaw.com)

• Snake, a new Info Stealer spreads through Facebook messages (securityaffairs.com)

• Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say | WIRED

• US State AGs tell Meta to fix rampant account takeovers • The Register

Training, Education and Awareness

• In the News | Equip and Educate Students to Combat Cyberthreats - Security Boulevard

Regulations, Fines and Legislation

• Companies Are Already Not Complying With The New SEC Cyber Security Incident Disclosure Rules (forbes.com)

• EU council welcomes cyber solidarity act agreement (verdict.co.uk)

• The modern CISO's guide to navigating new SEC cyber regulations (betanews.com)

• Five Unintended Consequences of the New SEC Cyber Security Disclosure Rule - Security Boulevard

• Navigating regulation challenges for protecting sensitive healthcare data - Help Net Security

Models, Frameworks and Standards

• NIST Cyber Security Framework 2.0: 4 Steps to Get Started (darkreading.com)

• NIST Cyber Framework 2.0: Doubling Down on Governance, Expanding Applicability | Law.com

• CIS RAM (Risk Assessment Method) (cisecurity.org)

Data Protection

• Charity has 30 days to stop spamming thousands for donations • The Register

• This $4 Billion Car Surveillance Startup Says It Cuts Crime. But It Likely Broke The Law. (forbes.com)

Careers, Working in Cyber and Information Security

• 11 Top Cyber Security Certifications to Consider In 2024 (datamation.com)

• Cyber and gender | Professional Security

• Poorly paid cyber security staff risk ‘breaking bad’ on the dark web (techinformed.com)

Law Enforcement Action and Take Downs

• Germany takes down cyber crime market with over 180,000 users (bleepingcomputer.com)

• A cyber criminal is sentenced, will it make a difference? - Help Net Security

• Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison - Security Week

• Nigerian National Pleads Guilty of Conspiracy in BEC Operation (darkreading.com)

Misinformation, Disinformation and Propaganda

• Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC (bleepingcomputer.com)

• The man who tricked Nazi Germany: lessons from the past on how to beat disinformation | Books | The Guardian

• Political deepfakes are spreading like wildfire thanks to GenAI | TechCrunch

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Cyber threats impacting the safety and dignity of civilians in conflict | International Committee of the Red Cross (icrc.org)

Nation State Actors

• Complete Guide to Advanced Persistent Threat (APT) Security - Security Boulevard

China

• Chinese nation state actors to ramp up cyber espionage attempts in 2024 - IT Security Guru

• We’re Slowly Learning About China’s Extensive Hacking Network | Mind Matters

• Taiwan's Biggest Telco Breached by Suspected Chinese Hackers (darkreading.com)

• Possible China link to Change Healthcare ransomware attack • The Register

• A New Wave of Cyber Attacks: Five Actions to Take Now | IndustryWeek

• Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (thehackernews.com)

• Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex | AP News

Russia

• The Five Bears: Russia's Offensive Cyber Capabilities (greydynamics.com)

• A Silent World War – Russia’s Cyberwar Against the West (kyivpost.com)

• Germany Urged to Tighten Security After Russia Leaked Classified Information - Bloomberg

• Germany to investigate Russia’s interception of military talks on Ukraine | Germany | The Guardian

• Ukraine intel says its hackers obtained Russian Defence Ministry's classified documents - Euromaidan Press

• Valuable Russian Military Documents Exposed: Report (newsweek.com)

• Focus on cyber operations that cause physical damage is not enough | International Committee of the Red Cross (icrc.org)

• Russian Hackers Target Ukraine Via A Disinformation Campaign - Security Boulevard

North Korea

• Lazarus Group observed exploiting an admin-to-kernel Windows zero-day | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea hacks two South Korean chip firms to steal engineering data (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• Hacktivist Collective NoName057(16) Strikes European Targets - Infosecurity Magazine (infosecurity-magazine.com)

• 'The Weirdest Trend in Cyber Security': Nation-States Returning to USBs (darkreading.com)

• Four internet cables cut in Red Sea in 'exceptionally rare' incident | Fortune

• Predator spyware endures even after widespread exposure, analysis shows | CyberScoop

Vulnerability Management

• Firms Still Threatened by Old Vulnerabilities (govinfosecurity.com)

• Open source vulnerabilities dominated 2023, and this year looks no different | ITPro

• Organisations are knowingly releasing vulnerable applications - Help Net Security

• Securing Perimeter Products Must Be a Priority, Says NCSC - Infosecurity Magazine (infosecurity-magazine.com)

• Enhancing security through proactive patch management - Help Net Security

Vulnerabilities

• Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws (securityaffairs.com)

• ConnectWise ScreenConnect bug used in Play ransomware breach, MSP attack | SC Media (scmagazine.com)

• North Korea’s Kimsuky gang joins rush to exploit new ScreenConnect bugs | SC Media (scmagazine.com)

• North Korea Hits ScreenConnect Bugs to Drop 'ToddleShark' Malware (darkreading.com)

• Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | Ars Technica

• CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog (securityaffairs.com)

• Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (thehackernews.com)

• VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica

• VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (thehackernews.com)

• VMWare Urges Users to Uninstall EAP Immediately - Security Boulevard

• Cisco Patches High-Severity Vulnerabilities in VPN Product - Security Week

• Critical TeamCity flaw now widely exploited to create admin accounts (bleepingcomputer.com)

• Critical TeamCity Bugs Endanger Software Supply Chain (darkreading.com)

• Android's March 2024 Update Patches Critical Vulnerabilities - Security Week

• CISA Warns of Pixel Phone Vulnerability Exploitation - Security Week

Tools and Controls

• Why cyber maturity assessment should become standard practice - Help Net Security

• 1 in 10 Business Leaders Don’t Even Know They’ve Been Hacked (tech.co)

• The Ultimate Guide to Threat Detection, Investigation, and Response (TDIR) (govinfosecurity.com)

• The Future Of AI And ML In Cyber Security (forbes.com)

• The Security Interviews: Cyber security is about managing risk effectively | Computer Weekly

• What Is A Cyber Incident Response Policy? - Security Boulevard

• Cyber Criminals Using Novel DNS Hijacking Technique for Investment Scams (thehackernews.com)

• Demystifying the Maze: A Guide to Cyber Risk Quantification Methods (cybersaint.io)

• Resilience is built on a solid framework | Professional Security

• Simply Human: Why HR Needs To Take The Lead In Cyber Security (forbes.com)

• The critical role of DNS in cyber security and digital thriving | TechRadar

• 5 ways to keep API integrations secure - Help Net Security

• Reduce the Attack Surface | Dell USA

• What is Advanced Threat Protection and How to Use It in Your Business - Security Boulevard

• Human vs. Non-Human Identity in SaaS (thehackernews.com)

• How To Close The DevSecOps Cyber Security Skills Gap And Boost Security (forbes.com)

Reports Published in the Last Week

• Kaspersky spam and phishing report for 2023 | Securelist

Other News

• Banks face ‘hacktivist’ cyber attacks (fnlondon.com)

• White Hats on Offensive Against Black Hat Hackers: Report (technewsworld.com)

• UK altnets call for action after attacks on fibre infrastructure | Computer Weekly

• Securing the future: Addressing cyber security challenges in the education sector - Help Net Security

• The 3 most common post-compromise tactics on network infrastructure (talosintelligence.com)

• What is Micro Breaching? - Security Boulevard

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

The Human Element- Cyber Security’s Great Challenge

According to Verizon’s 2023 Data Breach Investigations Report, 74% of all breaches involved a human element. It is important for organisations to understand that it is not simply malicious employees or employees falling for social engineering attacks; it includes things such as negligent, or intentional but not malicious actions. In fact, a recent separate report by Kaspersky found that 26% of incidents over the past two years involved the result of intentional security protocol violations; in comparison, external hacking attempts made up 20%.

Further, Kaspersky found 25% of incidents occurred due to neglecting system software or application updates, followed by 22% resulting from deliberate use of weak passwords or failing to change them promptly, and 18% from staff visiting unsecured websites. One potential cause for these incidents is a lack of training on why such protocols need to be followed.

Black Arrow provides live in person and online instructor lead cyber security training including Cyber Risk and Governance Workshops for Senior Leadership, and Awareness, Behaviour and Culture Training for employees and contractors.

Sources [Beta News] [ Infosecurity Magazine] [The Economic Times (indiatimes.com)]

Good Cyber Hygiene is a Strategic Imperative for SMEs, Report Shows

Small or large, no company is immune to a cyber attack and therefore good cyber hygiene is an imperative for all. Whilst large firms may already have more mature defences in place, smaller firms are definitely catching on to this, with 47% of respondents to a recent survey stating they were more worried about their organisation’s security posture now than compared to six months ago.

The survey found that ransomware (35%), software vulnerability exploits (28%) and using the same password across different applications (25%) were amongst the largest concerns. Interestingly, in a separate report, 44% of incidents were found to lack any element of malware, indicating that attackers are moving beyond traditional methods. The same report found 65% of cases included remote monitoring and management tools as the vector for initial access, something a number of organisations do not secure.

Business email compromise (BEC) attacks are also a key concern for businesses of all sizes but can be especially damaging to smaller organisations for whom the financial loss can be devastating.

Sources [Computer Weekly]  [Beta News] [Beta News]

Despite Increasing Ransomware Attacks, Some Companies are in Denial

A recent study has highlighted a contradiction in the way organisations perceive ransomware threats. Although many do not consider themselves likely targets, they are, nevertheless, bolstering their security measures, expanding their teams, and fortifying cyber defences, acknowledging the risks despite their assumed invulnerability.

Simultaneously, ransomware tactics are undergoing significant changes. The past three quarters have seen a marked increase in double-extortion attacks, with data leaks from these incidents rising by 50% compared to the previous year. This trend is predominantly driven by a few active groups, some newly emerged this year, amplifying the threat landscape.

In a tactical shift, the ransomware group ALPHV, also known as Blackcat, has lodged a formal complaint with the US Securities and Exchange Commission (SEC) against a victim for failing to comply with new disclosure regulations. Meanwhile, LockBit, infamous for attacks on high-profile targets, is modifying its extortion tactics due to lower-than-anticipated ransom returns. These developments point to an evolving and adaptive ransomware environment.

Sources: [Dark Reading] [SC Media] [Insurance Journal] [MSSP Alert] [Security Brief]

A Single Supply Chain Related Ransomware Incident Spurred UK Decision Makers to Spend Big on Cyber as Latest Victim Count exceeds 2.6K Organisations and 77M People

It is reported that 2,620 organisations and more than 77 million individuals have been impacted to date by the MOVEit supply chain ransomware attack, with millions in the past week alone having received notifications that their information had either been accessed, leaked, or both.

In a survey involving directors of UK companies with over 500 seats that had suffered a ransomware or extortion attack in the past 18 months, it was found that 24% had become significantly more anxious about ransomware attacks as a direct result of the MOVEit breach, and 66% were slightly more anxious. This anxiety translated into action, with 42% of respondents investing more into backup and recovery, and 29% tweaking existing cyber strategies. 29% had taken the decision to amend their existing cyber strategies. Staff training was also found to rise, with 42% looking to spend on skills development and 40% upping their investment in training.

Sources: [The Register] [Computer Weekly]

The True Cost of a Ransomware Attack

While the demand is often financial, the impact and reach of ransomware goes far beyond the ransomware demand. Alongside the financial impact, comes the reputational impact, loss of customers, resources in returning to business as normal and time lost in recovery. For some companies, it can take months to return to where they were before and for others, it marks the end of their organisation.

For an attacker, it doesn’t matter. Their goal is not limited by the size or sector of an organisation and it is therefore imperative that every organisation is prepared for the event of an incident. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [ITPro]

Largest Study of Its Kind Shows Outdated Password Practices Are Putting Millions at Risk

A recent study has exposed serious flaws in passwords on the internet, revealing that three out of four popular websites are compromising user security by not meeting basic password standards. The study examined 20,000 websites, finding many allowed simple passwords, didn’t block common ones and adhered to outdated complexity requirements. It was found that over half the websites accept passwords of six characters or fewer, with 75% not requiring the advised minimum of eight characters, and 30% not supporting spaces or special characters. The study showcases the gap in security measures implementation across the web and emphasises the importance of ongoing improvement in web security standards.

The problem is further exacerbated by employees using work email for non-work approved websites and reusing the same passwords, meaning any breach of a compromised site hands the user’s credentials to an attacker. Further, many organisations are not even aware this is going on.

Source: [TechXplore]

Cyber Security Investment Involves More Than Just Technology

C-suite business leaders and senior IT professionals within large organisations, found that the top five cyber security investment areas were technologies (49%), threat intelligence (46%), risk assessment (42%), cyber insurance (42%), and third-party risk management (40%). Fewer organisations highlighted technology as good value for money in 2023 (49%) than in 2022 (58%). suggesting an awareness that technology investments go hand-in-hand with investing in governance and personnel to effectively enable and manage the technology.

Black Arrow supports business leaders in organisations of all sizes to demonstrate governance of their cyber security by owning their cyber security strategy and leveraging their existing internal and external resources to build resilience against a cyber security incident.

Source: [Dark Reading]

Questions Leaders Must Ask Themselves on Security Culture

In today's corporate landscape, there's a growing emphasis on the human aspect of cyber security, with Stanford University research indicating that about 88% of data breaches result from employee errors. Companies are now focusing on enhancing security awareness through marketing campaigns and integrating cyber security performance into job reviews. This shift acknowledges that as technological defences evolve, cyber attackers increasingly exploit human vulnerabilities, as evidenced by major ransomware incidents like those impacting Colonial Pipeline and JBS Foods.

Developing a strong security culture is essential, by complementing robust policies with ingraining security-minded beliefs and behaviours in employees. Key to this is the role of leadership in embedding and continuously assessing this culture. This involves evaluating training effectiveness, reporting mechanisms, proactive security approaches, and the impact of security initiatives, while also considering the complexity of human behaviour and the example set by top management. Emphasising these aspects is crucial for maintaining a secure and resilient organisational environment, and in so doing protecting an organisation's reputation and financial integrity.

Source: [AT&T]

There’s a Crossover Between Organised Crime, Financial Crime, and Nation-State Crime

The convergence of organised crime, financial crime, and nation-state crime is a growing concern in today’s interconnected world. This crossover, driven by the digital revolution, globalisation, economic factors, and state fragility, is reshaping the global criminal landscape. Organised crime syndicates, traditionally involved in activities like drug trafficking and extortion, are now branching out into financial crimes, offering higher profits with lower risks.

Financial crime, once the domain of individual fraudsters and white-collar criminals, has become a lucrative venture for organised crime groups. They exploit the global financial system to launder proceeds of crime, finance their operations, and evade law enforcement. Nation-state crime, involving state-sponsored or state-condoned criminal activities, often overlaps with organised and financial crime. Some governments turn a blind eye to these activities, while others actively support them for political, economic, or strategic reasons.

Sources: [The Currency]

Cyber Attack on British Library Highlights Lack of UK Resilience

A recent ransomware attack on the British Library has spotlighted the vulnerabilities in the UK's public sector IT infrastructure, amid rising state-backed cyber attacks. This major incident, which caused a significant technical outage at the library, underscores the concerns of cyber intelligence experts about the government's inadequate investment in cyber resilience in critical areas like education, healthcare, and local government. The hacking group Rhysida, targeting essential infrastructure, claimed responsibility and auctioned stolen data, including British Library employees’ passports, for 20 bitcoin (approximately £600,000).

The attack on the British Library, a key public service institution, highlights the escalating threat of ransomware attacks and their potential exploitation by state actors. The UK’s National Cyber Security Centre (NCSC) has reported a significant increase in cyber attacks in 2023, with incidents more than doubling compared to the previous year. In response, the UK government, which had already allocated £2.6bn for cyber security improvements and IT system updates, is actively assessing the situation with the support of the National Protective Security Authority.

Source: [FT]

Organisations Rethink Cyber Security Investments to Meet NIS2 and DORA Directive Requirements

The European Union (EU) is seeking to improve cyber resilience across all member states by bringing in two new regulations: the Digital Operational Resilience Act (DORA), which focuses on financial services companies, and its counterpart the Network and Information Systems Directive (NIS2). The effects of the two regulations are likely to be wider reaching, bringing in more stringent processes and controls and redefining service provision to organisations.

With NIS2 coming into effect in October 2024, the mandatory directive will have teeth, with strict penalties for non-compliance for both the business and senior board personnel, who can be held directly accountable and prevented from holding similar positions in the future. It also aims to increase intelligence sharing between member states and enhance supply chain security. This latter measure will see the directive have a global impact.

Many organisations supplying services to firms that fall under DORA and NIS2 will themselves be subject to the full force of the regulations, with many of these suppliers, including IT providers, unaware that this will have far reaching ramifications for them and their ability to continue to provide these services.

Sources: [Help Net Security] [Help Net Security]

The Cyber Security Lawsuit Boards are Talking About

For the last month, an under-the-radar lawsuit has privately been a hot topic of conversation in boardrooms and corporate security departments alike. The lawsuit involved the Securities and Exchange Commission (SEC) accusing SolarWinds and their CISO of fraud. SolarWinds, like many organisations, had disclosed some facts, however what was reported was not sufficient to satisfy the regulator. The lawsuit is the first in which the SEC has charged a company with intentional fraud related to cyber security disclosures and it paints a picture for the wider movement of the cyber landscape. Whilst the SEC is US based you can expect regulatory counterparts in other jurisdictions globally to follow suit.

Source: [The New York Times]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Why boards must prioritize cyber security expertise - Help Net Security4 data loss examples keeping backup admins up at night | TechTarget

• Accelerating Security Risk Management (trendmicro.com)

• Companies step up investment in ransomware protection (betanews.com)

• CISOs can marry security and business success - Help Net Security

• 7 must-ask questions for leaders on security culture (att.com)

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• Why good cyber hygiene is a strategic imperative for UK SMEs (betanews.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Cyber security Investment Involves More Than Just Technology (darkreading.com)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Corporate Boards Mulling Effects of SEC Cyber Enforcement and CISO Exposure, and Possibly Hacker Complaints to SEC | Jackson Lewis P.C. - JDSupra

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Inflation, cyber risks the biggest worry for firms | Nation

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Why transparency and accountability are important in cyber security | Computer Weekly

• ‘I employ a lot of hackers’: how a stock exchange chief deters cyber attacks | Cyberwar | The Guardian

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• Humans Are Notoriously Bad at Assessing Risk - SecurityWeek

• The role experience plays in risk mitigation (betanews.com)

• Internal audit leaders are wary of key tech investments - Help Net Security

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Stressed staff put enterprises at risk of cyber attack (betanews.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 2023 ransomware statistics: Number of double-extortion attacks skyrocket | SC Media (scmagazine.com)

• More than money: The true cost of a ransomware attack | ITPro

• Despite Increasing Ransomware Attacks, Some Companies In Denial | MSSP Alert

• Ransomware attacks doubIe in two years says Akamai Technologies report (securitybrief.co.nz)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Companies step up investment in ransomware protection (betanews.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• Ransomware Gang LockBit Revises Its Tactics to Get More Blackmail Money (insurancejournal.com)

• The shifting sands of the war against cyber extortion - Help Net Security

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Play Ransomware Goes Commercial - Now Offered as a Service to Cyber criminals (thehackernews.com)

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Ransomware groups rack up victims among corporate America | CyberScoop

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• Paying ransom for data stolen in cyber attack bankrolls further crime, experts caution | CBC Radio

• UK signs joint statement against ransomware payments - “New norm” or status quo? - Lexology

• Capita to axe up to 900 jobs as it battles to recover from Russian cyber attack (telegraph.co.uk)

• Schools Look to Improve Cyber security, but Many Vulnerable to Ransomware (insurancejournal.com)

• 4 Ways Fintech Companies Can Protect Themselves from Ransomware (financemagnates.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Cyber security should not be a gamble: Latest data breach hits major casino - Digital Journal

Ransomware Victims

• Royal Mail spent £10 million recovering from LockBit breach - Tech Monitor

• British Library staff passports leaked online as hackers demand £600,000 (telegraph.co.uk)

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• ‘Sex life data’ stolen from UK government among record number of ransomware attacks (therecord.media)

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Allen & Overy Given 5 Days to Meet Hackers’ Demands: Expert Q&A | Law.com International

• London & Zurich ransomware attack causes customer chaos • The Register

• CitrixBleed Vulnerability Exploitation Suspected in Toyota Ransomware Attack - SecurityWeek

• Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company - Bloomberg

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Rhysida claims it hacked the British Library - Tech Monitor

• Clorox Scapegoats Cyber Chief, Rewards Board After Crisis (forbes.com)

• Fortune 500 insurance and mortgage firm FNF shuts down network following cyber attack | TechRadar

• Yamaha Motor confirms ransomware attack on Philippines subsidiary (bleepingcomputer.com)

• St Helens Council suspected cyber attack caused significant disruption - BBC News

• Western Isles Council backup systems 'inaccessible' following cyber attack | STV News

• Auto parts giant AutoZone warns of MOVEit data breach (bleepingcomputer.com)

• BlackCat claims attack on Fidelity National Financial • The Register

Phishing & Email Based Attacks

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• More Than 50% of Online Retailers Not Blocking Fraudulent Emails | MSSP Alert

• How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• The Most Common Indicators of a Phishing Attempt (With Screenshots) | HackerNoon

Artificial Intelligence

• Cyber threats reached a new high this year, with AI playing a major role | TechRadar

• How to combat AI-produced phishing attacks | SC Media (scmagazine.com)

• IT Pros Worry That Generative AI Will Be a Major Driver of Cyber security Threats (darkreading.com)

• Smaller businesses embrace GenAI, overlook security measures - Help Net Security

• AI Solutions Are the New Shadow IT (thehackernews.com)

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• Ransomware Crews Develop GenAI Tools for Cyber attacks | MSSP Alert

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• OII | Large Language Models pose risk to science with false answers, says Oxford study

Malware

• 5 Of The Most Common Ways Malware Is Spread (And How To Stay Protected) (slashgear.com)

• Report finds malware is no longer the biggest cyberthreat to smaller businesses - SiliconANGLE

• Over half of SME cyber incidents now ‘malware-free’ | Computer Weekly

• Bloomberg Twitter account hijacked to send users to phishing malware | TechRadar

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• MySQL servers hit by DDoS malware botnet | TechRadar

• 27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts (thehackernews.com)

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

• DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks (thehackernews.com)

• Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (bleepingcomputer.com)

• Malware Uses Trigonometry to Track Mouse Strokes (darkreading.com)

• Atomic Stealer Malware is tricking Mac users with fake browser updates - gHacks Tech News

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• DarkGate and Pikabot malware emerge as Qakbot’s successors (bleepingcomputer.com)

• How Ducktail steals Facebook accounts | Kaspersky official blog

• Cyber criminals turn to ready-made bots for quick attacks - Help Net Security

• 3 Ways to Stop Unauthorized Code From Running in Your Network (darkreading.com)

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• New botnet malware exploits two zero-days to infect NVRs and routers (bleepingcomputer.com)

Mobile

• FCC Tightens Telco Rules to Combat SIM-Swapping - SecurityWeek

• Inside Apple’s Secretive War to Protect iPhones from Hacking • iPhone in Canada Blog

• Cyber criminals Are Targeting App Beta-Testing, and This Is What to Look Out For (makeuseof.com)

Denial of Service/DoS/DDOS

• NoEscape gang continues to use DDoS to pressure reluctant victims to negotiate (databreaches.net)

• MySQL servers hit by DDoS malware botnet | TechRadar

Internet of Things – IoT

• Mirai malware infects routers and cameras for new botnet • The Register

• InfectedSlurs Botnet Spreads Mirai via Zero-Days | Akamai

Data Breaches/Leaks

• 4 data loss examples keeping backup admins up at night | TechTarget

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

• Canadian government discloses data breach after contractor hacks (bleepingcomputer.com)

• US Cyber security Lab Suffers Major Data Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Sabre Insurance hit by cyber attack | Insurance Times

• Hacktivists breach US nuclear research lab, steal employee data (bleepingcomputer.com)

• Welltok data breach exposes data of 8.5 million US patients (bleepingcomputer.com)

• Cyber attackers leaked data of 27,000 NYC Bar Association membersers (therecord.media)

• Enterprise software provider TmaxSoft leaks 2TB of data (securityaffairs.com)

• A cyber attack on a UK accounting firm wound up leaking US patient data. Now what? (databreaches.net)

• Sumo Logic says customer data untouched during breach • The Register

Organised Crime & Criminal Actors

• “There's a crossover between organised crime, financial crime, and nation-state crime” - The Currency :The Currency

• Indian Hack-for-Hire Group Targeted US, China, and More for Over 10 Years (thehackernews.com)

• Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyber attacks (darkreading.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Outsmarting cyber criminals is becoming a hard thing to do - Help Net Security

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

Insider Risk and Insider Threats

• The human element -- cyber security's greatest challenge (betanews.com)

• Employee Policy Violations Cause 26% of Cyber Incidents - Infosecurity Magazine (infosecurity-magazine.com)

• cyber security: Security violations by employees as harmful as hacking: Report - The Economic Times (indiatimes.com)

• Secretary Fined For Accessing Scores of Patient Records - Infosecurity Magazine (infosecurity-magazine.com)

Supply Chain and Third Parties

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Three Questions To Ask Third-Party Vendors About Cyber security Risk (forbes.com)

Cloud/SaaS

• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack (darkreading.com)

• Navigating the complexities of cyber security in a SaaS-dominated era (securitybrief.co.nz)

Encryption

• Some unbreakable RSA encryption keys are accidentally leaking online | New Scientist

Passwords, Credential Stuffing & Brute Force Attacks

• Largest study of its kind shows outdated password practices are putting millions at risk (techxplore.com)

• Your password hygiene remains atrocious, says NordPass • The Register

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

Social Media

• How Ducktail steals Facebook accounts | Kaspersky official blog

Malvertising

• Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware (thehackernews.com)

Training, Education and Awareness

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

Regulations, Fines and Legislation

• Hackers Weaponize SEC Disclosure Rules Against Corporate Targets (darkreading.com)

• The Cyber security Lawsuit That Boards Are Talking About - The New York Times (nytimes.com)

• SolarWinds lawsuit puts corporate security chiefs on high alert By Investing.com

• What CISOs Need to Know About Materiality | Mimecast

• Morgan Stanley Fined $6.5 Million for Exposing Customer Information - SecurityWeek

• Does claiming you were hacked when you had really just screwed up violate the FTC Act? (databreaches.net)

• Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records | WIRED

• UK watchdog threatens enforcement action over ad cookies • The Register

Models, Frameworks and Standards

• NIS2 and its global ramifications - Help Net Security

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• Understanding the UK government’s new cyber security regime, GovAssure - IT Security Guru

Data Protection

• 1 in 5 executives question their own data protection programs - Help Net Security

Careers, Working in Cyber and Information Security

• Over Half of Organisations Are at Risk of Cyber attack Due to Exhausted and Stressed Staff - IT Security Guru

• Half of Cyber security Professionals Kept Awake By Workload Worries - IT Security Guru

Law Enforcement Action and Take Downs

• Wirecard hacker sentenced to 80 months in prison (ft.com)

• US Teen Pleads Guilty to Credential Stuffing Attack on Fantasy Sports Website - SecurityWeek

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• A Hacker Faked His Own Death–Then Claimed To Have Sold Marriott Customer Data To Russians, FBI Says (forbes.com)

• Scattered Spider Casino Hackers Evade Arrest in Plain Sight (darkreading.com)

• US cyber cops trace and return nearly $9M stolen by scammers • The Register

• Police Professional | Five-year plan launched to tackle fraud, economic and cyber crime

• Cyber security firm executive pleads guilty to hacking hospitals (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• AI Helps Uncover Russian State-Sponsored Disinformation in Hungary (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Why cyber war readiness is critical for democracies - Help Net Security

• Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape (inforisktoday.com)

Nation State Actors

China

• Understanding the Ransomware Attack Fallout on China’s ICBC (informationweek.com)

• ICBC partners wary to resume trading with bank after cyber attack - Bloomberg News - CNA (channelnewsasia.com)

• Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions (thehackernews.com)

Russia

• USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica

• Almost 4,000 cyber attacks on Ukraine detected – US Treasury Department | Ukrainska Pravda

• "We are getting very good at identifying a Russian campaign," Microsoft weighs in on disinformation and national security at recent events | Windows Central

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Russian hackers claim attack on Ukraine fighter jet supplier (telegraph.co.uk)

• Potential cyberespionage campaign against Ukraine involves Remcos tool | SC Media (scmagazine.com)

• Embezzlement Scandal Consumes a Top Ukrainian Cyber Official, Jolting Relationship With US - The Messenger

• Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Europol Launches OSINT Taskforce to Hunt For Russian War Crimes - Infosecurity Magazine (infosecurity-magazine.com)

• The Defence Intelligence of Ukraine Reveals that Russia’s Civil Aviation Industry Is on the Brink of Collapse | Defence Express (defence-ua.com)

Iran

• Possible Iranian Group Behind 'Flood' of New Cyber attacks in Israel - Bloomberg

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

North Korea

• Microsoft: Lazarus hackers breach CyberLink in supply chain attack (bleepingcomputer.com)

• North Korean Supply Chain Threat is Booming, UK and South Korea Warn - Infosecurity Magazine (infosecurity-magazine.com)

• Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors (paloaltonetworks.com)

• DPRK Hackers Masquerade as Tech Recruiters, Job Seekers (darkreading.com)

• Hackers pose as officials to steal secrets and cryptocurrency for North Korea (bitdefender.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Cyber attacks on Israel intensify as the war against Hamas rages: Check Point | CSO Online

Vulnerability Management

• Reflecting on 20 years of Patch Tuesday | MSRC Blog | Microsoft Security Response Center

Vulnerabilities

• MOVEit victim count latest: 2.6K+ orgs, 77M+ people • The Register

• Citrix Bleed WFH Hack and Exploit: News on Data Loss Flaw - Bloomberg

• Citrix warns admins to kill NetScaler user sessions to block hackers (bleepingcomputer.com)

• Hackers Exploiting Windows SmartScreen Zero-day Vulnerability (cybersecuritynews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• CISA warns of actively exploited Windows, Sophos, and Oracle bugs (bleepingcomputer.com)

• Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) - Help Net Security

• Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools - SecurityWeek

• A critical OS command injection flaw affects Fortinet FortiSIEM (securityaffairs.com)

• Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (bleepingcomputer.com)

• Adobe Releases Security Updates for ColdFusion | CISA

• Splunk RCE Vulnerability Let Attackers Upload Malicious File (cybersecuritynews.com)

Tools and Controls

• Only 9% of IT budgets are dedicated to security - Help Net Security

• Accelerating Security Risk Management (trendmicro.com)

• MOVEit incident spurred UK decision makers to spend big on cyber | Computer Weekly

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Logs missing in 42% cyber attacks; small business most vulnerable: Report (business-standard.com)

• Cyber attack on British Library raises concerns over lack of UK resilience (ft.com)

• Companies step up investment in ransomware protection (betanews.com)

• Organisations rethink cyber security investments to meet NIS Directive requirements - Help Net Security

• DORA Set to Drive Significant Change in Sell-Side Third Party Risk Management | Financial IT

• The role experience plays in risk mitigation (betanews.com)

• The 7 Deadly Sins of Security Awareness Training (darkreading.com)

• Identity And Access Management: 18 Important Trends And Considerations

• The Good, The Bad And The Reality: The Impact Of AI On Cyber security (forbes.com)

• MFA under fire, attackers undermine trust in security measures - Help Net Security

• AI threats prompt Virgin Money to invest $250 million in cyber security (proactiveinvestors.com.au)

• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login (thehackernews.com)

• Security researchers bypass Windows Hello fingerprint authentication - gHacks Tech News

• Detection & Response That Scales: A 4-Pronged Approach (darkreading.com)

• Maximize Cyber security Returns: 5 Key Steps to Enhancing ROI (darkreading.com)

• 6 Steps to Accelerate Cyber security Incident Response (thehackernews.com)

• The CISO view: Navigating the promise and pitfalls of cyber security automation (betanews.com)

Other News

• Why Defenders Should Embrace a Hacker Mindset (thehackernews.com)

• Hackers are taking over planes’ GPS — experts are lost on how to fix it (nypost.com)

• UK proposes 'super-complaints' to help keep internet safe • The Register

• Consumers plan to be more consistent with their security in 2024 - Help Net Security

• Security trends public sector leaders are watching | CyberScoop

• Even gas pumps aren't safe from cyber attacks at the moment | TechRadar

• Scottish cyber security organisation calls for greater awareness of rising threat - Business Insider

• Cyber security: New plan to tackle ‘fastest-growing threat’ confronting Australia | The West Australian

• The US government wants to offer better cyber security to major infrastructure firms | TechRadar

• This devious malware will let hackers restore deleted cookies and hijack your Google account | TechRadar

• Australia’s cyber security strategy focuses on protecting small businesses and critical infrastructure | CSO Online

• Cyber security at EU institutions: European Parliament adopt proposed Cyber security Regulation and EU institutions organise cyber security exercise | Practical Law (thomsonreuters.com)

• The retail sector is under threat from… Gmail, WhatsApp and Google Drive? | TechRadar

• Sekoia: Latest in the Financial Sector Cyber Threat Landscape (techrepublic.com)

• Shields Ready: Critical Infrastructure Security and Resilience

• Crimeware and financial cyberthreat predictions for 2024 | Securelist

• Terrorism, cyber attacks main Paris 2024 threats as security plan finalised | Reuters

• Read again: Decoding cyber security, safeguarding educational institutions | Edexec

• What direction for the EU Cyber security Competence Centre? – EURACTIV.com

• Unveiling the Most Common Cyber Threats in Retail – International Supermarket News

• Mideast Oil & Gas Facilities Could Face Cyber Related Energy Disruptions (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.