Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

• Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

• The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

• Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

• Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

• CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

• Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

• HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

• Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

• A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

• Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

• Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

• The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

• Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

• HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)

• An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)

• A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)

• Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)

• Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)

• Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

• Royal Mail resumes overseas deliveries via post offices after cyber-attack | Royal Mail | The Guardian

• LockBit gang takes credit for attack on water utility in Portugal - The Record from Recorded Future News

• IBM: Ransomware defenders showing signs of improvement | TechTarget

• ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert

• Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)

• Warnings were issued over a log-in system used by Cork university in weeks before cyber attack (thejournal.ie)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs

• Student Medical Records Exposed After LAUSD Breach (darkreading.com)

Phishing & Email Based Attacks

• Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online

• Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)

• Big rise in 'email thread hijacking' by cyber criminals (rte.ie)

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing as a Service (cyberark.com)

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

BEC – Business Email Compromise

• Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering, deception becomes increasingly sophisticated-Security Affairs

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)

2FA/MFA

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

Malware

• GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (thehackernews.com)

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

• Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica

• Researchers warn of 'Havoc' command and control tool • The Register

• New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)

• Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs

• New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)

• Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Defenders on high alert as backdoor attacks become more common - Help Net Security

Mobile

• Five easy steps to keep your smartphone safe from hackers | ZDNET

• Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cybercrime Ecosystem” on Messaging App - CPO Magazine

• Accidental WhatsApp account takeovers? It's a thing • The Register

• Google will boost Android security through firmware hardening (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Seven German Airports Hit by Suspected Cyber Attack (heimdalsecurity.com)

• 4 Tips to Guard Against DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Locking down the remote printer • The Register

• Are your IoT devices at risk? Cyber security concerns for 2023 - Help Net Security

Data Breaches/Leaks

• Sensitive US military emails exposed by unsecured Azure server • The Register

• DNA testing firm inks settlement after forgotten DB break-in • The Register

• Activision did not notify employees of data breach for months | TechCrunch

• GoDaddy blasted for breach response | SC Media (scmagazine.com)

• TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET

• Russian cyber crime alliances upended by Ukraine invasion • The Register

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cyber crime Ecosystem” on Messaging App - CPO Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

• Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)

• ‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)

• Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insider Risk and Insider Threats

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)

• Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security

Fraud, Scams & Financial Crime

• Overwhelm impacts 90% of payment compliance teams as they combat record levels of fraud - IT Security Guru

• The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)

• Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar

• ‘They bleed you dry’: the recruitment scammers preying on Australian job seekers | Australia news | The Guardian

• City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insurance

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Supply Chain and Third Parties

• UK NCSC Launches Recommendations on Supply Chain Mapping - Infosecurity Magazine (infosecurity-magazine.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps (darkreading.com)

• 3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)

Software Supply Chain

• This Will Be the Year of the SBOM, for Better or for Worse (darkreading.com)

Cloud/SaaS

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• Four steps SMBs can take to close SaaS security gaps - Help Net Security

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)

• Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert

Containers

• 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities (darkreading.com)

Encryption

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

API

• Why people-driven remediation is the key to strong API security - Help Net Security

• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector | The Daily Swig (portswigger.net)

Open Source

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

Social Media

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Malvertising

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

Training, Education and Awareness

• Global threats fuel cyber defence training • The Register

Parental Controls and Child Safety

• Over confidence is putting children at risk online says Kaspersky research - IT Security Guru

Regulations, Fines and Legislation

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert

• Benchmarking your cyber security budget in 2023 | VentureBeat

• Security breach? Don’t blame your employees | TechCrunch

• 7 reasons to avoid investing in cyber insurance | CSO Online

• 5 top threats from 2022 most likely to strike in 2023 | CSO Online

• Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online

• Malicious actors push the limits of attack vectors - Help Net Security

Data Protection

• ICO Calls on Accountants to Improve SME Data Protection - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• CISOs struggle with stress and limited resources - Help Net Security

• Stress pushing CISOs out the door | CSO Online

• Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security

Law Enforcement Action and Take Downs

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Supreme Court declines to hear Wikimedia case against NSA surveillance program | CyberScoop

Artificial Intelligence

• MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Security Experts Warn of Foreign Cyber Threat to 2024 Voting - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Musk restricts Starlink for Ukraine, cites World War III | Fortune

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Russia blames 'hackers' for fake missile strike alerts • The Register

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

• British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

Nation State Actors

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• EU Cyber security Agency Warns Against Chinese APTs - Infosecurity Magazine (infosecurity-magazine.com)

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Russian spy working inside as security in a British embassy has been jailed for 13 years | UK News | Sky News

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• EU Organisations Warned of Chinese APT Attacks - SecurityWeek

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)

• Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Vulnerability Management

• CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Vulnerabilities

• US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)

• Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (thehackernews.com)

• SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit-Security Affairs

• A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED

• VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)

• New Privilege Escalation Bug Class Found on macOS and iOS - Infosecurity Magazine (infosecurity-magazine.com)

• PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs

• Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek

• Hackers Exploit Privilege Escalation Flaw on Windows Backup Service - Infosecurity Magazine (infosecurity-magazine.com)

• Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)

• Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget

• Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security

Tools and Controls

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• 10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)

• Modern Software: What's Really Inside? (darkreading.com)

• Why privileged access management should be critical to your security strategy | VentureBeat

• The battle for data security now falls on developers; here’s how they can win | VentureBeat

• Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat

• Advantages of the AWS Security Maturity Model (trendmicro.com)

Other News

• Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

• NSA shares guidance on how to secure your home network (bleepingcomputer.com)

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• Malicious actors push the limits of attack vectors - Help Net Security

• Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)

• Is OWASP at Risk of Irrelevance? (darkreading.com)

• Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)

• How to Detect New Threats via Suspicious Activities (thehackernews.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

• White House cyber security strategy to force large companies to make systems secure by design | CyberScoop

• Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.