Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Boardrooms on Notice: Cyber Security Oversight More Important Than Ever

In 2023, the rise in security breaches and cyber attacks caused cyber security to transcend its usual confines and emerge as a critical boardroom concern, prompting executives to recognise the need for proactive engagement. The current landscape has necessitated executive decision-makers to proactively engage in cyber security, instead of just passively observing. It is no surprise that in a survey from KMPG of over 300 CEO’s, dealing with cyber risk was designated as the top priority for the foreseeable three to five years.

When a company faces a substantial fine or penalty from a breach, it serves two crucial purposes. Firstly, it sets a precedent for ensuring companies across the board understand the repercussions of lax cyber security measures and secondly, it pushes organisations towards proactive investment in robust cyber security frameworks. Many organisations are beginning to realise that the cost of a breach, both financial and reputational, far outweighs that of prevention. Furthermore, many frameworks are now placing the board as directly responsible.

Sources: [Lexology] [Security Brief]

Ransomware Incidents Reported to UK Financial Regulator Doubled in 2023

Ransomware reported to the UK financial regulator in 2023 doubled, and the impact is clear. In a survey of CISOs based in the UK, one-third confessed to paying ransomware groups millions in recent years in a bid to alleviate the impact of an attack. The minimum ransom paid by UK businesses across a five year period stood at around $250,000, the study found. Ransomware is the dominant threat that continues to plague organisations, and it is important that your organisation is doing all it can to prevent such an attack, and has plans in place to recover when such an attack happens.

Sources: [Data Breaches] [UK mortgage news] [The Hacker News]

Businesses Can’t Survive Without Their IT Systems – and They’re Under Attack More Than Ever

As organisations find themselves more and more reliant on digital technology than ever before, the impact of not having it becomes greater and greater. As reliance on these systems grows, the level of cyber threat grows as well. A recent report found 68% of those surveyed believed they would not survive more than a single day without their IT systems, up from 46% in 2017. The report found that 54% of organisations said they experienced some form of cyber attack last year, with ransomware cited as the most disruptive.

Source: [TechRadar]

Cyber Insecurity and Misinformation Top WEF Global Risk List

In the latest report by the World Economic Forum, misinformation and disinformation have emerged as the most severe global risk anticipated over the next two years, with the risk becoming more likely as elections in several economies take place this year. As artificial intelligence models become easier to use and more accessible to the general population, this will enable an explosion of false information and synthetic content such as cloned voices and fake websites.

Another top concern identified in the report is the risk of cyber attacks and cyber insecurities. Currently the production of AI technologies is highly concentrated; this creates a significant supply chain risk, as the reliance of one or two models could give rise to systemic cyber vulnerabilities, paralysing critical infrastructure.

Source: [Infosecurity Magazine]

Why Effective Cyber Security and Risk Management are Crucial for Business Growth

Technology has changed, enhanced and transformed how business is conducted. However, these new advancements such as cloud, IoT and AI have introduced a range of new cyber security risks. It is crucial for leaders to grasp the accompanying risks to ensure the safety of their organisations, customers and products. Given the inevitability of business risk, particularly cyber risk, leaders should focus on managing it by identifying mission-critical aspects of their organisation and then determining how best to protect them. The first step to a proactive approach to cyber security is to devise a robust and tailored cyber security strategy aligned to the organisation’s risk profile. This not only improves the safety and security of the organisation, but also the trust of its customers and products in an increasingly digital world.

Source: [World Economic Forum]

The Cost of Dealing with a Cyber Attack Doubled Last Year

New research by Dell claims that the cost of global cyber attacks reached a new high in 2023, topping out at $1.41 million per attack, up $660,000 from the previous year. It was found that almost half (48%) of UK based organisations reported suffering either a cyber attack or incident that prevented access to company data.

Over half of global respondents report that malicious links in spam or phishing emails, hacked devices, and stolen credentials are the most common entry points for cyber attacks.

Source: [TechRadar]

Merck Settles NotPetya Insurance Claim – Leaving Cyber Warfare Definition Unresolved

Merck’s long legal battle with its insurers over the damage caused by the infamous NotPetya attack has finally come to an end, with the Merck agreeing to settle with their insurer providers who had refused to pay $699 million of the $1.4 million that was claimed in damages.

The legal battle began when Merck, who did not have cyber insurance, had made a claim under its ‘all-risks’ coverage. In 2022, it was stated that the NotPetya attack “is not sufficiently linked to a military action or objective as it was a non-military cyber attack against an accounting software provider” and in May 2023, this decision was upheld, forcing the insurers to settle.

Source: [Security Week] [Dark Reading]

Mandiant, SEC Lose Control of X Accounts Without 2FA

While security teams are focused on preventing the gamut of different levels of cyber attack sophistication, it can be easy for even the sharpest teams to overlook the simple stuff. This was recently seen when Google’s cyber security operation, Mandiant, temporarily lost control of its account on X (formerly known as Twitter) due to not having two-factor authentication (2FA). A separate high-profile incident also occurred this week, as the US Securities and Exchange Commission (SEC) account on X was hijacked to post a fake announcement about bitcoin, raising its value by 5%.

In March of 2023, X changed the way multi-factor authentication (MFA) worked, so that only premium subscribers have access to it. The two high-profile attacks, which were due to accounts not having MFA, show that cyber criminals are taking advantage of these changes. These incidents serve as a clear reminder that organisations must prioritise even the most fundamental security practices, such as MFA, to protect their digital assets.

Further, the attack on the SEC has opened them to criticism from firms such as SolarWinds who the SEC had previously reprimanded for cyber security failures.

Source: [Dark Reading]

If you Prepare, a Data Security Incident Should Not Cause an Existential Crisis

A question to ask is why, in the event of a data security incident, is there an overwhelming feeling that the company is doomed? Yet when there are other issues, such as internal investigations, the feeling is not as strong. For a lot of companies, these cyber incidents are the first time that their cyber response plan (if they have one at all) is enacted and it is this lack of preparation that causes such a feeling.  Companies looking to increase their cyber resilience should look to have and regularly test a cyber incident response plan; you do not want to be in the position of having to learn your plan and deal with a cyber incident at the same time.

Source: [Help Net Security]

82% of Companies Struggle to Manage Security Exposure, with 28,000 New Vulnerabilities Reported Last Year

A substantial 82% of companies have reported a widening gap between security exposures and their ability to manage them according to a recent report. For many, the issue is caused by a lack of proper remediation solutions; this formed part of the reason why 87% of surveyed organisations reported plans to enhance vulnerability and exposure remediation within the next year. The need increases when considering last year there were more than 28,000 new vulnerabilities; that is the equivalent of nearly 80 every day.

Sources: [Infosecurity Magazine] [SecurityWeek]

Cyber Security is the Number One Priority for the Financial Sector Again

In Softcat's annual Business Tech Priorities Report, the financial sector's tech investments for the coming year have been unveiled. Notably, cyber security remains the top priority for the sector with 55% prioritising cyber security before anything else, reflecting the critical need to protect against the escalating threat landscape. It's important to understand that cyber security is not merely an IT problem; it is a business imperative. As consumers increasingly embrace digital banking, the impact of digitalisation on the financial sector is evident. With cyber incidents on the rise, investment in cyber security, including zero-trust security and AI threat hunting, is imperative for safeguarding not only data but the entire business.

Sources: [The Fintech Times] [Islamic Finance News]

Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’

In 2024, cyber crime marketplaces are expected to surge even more, transitioning every cyber threat further into the “as-a-service” model. The term “as-a-service” refers to the provision of specific functionalities or tools as a service, typically offered on a subscription or pay-as-you-go basis. This allows malicious actors with limited technical skills to launch sophisticated attacks. This trend was already being spotted at the end of 2023 as a report found that 73% of all internet traffic is currently composed of malicious bots and related fraud farm activities. This highlights the need for organisations to have accurate threat intelligence and analysis to understand the digital terrain ahead of these continued and expanding “as-a-service” threats.

Source: [Security Boulevard]

Governance, Risk and Compliance

• Businesses can't survive without their IT systems - and they're under attack more than ever | TechRadar

• If you prepare, a data security incident will not cause an existential crisis - Help Net Security

• 82% of Companies Struggle to Manage Security Exposure - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Insecurity and Misinformation Top WEF Global Risk List - Infosecurity Magazine (infosecurity-magazine.com)

• IFN – Cyber Security: Not an IT problem, but a business one (islamicfinancenews.com)

• Cyber incidents hit 15% of global firms (tribune.com.pk)

• The cost of dealing with a cyber attack doubled last year | TechRadar

• Board Priorities 2024: Cyber preparedness & resilience - Lexology

• Boardrooms on notice: Cyber security oversight more important than ever (securitybrief.co.nz)

• What the Board Needs to Know About Exponential Disruption, Cyber Security, Risk Management and Strategy - OODA Loop

• Why cyber security and risk management are crucial for growth | World Economic Forum (weforum.org)

• XM Cyber's 2024 Survey on the State of Security Posture Reveals Remediation Efforts Falling Behind Surging Exposures (prnewswire.com)

• How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard

• The expanding scope of CISO duties in 2024 - Help Net Security

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• 2023 was a big year for cyber crime – here’s how we can make our systems safer | World Economic Forum (weforum.org)

• The Reality Of Cyber In 2024: What Dangers Do Businesses Face? - Minutehack

• Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)

• The power of basics in 2024's cyber security strategies - Help Net Security

• Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)

• DSIT launches UK Cyber Governance Project | UKAuthority

Threats

Ransomware, Extortion and Destructive Attacks

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

• British Library ransomware cyber attack ‘set to cost £7million’ (yahoo.com)

• Richard Osman among authors missing royalties amid ongoing cyber attack on British Library | British Library | The Guardian

• There is a Ransomware Armageddon Coming for Us All (thehackernews.com)

• UK CISO’s are cowing to ransomware demands more than you think, here’s why they shouldn’t pay up (databreaches.net)

• Ransomware incidents reported to UK financial regulator doubled in 2023 - The Intermediary - Latest UK mortgage news

• Ransomware victims targeted in follow-on extortion attacks • The Register

• Swatting: The new normal in ransomware extortion tactics • The Register

• Another top US mortgage firm hit by major cyber attack | TechRadar

• Capital Health attack claimed by LockBit ransomware, risk of data leak (bleepingcomputer.com)

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Babuk ransomware decryptor updated with Tortilla support • The Register

• "Security researcher" offers to delete data stolen by ransomware attackers - Help Net Security

• Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)

• Finland warns of Akira ransomware wiping NAS and tape backup devices (bleepingcomputer.com)

• Diving deep into Phobos ransomware. (thecyberwire.com)

• Ransomware payment ban: Wrong idea at the wrong time • The Register

Ransomware Victims

• In $1.4B coverage over cyber attack, Merck settles with insurers (fiercepharma.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• British Library says final cost of cyber attack is ‘not confirmed’ | Evening Standard

• 'Totally and utterly bereft' — the devastating repercussions of the British Library cyber attack (yahoo.com)

• Ransomware attackers threaten to send SWAT teams to patients of hacked hospitals - Neowin

• Mortgage firm loanDepot cyber attack impacts IT systems, payment portal (bleepingcomputer.com)

• Toronto Zoo: Ransomware attack had no impact on animal wellbeing (bleepingcomputer.com)

• LockBit ransomware gang claims the attack on Capital Health (securityaffairs.com)

• Fidelity National Financial says hackers stole data on 1.3 million customers | TechCrunch

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

• HMG Healthcare Says Data Breach Impacts 40 Facilities - Security Week

• Full reopening of Isle of Man dentist delayed by 'serious cyber attack' | iomtoday.co.im

• Ransomware wrecks Paraguay’s largest telco (databreaches.net)

Phishing & Email Based Attacks

• Uncovering the hidden dangers of email-based attacks - Help Net Security

• Inside a $20 Million Coinbase Phishing Ring (404media.co)

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Female cyber pros group targeted in phishing scam | IT Business

Artificial Intelligence

• Hackers are deliberately "poisoning" AI systems to make them malfunction, and there's no way to defend against it | ITPro

• Adapting Security to Protect AI/ML Systems (darkreading.com)

• AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says - Security Week

• NIST identifies AI cyber security vulnerabilities (iapp.org)

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week

• Why Cyber Security Is Foundational To AI Safety (forbes.com)

• FTC offers $25,000 prize for detecting AI-enabled voice cloning (bleepingcomputer.com)

• The growing challenge of cyber risk in the age of synthetic media - Help Net Security

• Securing AI systems against evasion, poisoning, and abuse - Help Net Security

• Staying One Step Ahead of Hackers When It Comes to AI | WIRED

• New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW

• AI discovers that not every fingerprint is unique (techxplore.com)

• VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)

2FA/MFA

• Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

Malware

• Malware Takedowns Show Progress, But Fight Against Cyber Crime Not Over - Infosecurity Magazine (infosecurity-magazine.com)

• This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe | Tom's Guide (tomsguide.com)

• A new macOS backdoor could let hackers hijack your device without you knowing | TechRadar

• Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (bleepingcomputer.com)

• North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)

• SpectralBlur: New macOS Backdoor Threat from North Korean Hackers (thehackernews.com)

• Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)

• Stuxnet: The malware that cost a billion dollars to develop? • Graham Cluley

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Linux devices are under attack by a never-before-seen worm | Ars Technica

• Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (darkreading.com)

• ‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)

• Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (thehackernews.com)

• Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)

Mobile

• CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)

• Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week

Internet of Things – IoT

• Russia Hacked Residential Cameras in Ukraine to Spy on Air Defence, Critical Infrastructure - Security Week

• Coming Soon to a Network Near You: More Shadow IoT - Security Week

• The Connection Between Alaska Airlines, Blown Out Windows, and IoT Security - Security Boulevard

• Surveyed drivers prefer low-tech cars over data-sharing ones • The Register

• VW AI move is greeted with caution as risks still real says expert (emergingrisks.co.uk)

Data Breaches/Leaks

• Law Firm Orrick Reveals Extensive Data Breach, Over Half a Million Affected - Security Week

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications (securityaffairs.com)

• 2.2 billion records compromised by security incidents In Dec 2023 (itsecuritywire.com)

• Texas-based care provider HMG Healthcare says hackers stole unencrypted patient data | TechCrunch

• Midwives clinic takes nine months to deliver news of data breach (bitdefender.com)

Organised Crime & Criminal Actors

• Cyber Crime Marketplaces Soar in 2024: All Threats Now Available ‘As-a-Service’ - Security Boulevard

• 19 xDedic Cyber Crime Market Users and Admins Face Prison - Infosecurity Magazine (infosecurity-magazine.com)

• 2023 was a big year for cyber crime – here’s how we can make our systems safer | World Economic Forum (weforum.org)

• Cyber Attacks Drain $1.84bn from Web3 in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)

• Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)

• Move Over, APTs: Common Cyber Criminals Begin Critical Infrastructure Targeting (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Inside a $20 Million Coinbase Phishing Ring (404media.co)

• What Is Cryptojacking, and Why Is Higher Education Being Targeted? | EdTech Magazine

• UK politician criticizes X (formerly Twitter) after account hijacked by crypto scam (therecord.media)

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 (thehackernews.com)

• Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)

• Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)

• Cryptocurrency community lost over $100 million last week (coinpaper.com)

• ‘Yet another Mirai-based botnet’ is spreading an illicit cryptominer (therecord.media)

• Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks | WIRED

• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks (thehackernews.com)

Insider Risk and Insider Threats

• Bribed US Navy sailor sold secrets to China for just $14k • The Register

Insurance

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• 2024 Cyber Insurance Requirements Predictions (trendmicro.com)

Supply Chain and Third Parties

• Framework discloses data breach after accountant gets phished (bleepingcomputer.com)

• Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  - Security Week

Cloud/SaaS

• SaaS cyber crime levels are expected to rise this year - Digital Journal

• Widening Disparities and Growing Threats Cloud Global Cyber security Outlook for 2024 > Press releases | World Economic Forum (weforum.org)

• Microsoft Lets Cloud Users Keep Personal Data Within Europe to Ease Privacy Fears - Security Week

• Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)

Identity and Access Management

• Authentication is more complicated than ever. 4 ways to improve cyber defences for our new reality | ZDNET

Linux and Open Source

• Linux devices are under attack by a never-before-seen worm | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

• What is credential stuffing and how do you keep your accounts safe from it (engadget.com)

Social Media

• SEC's Twitter account hacked to say Bitcoin ETFs approved. Politicians and lawyers demand investigation into security breach (bitdefender.com)

• Mandiant's X Account Was Hacked Using Brute-Force Attack (thehackernews.com)

• Security firm Mandiant says it didn’t have 2FA enabled on its hacked Twitter account • Graham Cluley

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• Fake Recruiters Defraud Facebook Users via Remote Work Offers (darkreading.com)

• Sexual assault in the metaverse investigated by British police • Graham Cluley

• Netgear, Hyundai latest X accounts hacked to push crypto drainers (bleepingcomputer.com)

• UK politician criticizes X (formerly Twitter) after account hijacked by crypto scam (therecord.media)

• Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)

• Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)

• Coinbase Offers SEC Security Assistance After X Account Hack (beincrypto.com)

Malvertising

• X users fed up with constant stream of malicious crypto ads (bleepingcomputer.com)

• Serious New Facebook Warning For Apple iPhone and Google Android Users (forbes.com)

• Why You Shouldn't Opt In to Facebook's Link History Feature (makeuseof.com)

Regulations, Fines and Legislation

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

• US DOD’s CMMC 2.0 rules lift burdens on MSPs, manufacturers | CSO Online

• SEC Speech on Cyber Security Disclosure | Paul Hastings LLP - JDSupra

• What does the EU’s Cyber Security Regulation aim to achieve? (siliconrepublic.com)

• SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)

• SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)

• Mandiant, SEC Lose Control of X Accounts Without 2FA (darkreading.com)

• Cyber Criminal Whistleblowers will Get Smarter - Security Boulevard

• Ofcom poaches Big Tech staff in push to enforce new internet curbs (ft.com)

• Cyber Security | UK Regulatory Outlook January 2024 - Osborne Clarke | Osborne Clarke

Models, Frameworks and Standards

• NIST Fortifies Chatbots and Self-Driving Cars Against Digital Threats - Infosecurity Magazine (infosecurity-magazine.com)

• NIST identifies AI cyber security vulnerabilities (iapp.org)

• NIST: No Silver Bullet Against Adversarial Machine Learning Attacks - Security Week

Data Protection

• ICO hits hacked firm with GDPR reprimand | AccountingWEB

Careers, Working in Cyber and Information Security

• 68% of organizations face risks due to cyber security skills shortage | Security Magazine

Law Enforcement Action and Take Downs

• Malware Takedowns Show Progress, But Fight Against Cyber Crime Not Over - Infosecurity Magazine (infosecurity-magazine.com)

• 19 xDedic Cyber Crime Market Users and Admins Face Prison - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums admin jailed again for using a VPN, unmonitored PC (bleepingcomputer.com)

• Watchdog finds ‘sufficient’ cyber threat sharing at agencies, but barriers remain - Government Executive (govexec.com)

• Nigerian Gets 10 Years For Laundering Scam Funds - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Cyber Insecurity and Misinformation Top WEF Global Risk List - Infosecurity Magazine (infosecurity-magazine.com)

• AI-Powered Misinformation is the World’s Biggest Short-Term Threat, Davos Report Says - Security Week

• Only 4% of US States Fully Prepared for Cyber Attacks Targeting Electi - Infosecurity Magazine (infosecurity-magazine.com)

• New AI tools spawn fears of greater 2024 election threats, survey finds - Nextgov/FCW

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• War or Cost of Doing Business? Cyber Insurers Hashing Out Exclusions (darkreading.com)

• Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• How the Merck Case Shapes the Future of Cyber Insurance (databreachtoday.co.uk)

Nation State Actors

China

• AI is helping US spies catch stealthy Chinese hacking ops, NSA official says | CyberScoop

• Bribed US Navy sailor sold secrets to China for just $14k • The Register

• China Claims It Caught a Foreign Consultant Spying for UK’s MI6 | TIME

• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week

• China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Security Week

Russia

• Merck settles with insurers regarding a $1.4 billion claim (securityaffairs.com)

• Merck Settles NotPetya Insurance Claim, Leaving Cyberwar Definition Unresolved - Security Week

• Russia Hacked Residential Cameras in Ukraine to Spy on Air Defence, Critical Infrastructure - Security Week

• Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign (darkreading.com)

• Military briefing: Russia has the upper hand in electronic warfare with Ukraine (ft.com)

• Russia's Sandworm blamed for Kyivstar telecom cyber attack • The Register

• Media: Ukrainian hackers hit Russian internet provider, claim they are preparing 'revenge for Kyivstar' (kyivindependent.com)

• Ukraine is on the front lines of global cyber security - Atlantic Council

Iran

• Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (therecord.media)

• Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)

• Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware (thehackernews.com)

• Iranian crypto exchange Bit24.cash leaks user passports and IDs (securityaffairs.com)

• Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report - Security Week

• Investigation on Stuxnet malware triggers doubt | SC Media (scmagazine.com)

North Korea

• North Korea Debuts 'SpectralBlur' Malware Amid macOS Onslaught (darkreading.com)

• North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 (thehackernews.com)

• South Korea's technological superiority challenged by North Korea's cyber attacks - The Korea Times

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies (thehackernews.com)

• Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Security Week

• Turkish Cyber Spies Targeting Netherlands - Security Week

• Young Britons exposed to online radicalisation following Hamas attack - BBC News

• Who Is Behind Pro-Ukrainian Cyber Attacks on Iran? (darkreading.com)

• Media: Ukrainian hackers hit Russian internet provider, claim they are preparing 'revenge for Kyivstar' (kyivindependent.com)

• Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)

• CISA warns agencies of fourth flaw used in Triangulation spyware attacks (bleepingcomputer.com)

Vulnerability Management

• 82% of Companies Struggle to Manage Security Exposure - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerability Handling in 2023: 28,000 New CVEs, 84 New CNAs - Security Week

• Researchers develop technique to prevent software bugs - Help Net Security

• Best Practices for Vulnerability Scanning: When and How Often to Perform - Security Boulevard

Vulnerabilities

• Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs (bleepingcomputer.com)

• Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws (securityaffairs.com)

• Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security (darkreading.com)

• Ivanti warns of Connect Secure zero-days exploited in attacks (bleepingcomputer.com)

• Cisco Patches Critical Vulnerability in Unity Connection Product - Security Week

• This new macOS backdoor lets hackers take over your Mac remotely — how to stay safe | Tom's Guide (tomsguide.com)

• KyberSlash attacks put quantum encryption projects at risk (bleepingcomputer.com)

• QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Security Week

• CISA Adds Six Known Exploited Vulnerabilities to Catalog | CISA

• Attacks aimed at vulnerable Apache RocketMQ servers underway | SC Media (scmagazine.com)

• Flaw in AI Plugin Exposes 50,000 WordPress Sites to Remote Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Fortinet Releases Security Updates for FortiOS and FortiProxy | CISA

• Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager (thehackernews.com)

• Android's January 2024 Security Update Patches 58 Vulnerabilities - Security Week

• SAP's First Patches of 2024 Resolve Critical Vulnerabilities - Security Week

• Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days - Security Week

• CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack (thehackernews.com)

• CISA Urges Patching of Exploited SharePoint Server Vulnerability - Security Week

• Over 150k WordPress sites at takeover risk via vulnerable plugin (bleepingcomputer.com)

• SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) - Help Net Security

• Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks (thehackernews.com)

Tools and Controls

• Why Red Teams Can't Answer Defenders' Most Important Questions (darkreading.com)

• Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cyber Security - Security Week

• Why Public Links Expose Your SaaS Attack Surface (thehackernews.com)

• APIs are increasingly becoming attractive targets - Help Net Security

• Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center

• Insufficient Internal Network Monitoring in Cyber Security - Security Boulevard

• Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)

• 4 ways data and AI tip the cyber security scales towards the defenders | World Economic Forum (weforum.org)

• How to Plan Your Security Budget Without Compromising Your Security Stack - Security Boulevard

• Authentication is more complicated than ever. 4 ways to improve cyber defences for our new reality | ZDNET

• Embracing offensive cyber security tactics for defence against dynamic threats - Help Net Security

• Lions and tigers and bears, oh my! Global legal risks in cyber security investigations (iapp.org)

• Here's how to build a more inclusive cyber security strategy | World Economic Forum (weforum.org)

• 2024 Cyber Insurance Requirements Predictions (trendmicro.com)

• Exposed Secrets are Everywhere. Here's How to Tackle Them (thehackernews.com)

Other News

• SEC Had a Fraught Cyber Record Long Before X Account Was Hacked (bloomberglaw.com)

• SolarWinds Hits Back at SEC After Agency’s X Account Was Hacked (bloomberglaw.com)

• Cyber Security is the Number One Priority for the Financial Sector Again, Says Softcat | The Fintech Times

• Cyber Focused FBI Agents Deploy to Embassies Globally (darkreading.com)

• A cyber attack hit the Beirut International Airport (securityaffairs.com)

• Cyber attacks on Island ‘are mostly from Russia’ - Jersey Evening Post

• Whodunit in Cyber Space: The Rocky Road from Attribution to Accountability • Stimson Center

• Hackers Dox Lawmakers Behind North Carolina Age Verification (dailydot.com)

• Threat Actors Increasingly Abusing GitHub for Malicious Purposes (thehackernews.com)

• XM Cyber's 2024 Survey on the State of Security Posture Reveals Remediation Efforts Falling Behind Surging Exposures (prnewswire.com)

• It’s 2024. Time to Have Attribution Standards in Cyber Space - OODA Loop

• Protecting Critical Infrastructure Means Getting Back to Basics (darkreading.com)

• 6 of the biggest threats banks faced in 2023 | American Banker

• Study reveals cyber risks to US elections | Computer Weekly

• US to hospitals: Meet security standards or no federal money • The Register

• After Barrage of Hacks, Hospitals Will Face New Federal Cyber Security Rules Tied to Funding (databreaches.net)

• Hospitals Must Treat Patient Data and Health With Equal Care (darkreading.com)

• Softcat reveals cyber security is top IT priority for the retail sector in 2024 | Retail Technology Review

• Cyber Security Risk Mitigation for Law Firms in 2024 | US Legal Support - JDSupra

• Cyber security challenges escalate for renewable energy amidst geopolitical crises - NS Energy (nsenergybusiness.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Majority of 2023’s Critical Cyber Attacks Stemmed from Fewer Than 1% of Vulnerabilities, with 1 in 4 High Risk Vulnerabilities Exploited Within 24 Hours of Going Public

A new Qualys report reveals that less than 1% of vulnerabilities are responsible for the greatest damage, and a quarter of high-risk vulnerabilities are now being exploited within a day of disclosure. In 2023, a record-breaking 26,000 vulnerabilities have been identified so far, emphasising the need for organisations to accelerate their response times. High-risk vulnerabilities, particularly in network devices and web applications, are the main targets for attackers seeking unauthorised access or privilege escalation. This situation underscores the critical need for organisations to implement a multi-layered defence strategy, automate patching where appropriate especially in areas of critical infrastructure, and adopt zero-trust principles to safeguard against such swift and potent cyber threats.

Sources: [SiliconANGLE] [SC Media]

Ransomware Gangs Are Increasingly Turning to Remote Access Tools for Attacks, As UK Honeypots Attacked 17 million Times Per Day

Nearly three quarters of cyber-attacks across the UK in 2023 targeted technology frequently used for remote working, new data from Coalition has revealed.

Attackers frequently target Remote Desktop Protocol (RDP), a tool that lets users access office computers from home, as it grants the attacker quick access to devices and allows them to execute further attacks.

Honeypot sensors maintained by Coalition have recorded 5.8 billion attacks so far in 2023, averaging around 17 million attacks per day. Of these it was found that 76% of attacks targeted RDP.

Attackers exploit RDP vulnerabilities that often stem from simple configuration mistakes. By taking steps like disabling unnecessary remote access or tightening controls, companies can help shield themselves from these pervasive threats.

Sources: [Insurance Times] [TechRadar] [Infosecurity Magazine]

Why Employees Are a Bigger Security Risk than Hackers

In today's interconnected world, the spotlight is often on cyber criminals attacking from outside, but a worrying trend points inward. A recent study by Imperva reveals that insiders pose a significant threat, being behind 58% of security incidents. The incidents are a mixture of deliberate misuse and accidents, however the majority of organisations lack a strategy to combat these risks. Even when strategies exist, they may be undermined by employees bypassing IT protocols or due to the pressures of adapting to new technologies. With insider incidents on the rise by 47% in two years, the costs are too great to ignore.

Source: [Raconteur]

77% of Financial Services Firms Detected a Cyber Attack in the Last Year, as Finance and Healthcare Continue to Suffer the Most Cyber Attacks

Cyber attacks are more prevalent in the financial services sector than in any other industry. Last year, 77% of financial institutions were targeted, primarily through phishing and ransomware attacks. After financial services the second most targeted sector is healthcare. Both types of institutions are attractive targets not only because of their wealth of sensitive data but also because disruptions to their operations can lead to substantial ransom payments. They face increasingly sophisticated threats and the financial impact is significant, with approximately a quarter of these institutions estimating damages of at least $50,000. To mitigate these risks organisations are turning to cyber insurance, which necessitates further tightening of security practices, including identity and access management, to meet insurers’ stringent standards.

The healthcare sector reported over 179,000 cyber attacks in a single quarter, affecting entities globally. The primary threats were infostealers and ransomware. There have been scores of notable incidents where hospitals have been shut down or otherwise unable to operate. In many cases, this resulted in closing emergency departments, interfering with planned or emergency surgeries and forcing ambulances to divert to other hospitals, potentially causing life threatening delays. Further, a recent report analysing the enterprise risk management for the financial sector found that the two biggest concerns were rising interest rates at 74% and ransomware attacks at 65%.

Sources: [Security Magazine] [MSSP Alert] [PR NewsWire] [Security Magazine]

New Report Data Shows 75% Increase in Suspicious Emails Hitting Inboxes

A new report has unveiled the escalating threat posed by phishing emails, as detected by DMARC software. In the past year, there's been a 70% rise in emails flagged as fraudulent, with almost 18% of total email traffic in the first half of 2023 being intercepted as potential phishing attempts. This surge underscores a pressing need for robust email security measures. Simple yet effective tools like DMARC, which automatically weeds out emails impersonating legitimate domains, are becoming critical in the fight against these sophisticated scams. With the average cost of a cyber attack now well into the millions, and given the high click rates on phishing emails, it is clear that taking proactive steps to strengthen an organisations digital defence is not just sensible, it is essential for safeguarding the businesses in the digital age.

Source: [Dark Reading]

Threat Actors Still Exploiting Old Unpatched Vulnerabilities

A report by Cisco has found that the most targeted vulnerabilities this year, same as previous years, were old unpatched vulnerabilities which should have been fixed a long time ago. Some of these security gaps in widely-used applications like Microsoft Office and or within versions of Windows itself are over a decade old. Unpatched vulnerabilities can leave systems open to exploitation, potentially leading to unauthorised access, data breaches, and widespread security incidents, including being a key enabler of ransomware attacks. This highlights an urgent call to action for organisations to patch known vulnerabilities and secure user accounts to fortify their defences against cyber threats.

Source: [IT Business]

Many Organisations Still Lack Formal Cyber Security Training

As we navigate into 2024, a new report by the SANS Institute found that more than 30% of organisations do not regularly perform cyber readiness exercises, while 40% have yet to establish formal training for cyber security. These findings underline a gap between the need for robust security measures and actual preparedness. On a positive note, most organisations are adopting frameworks like the NIST CSF to shape their security posture, and two-thirds are actively using metrics to gauge the effectiveness of their security operations. Yet, there’s a call to action here: for real progress, intentional investment and commitment to comprehensive training and stringent security operations are non-negotiable. This is the path to mature security operations that can withstand the complexities of today’s cyber threats.

Source: [Security Brief]

Addressing the Growing Threat of Supply Chain Cyber Attacks

As businesses become more interconnected through digital supply chains, supply chain cyber attacks are becoming more of a pressing issue for organisations. The attackers tend to exploit weaknesses in third-party suppliers, often with less guarded entry points, to access larger networks. With companies increasingly outsourcing and using cloud adoption, the need for stringent third-party cyber risk assessments is vital. However, complexities arise with the shared responsibility model for cloud security, where setting out the division of security duties between cloud service providers and clients can blur lines of defence. To tackle these challenges, integration of cyber security into procurement and supply chain processes is essential. This means enforcing collaboration between procurement and cyber security teams, mandating security standards in vendor contracts, and utilising automated tools for continuous risk assessments. Safeguarding modern supply chains is no longer a siloed task but a strategic, organisation wide imperative.

Source: [HackerNoon]

Cyber Incident Costs Surge 11% as Budgets Remain Muted

A new report found an 11% jump in the direct costs of a significant cyber incident, now averaging $1.7 million. The burden is even heavier for those without cyber insurance, with costs escalating to $2.7 million per incident. Cyber risks like fraud, third-party breaches, and data theft remain prevalent. Despite these increasing threats, cyber security budgets have grown modestly and are not keeping pace with the increased level of threat. The report also highlights a concerning gap in understanding cyber threats and a lack of internal training, emphasising the critical need for not just financial investment, but also a deeper engagement with cyber security training and awareness within organisations.

Source: [Infosecurity Magazine]

Attacks on Critical Infrastructure are Harbingers of War: Are We Prepared?

The escalating cyber threats against critical infrastructure, like recent attacks on water authorities, highlight an urgent security concern. These attacks, which are often state-sponsored, are not just targeting financial or data assets but are striking at essential services vital to human survival. The tactics used in these attacks, known as Intelligence Preparation of the Battlefield (IPB), are aimed at weakening a nation by disrupting services like power and water, key to both civil stability and military operations. Nations like Russia, China, and Iran employ these strategies for different purposes, ranging from strategic military advantages to ideological victories. The use of ransomware, as seen in the increasing incidents reported by the FBI, is a tool for both financial gain and geopolitical disruption. As we face these multifaceted threats, the need for robust cyber security measures to protect our critical infrastructure has never been more pressing. It is a call to action for nations and organisations alike to fortify their defences against these evolving and serious cyber threats.

Source: [SC Media]

UK Data Centres to be Classed as Critical Infrastructure Under New Gov Proposals

The UK government is considering new regulations aimed at enhancing the security and resilience of data centres. The Department for Science, Innovation and Technology (DSIT) recognises the vital role of these data hubs and is examining the adequacy of current safety practices. With the identification of varying levels of security across the sector, the prospect of legislating minimum security standards is on the table. This may include establishing a regulatory body to oversee incident reporting and risk mitigation strategies, particularly for third-party service providers. These measures underscore the government's commitment to safeguarding data centres, which are increasingly integral to the UK's economic vitality and national security. As part of a broader initiative, the sector could be designated as critical national infrastructure, aligning it with international best practices and ensuring comprehensive protection from cyber threats and other risks.

Source: [ITPro]

Data Exfiltration and Extortion is the New Ransomware Threat, as 65% of Organisations Say Ransomware Concerns Impact Risk Management

Cyber criminals are escalating their tactics and becoming more aggressive in their effort to maximise disruption and compel the payment of ransom demands. Earlier this year, the ransomware group ALPHV exploited the new US data breach disclosure rules by filing a complaint with the US Securities and Exchange Commission (SEC) against a victim company for not reporting an alleged significant data breach. This marks a strategic evolution from traditional ransomware attacks, where data is encrypted and held hostage, to more nuanced extortion schemes. Such tactics are becoming more sophisticated, with triple extortion attacks threatening not just the target company but also their partners and clients. This shift from encryption to pure extortion requires a fresh understanding of cyber threats and a re-evaluation of defence strategies. It highlights the urgent need for businesses to protect not just their own data but also to consider the security of their entire data supply chain.

Source: [TechCrunch]

Governance, Risk and Compliance

• Cyber Incident Costs Surge 11% as Budgets Remain Muted - Infosecurity Magazine (infosecurity-magazine.com)

• Three Tech Budget Implementations To Help Optimize Your Resources (forbes.com)

• New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• Healthcare and Finance Suffer Most Cyber Attacks | MSSP Alert

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Level of cyber security: the new key indicator of a company's performance | TechRadar

• Managing cyber security risk during challenging economic times (techinformed.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• The year in cyber security: 6 stories to read from 2023 | World Economic Forum (weforum.org)

• After-Incident Reports Turn Breaches Into Security Blueprints (pymnts.com)

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Why extortion is the new ransomware threat | TechCrunch

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• FBI: ALPHV ransomware raked in $300 million from over 1,000 victims (bleepingcomputer.com)

• Ransomware attacks hit new record in November :: Insurance Day

• Ransomware attacks on the rise in the UK (itsecuritywire.com)

• UK at High Risk of ‘Catastrophic’ Cyber Attack Affecting Critical Infrastructure: Report (insurancejournal.com)

• Ransomware surges, despite aggressive defences | SC Media (scmagazine.com)

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• Double-Extortion Play Ransomware Strikes 300 Organisations Worldwide (thehackernews.com)

• Ransomware trends and recovery strategies companies should know - Help Net Security

• Ransomware Attacks in November Rise 67% From 2022 (darkreading.com)

• 10 of the biggest ransomware attacks in 2023 | TechTarget

• BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign (securityaffairs.com)

• ALPHV Second Most Prominent Ransomware Strain Before Reported Downtime - Infosecurity Magazine (infosecurity-magazine.com)

• CISA releases Play ransomware guidelines | Security Magazine

• US and Australia Warn of Play Ransomware Threat - Infosecurity Magazine (infosecurity-magazine.com)

• Devices (and ransomware) are everywhere: How endpoint security must adapt | SC Media (scmagazine.com)

• Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (thehackernews.com)

• Ransomware gangs are increasingly turning to remote encryption, and that's a huge problem | TechRadar

• FBI Develops Decryption Tool That Could Tackle Casino Attacks (sbcamericas.com)

Ransomware Victims

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Ransomware gang behind threats to Fred Hutch cancer patients (bleepingcomputer.com)

• Delta Dental of California data breach exposed info of 7 million people (bleepingcomputer.com)

• Seattle cancer centre confirms cyber attack after ransomware gang threats (therecord.media)

• France International Schools Agency Impacted by Ransomware Hack - Bloomberg

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Attack Slams The North Face and Vans Owner, Shares Plunge - The Messenger

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• MongoDB shares fall on cyber security incident By Investing.com

• 2.7M medical records exposed in double-extortion ransomware attack | SC Media (scmagazine.com)

• Nearly 3 million affected by ransomware attack on medical software firm (therecord.media)

• Title insurance giant First American offline after cyber attack (bleepingcomputer.com)

• St Vincent’s Health Australia says data stolen in cyber attack (yahoo.com)

• Kansas City-area hospital transfers patients, reschedules appointments after cyber attack (therecord.media)

• Ransomware cyber attack hits Milton Town School District (databreaches.net)

• The ransomware attack on Westpole is disrupting digital services for Italian public administration (securityaffairs.com)

Phishing & Email Based Attacks

• Generative AI is making phishing attacks more dangerous | TechTarget

• New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes (darkreading.com)

• Anatomy of a Phishing Attack: How Hackers Trick You - Techopedia

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols - Security Week

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Artificial Intelligence

• Generative AI is making phishing attacks more dangerous | TechTarget

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• 'Unintended harms' of generative AI are national security risk to UK (techmonitor.ai)

• Unequal Risk, Unequal Reward: How Gen AI disproportionately harms countries (ox.ac.uk)

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• Security Researchers: ChatGPT Vulnerability Allows Training Data to be Accessed by Telling Chatbot to Endlessly Repeat a Word - CPO Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• How AI is weaponized for cyber attacks (betanews.com)

• Why 'dark AI' is a top cyber security concern for 2024 | Pension Times

• The cyber security arms race: AI vs. AI | TechRadar

• How AI Is Shaping the Future of Cyber Crime (darkreading.com)

• 4 ways CISOs can manage AI use in the enterprise | CIO

2FA/MFA

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malware

• New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks (thehackernews.com)

• Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges (thehackernews.com)

• Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• Windows and macOS targeted by new Go-based malware | TechRadar

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• Over 10K downloads amassed by malicious PyPi packages | SC Media (scmagazine.com)

• Info stealers and how to protect against them (securityaffairs.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• Qakbot is back and targets the Hospitality industry (securityaffairs.com)

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Scam 'missed parcel' SMS messages: advice on avoiding malware - NCSC.GOV.UK

• 3 Ways to Use Real-Time Intelligence to Defeat Bots (darkreading.com)

• Microsoft: Hackers target defence firms with new FalseFont malware (bleepingcomputer.com)

• Hospitality sector subjected to new malware attacks | SC Media (scmagazine.com)

Mobile

• iOS 17.2 update puts an end to Flipper Zero's iPhone shenanigans | ZDNET

• The 5G risk: How to protect your smartphone from emerging security threats - PhoneArena

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• What is spyware and what can you do to stay protected? - Amnesty International

• NSO Group May Be On Its Way Out But There’s No Shortage Of Competitors To Take Its Place | Techdirt

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

Internet of Things – IoT

• IoT security strategy: an arms race for businesses | ITPro

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• Cyber security and car thefts: how are car makers responding? | CAR Magazine

• Marketer sparks panic with claims it uses smart devices to eavesdrop on people | Ars Technica

• Marketing firm admits it listens to conversations to sell targeted ads (searchengineland.com)

Data Breaches/Leaks

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• MongoDB says customer data was exposed in a cyber attack (bleepingcomputer.com)

• Mr Cooper now says 15M people's data exposed in cyber attack • The Register

• Wolverine-developer Insomniac Games sees 1.67TB of secrets leaked in data breach | Ars Technica

• Everything Hackers Just Revealed in Sony Insomniac Games Leak (tech.co)

• Comcast says hackers stole data of close to 36 million Xfinity customers | TechCrunch

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Celebrities Found in Unprotected Real Estate Database Exposing 1.5 Billion Records - Security Week

• Data leak exposes users of car-sharing service Blink Mobility (securityaffairs.com)

• Hacked security cam footage from bedrooms, dressing rooms, spas found to be on sale on Telegram group - NotebookCheck.net News

Organised Crime & Criminal Actors

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• INTERPOL celebrates huge cyber crime Christmas present (emergingrisks.co.uk)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• BattleRoyal Cluster Signals DarkGate Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Data of over a million users of the crypto exchange GokuMarket exposed (securityaffairs.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

Insider Risk and Insider Threats

• Insider threats: why employees are a bigger risk than hackers (raconteur.net)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• DeFi’s billion-dollar secret: The insiders responsible for hacks – Cointelegraph Magazine

Insurance

• Mandatory protections, higher premiums and continued growth -- cyber insurance predictions for 2024 (betanews.com)

• Uninsured firms incur 69% higher cyber incident costs - CIR Magazine

Supply Chain and Third Parties

• What is supply chain risk management (SCRM)? | Definition by TechTarget

• Addressing the Growing Threat of Supply Chain Cyber Attacks | HackerNoon

• Homebuyers stress as thousands of house purchases frozen by cyber attack - Property Industry Eye

• Supply chain emerges as major vector in escalating automotive cyber attacks - Help Net Security

• Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024 (darkreading.com)

Cloud/SaaS

• Most cloud transformations are stuck in the middle - Help Net Security

• IoT security strategy: an arms race for businesses | ITPro

• Millions of Microsoft Accounts Power Lattice of Automated Cyber Attacks (darkreading.com)

• Box cloud storage down amid 'critical' outage (bleepingcomputer.com)

Encryption

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

Passwords, Credential Stuffing & Brute Force Attacks

• The password attacks of 2023: Lessons learned and next steps (bleepingcomputer.com)

• CISA urges vendors to get rid of default passwords | CyberScoop

• BMW dealer at risk of takeover by cyber criminals - Security Affairs

• Hospitality Industry Faces New Password-Stealing Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals target hotel staff for management credentials • The Register

Social Media

• Social media platform X back up after global outage | Reuters

• Crypto scammers abuse Twitter ‘feature’ to impersonate high-profile accounts (bleepingcomputer.com)

• Crypto drainer steals $59 million from 63k people in Twitter ad push (bleepingcomputer.com)

• New phishing attack steals your Instagram backup codes to bypass 2FA (bleepingcomputer.com)

Malvertising

• Malvertising has been out of control in 2023, and Google needs to do more to stop it | ITPro

Training, Education and Awareness

• Are We Ready to Give Up on Security Awareness Training? (thehackernews.com)

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

Regulations, Fines and Legislation

• CFOs are under the gun as the SEC's new 4-day data breach disclosure window goes into effect | Fortune

• SEC vs. SolarWinds: A cyber security game changer for CISOs (securitybrief.co.nz)

• Porsche To Kill ICE-Powered Macan In Europe Over Cyber Security Laws | Carscoops

• UK data centres to be classed as critical infrastructure under new gov proposals | ITPro

• Clock Starts on SEC Cyber Attack Rules: What CISOs Should Know (informationweek.com)

• SEC disclosure rule for ‘material’ cyber security incidents goes into effect | CyberScoop

• What Do CISOs Have to Do to Meet New SEC Regulations? (darkreading.com)

• EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member states | ITPro

• Rules targeting financial criminals will require new filings for startups and small businesses – GeekWire

• A quiet cyber security revolution is touching every corner of the economy as US, allies ‘pull all the levers’ to face new threats | Fortune

Models, Frameworks and Standards

• Cyber Security Frameworks: A Guide for MSSPs | MSSP Alert

• SANS Institute Research Shows the Frameworks Organisations Use (darkreading.com)

Careers, Working in Cyber and Information Security

• How cyber security roles are changing and what to look for when hiring | CSO Online

Law Enforcement Action and Take Downs

• BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets - Security Week

• A Major Ransomware Takedown Suffers a Strange Setback | WIRED

• US law enforcement seizes BlackCat ransomware site, distributes decryption key (axios.com)

• Ex-Amazon engineer pleads guilty to hacking crypto exchanges (bleepingcomputer.com)

• How Microsoft’s cyber crime unit has evolved to combat increased threats | Ars Technica

• Gang charged with running $80 million "pig butchering" cryptocurrency investment scam (bitdefender.com)

• Former IT manager pleads guilty to attacking high school network (bleepingcomputer.com)

• Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cyber Crime | WIRED

• German police takes down Kingdom Market cyber crime marketplace (bleepingcomputer.com)

• Law enforcement Operation HAECHI IV led to the seizure of $300 Million (securityaffairs.com)

• Two arrested as police investigate Birmingham dark web drugs trade - Birmingham Live (birminghammail.co.uk)

• Interpol op cuffs 3,500 cyber suspects, seizes $300M • The Register

• NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - Security Week

• Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback (darkreading.com)

• Suspects can refuse to provide phone passcodes to police, court rules | Ars Technica

• Dark web marketplace Kingdom Market dismantled | SC Media (scmagazine.com)

• Lapsus$ teen sentenced to indefinite detention in hospital • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Attacks on critical infrastructure are harbingers of war: Are we prepared? | SC Media (scmagazine.com)

Nation State Actors

China

• China's Cyber Warfare Surges With Hacking Of US Infrastructure (thefederalist.com)

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• China's Secret War Preps Inside US Utilities (spytalk.co)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• Chinese Spacecraft Emitting Strong Signal Over North America (futurism.com)

• A top-secret Chinese spy satellite just launched on a supersized rocket | Ars Technica

• China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents (thehackernews.com)

Russia

• Cyber attack on Kyivstar is likely one of highest-impact disruptive in Ukraine since Feb 2022 - British intelligence (interfax.com.ua)

• The UK Defence Intelligence Analyses Massive Cyber Attack Ukraine Suffered | Defence Express (defence-ua.com)

• Ukraine updates: UK says Ukraine suffered severe cyber attack – DW – 12/16/2023

• Espionage from the East: "Russia Is a Storm, China Is Climate Change" - DER SPIEGEL

• US cyber warriors issue a call to arms - Asia Times

• Anonymous Sudan hacking group pledges to keep targeting OpenAI's ChatGPT (axios.com)

• UK and partners form The Tallinn Mechanism for cyber security - GOV.UK (www.gov.uk)

• Ukraine mobile cyber attack high impact says UK - Emerging Risks Media Ltd

• Russian APT29 Hacked US Biomedical Giant in TeamCity-Linked Breach (hackread.com)

• Cyber espionage group Cloud Atlas targets Russian companies with war-related phishing attacks (therecord.media)

Iran

• Israel-linked hacking group claims it ‘disabled’ gas stations across Iran | World News - Hindustan Times

• Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs (darkreading.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware (talosintelligence.com)

Vulnerability Management

• 2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of 2023's critical cyber attacks stemmed from fewer than 1% of vulnerabilities - SiliconANGLE

• 1 in 4 high-risk CVEs are exploited within 24 hours of going public | SC Media (scmagazine.com)

• Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them? (darkreading.com)

• Creating a formula for effective vulnerability prioritization - Help Net Security

• Zoom Unveils Open Source Vulnerability Impact Scoring System - Security Week

• Threat actors still exploiting old unpatched vulnerabilities, says Cisco | IT Business

Vulnerabilities

• 80 percent of Struts 2 downloads include critical flaw • The Register

• ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products (securityaffairs.com)

• Fortinet Releases Security Updates for Multiple Products | CISA

• Flaws in pfSense firewall can lead to arbitrary code execution (securityaffairs.com)

• QNAP VioStor NVR vulnerability actively exploited by malware botnet (bleepingcomputer.com)

• MOVEit Vulnerability Hits Delta Dental: 7 Million Records Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft discovers critical RCE flaw in Perforce Helix Core Server (bleepingcomputer.com)

• Years-Old, Unpatched GWT Vuln Leaves Apps Open to Server-Side RCE (darkreading.com)

• 8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware (thehackernews.com)

• 3CX Urges Customers to Disable Integration Due to Potential Vulnerability - Security Week

• Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Security Week

• Researchers uncover major security issue in Microsoft Azure - here's what we know | TechRadar

• Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File (darkreading.com)

• 3CX warns customers to disable SQL database integrations (bleepingcomputer.com)

• Dell Urges Customers to Patch Vulnerabilities in PowerProtect Products - Security Week

• Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE - Security Week

• Targeted F5 Vulnerability 'Update' Delivers Wiper to Israeli Victims (darkreading.com)

• Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP (thehackernews.com)

• Ivanti releases patches for 13 critical Avalanche RCE flaws (bleepingcomputer.com)

• Apple rolls out iOS 17.2.1 with bugfixes and minor improvements - Neowin

• Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware (thehackernews.com)

• SSH protects the world’s most sensitive networks. It just got a lot weaker | Ars Technica

• Impact of Log4Shell Bug Was Overblown, Say Researchers - Infosecurity Magazine (infosecurity-magazine.com)

• Fake F5 BIG-IP zero-day warning emails push data wipers (bleepingcomputer.com)

• New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now (thehackernews.com)

Tools and Controls

• AI’s efficacy is constrained in cyber security, but limitless in cyber crime - Help Net Security

• More cyber criminals turning to remote desktop protocol attacks | Insurance Times

• Insurer’s UK Honeypots Attacked 17 Million Times Per Day - Infosecurity Magazine (infosecurity-magazine.com)

• The cyber security arms race: AI vs. AI | TechRadar

• Microsoft unveils new, more secure Windows Protected Print Mode (bleepingcomputer.com)

• 65% of organisations say ransomware concerns impact risk management | Security Magazine

• AI in Cyber Security: It's All About Being Aware (inforisktoday.com)

• Demystifying Open XDR: What It Is, How to Do It, and ROI | Binary Defence

• 5 things you need to know about your EDR | CSO Online

• Can you trust Windows Hello biometric authentication | Kaspersky official blog

• Many organisations still lack formal IT security training in 2024 (securitybrief.co.nz)

• How CISOs can manage multiprovider cyber security portfolios | TechTarget

• Intelligence Researchers to Study Computer Code for Clues to Hackers’ Identities - WSJ

• CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool | CISA

• Are Workstation Security Logs Actually Important? | MSSP Alert

• What's the Best Way to Communicate After a Data Breach? (darkreading.com)

• How Segmentation Can Slow a Cyber Attack - ClearanceJobs

Reports Published in the Last Week

• Annual Payment Fraud Intelligence Report: 2023 | Recorded Future

Other News

• The Financial Sector Experiences More Cyber Attacks than Other Verticals, and those Incidents Result in Costlier Outcomes (prnewswire.com)

• 77% of financial organisations detected a cyber attack in the last year | Security Magazine

• Small businesses targeted by cyber criminals for data (securitybrief.co.nz)

• Retailers Are Being Barraged By Cyber Attacks This Holiday Season (forbes.com)

• Complexity leaves energy companies vulnerable to cyber attacks - Verdict

• The MOVEit breach may well have been the biggest cyber attack of the year | TechRadar

• How to bolster security against intellectual property theft (c4isrnet.com)

• In Cyber Security, Some Conventional Wisdom, While Well-Intentioned, Is Off-Base (newsweek.com)

• Navigating The Cyber Security Landscape In 2024 (forbes.com)

• 3 Strategic Insights from Cyber Security Leader Study (trendmicro.com)

• Healthcare sector warned of poor cyber hygiene; CISA doles out remedy advice | SC Media (scmagazine.com)

• The truth behind four small business cyber security myths (themanufacturer.com)

• Conclusion of Crossed Swords: the most exciting offensive cyber operations exercise

• Australia announces cyber security plan after major breaches | World Economic Forum (weforum.org)

• National Grid drops Beijing-backed supplier over UK power network fears (ft.com)

• As British Library faces fallout of cyber attack—what can arts bodies do to combat ransomware threats? (theartnewspaper.com)

• NIST Report Spotlights Cyber, Privacy Risks in Genomic Data (inforisktoday.com)

• Zscaler ThreatLabz Finds Most Cyber Attacks Hide (itsecuritywire.com)

• 86% of cyber attacks are delivered over encrypted channels - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]

Governance, Risk and Compliance

• Corporate boards take heed: Give CISOs the cold shoulder at your peril | CSO Online

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• Global Lawyers Unveil Cyber Best Practices for Execs - Infosecurity Magazine (infosecurity-magazine.com)

• From tech expertise to leadership: Unpacking the role of a CISO - Help Net Security

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Companies make strides in cyber defence and resilience amid escalating cyber threats: Aon - Reinsurance News

• Data Security Can Make Or Break Your Business (forbes.com)

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• CISOs Need Backing to Take Charge of Security (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

• The State Of Cyber security – Outlook And Challenges For 2023 And Beyond (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 67% of data breaches start with a single click - Help Net Security

• 1 in 100 emails is malicious - Help Net Security

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• The race against time in ransomware attacks - Help Net Security

• As Ransomware Attackers’ Motives Changes, So Should Your Defence (forbes.com)

• Global ransomware attacks at an all-time high, shows latest 2023 State of Ransomware report (malwarebytes.com)

• Ransomware gang increases attacks on insecure MSSQL servers | CSO Online

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• How to lead your organisation through a ransomware attack | World Economic Forum (weforum.org)

• Ransomware Attacks on Industrial Organisations Doubled in Past Year: Report - SecurityWeek

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber criminals pivot away from ransomware encryption | Computer Weekly

• Food manufacturers top three for ransomware attacks

• Ransomware on manufacturing industry caused $46bn in losses - IT Security Guru

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• 2023 State of Ransomware | Malwarebytes

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

• The Trickbot/Conti Crypters: Where Are They Now? (securityintelligence.com)

Ransomware Victims

• MOVEit Campaign Claims Millions More Victims - Infosecurity Magazine (infosecurity-magazine.com)

• Hawai'i Community College pays ransomware gang to prevent data leak (bleepingcomputer.com)

• Scottish university UWS targeted by cyber attackers - BBC News

• Tempur Sealy isolated tech system to contain cyber burglary • The Register

• US govt contractor Serco discloses data breach after MoveIT attacks (bleepingcomputer.com)

Phishing & Email Based Attacks

• 1 in 100 emails is malicious - Help Net Security

• 67% of data breaches start with a single click - Help Net Security

• Russian Hackers Are Conducting Phishing Attacks via Microsoft Teams - MySmartPrice

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• Threat actors abuse Google AMP for evasive phishing attacks (bleepingcomputer.com)

• Emerging Cyber security Threat: How Google AMP Phishing Attacks Are Bypassing Email Security Measures (informationsecuritybuzz.com)

BEC – Business Email Compromise

• 1 in 100 emails is malicious - Help Net Security

Other Social Engineering; Smishing, Vishing, etc

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• AI-Enhanced Phishing Driving Ransomware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware attacks have doubled thanks to AI | TechRadar

• UK calls artificial intelligence a “chronic risk” to its national security | CSO Online

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• Another AI Pitfall: Digital Mirroring Opens New Cyber attack Vector (darkreading.com)

• Intersection of generative AI, cyber security and digital trust | TechTarget

• Hackers are using AI to create vicious malware, says FBI | Digital Trends

• The generative A.I. war between companies and hackers is starting (cnbc.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• A New Attack Impacts ChatGPT—and No One Knows How to Stop It | WIRED

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Think tank wants monitoring of China's AI-enabled products • The Register

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI | CyberScoop

• Researchers figure out how to make AI misbehave, serve up prohibited content | Ars Technica

• Organisations want stronger AI regulation amid growing concerns - Help Net Security

• AI-enhanced images a ‘threat to democratic processes’, experts warn | Artificial intelligence (AI) | The Guardian

Malware

• Hackers Abusing Windows Search Feature to Install Remote Access Trojans (thehackernews.com)

• Hackers can abuse Microsoft Office executables to download malware (bleepingcomputer.com)

• IcedID Malware Adapts and Expands Threat with Updated BackConnect Module (thehackernews.com)

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• Hackers are infecting Modern Warfare 2 players with a self-spreading malware | TechSpot

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT (thehackernews.com)

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods (thehackernews.com)

• New persistent backdoor used in attacks on Barracuda ESG appliances - Help Net Security

• Cyber criminals Renting WikiLoader to Target Italian Organisations with Banking Trojan (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Apple Users Open to Remote Control via Tricky macOS Malware (darkreading.com)

• Hackers can gain complete control over your Mac with this new dark web hacking tool | Tom's Guide (tomsguide.com)

• Threat Actors Use AWS SSM Agent as a Remote Access Trojan - Infosecurity Magazine (infosecurity-magazine.com)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Chrome malware Rilide targets enterprise users via PowerPoint guides (bleepingcomputer.com)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• OT/IoT Malware Surges Tenfold in First Half of the Year - Infosecurity Magazine (infosecurity-magazine.com)

• CISA: New Submarine malware found on hacked Barracuda ESG appliances (bleepingcomputer.com)

Mobile

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• CherryBlos Malware Uses OCR to Pluck Android Users' Cryptocurrency (darkreading.com)

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Google: Android patch gap makes n-days as dangerous as zero-days (bleepingcomputer.com)

• New smartphone vulnerability could allow hackers to track user location (techxplore.com)

• Hackers steal Signal, WhatsApp user data with fake Android chat app (bleepingcomputer.com)

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

• SpyNote Android Spyware Strikes Financial Institutions - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners (thehackernews.com)

Botnets

• Experts link AVRecon bot to malware proxy service SocksEscort - Security Affairs

Denial of Service/DoS/DDOS

• Navigating The Landscape Of Hacktivist DDoS Attacks (forbes.com)

• Israel's largest oil refinery website offline amid cyber attack claims (bleepingcomputer.com)

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• "Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches (thehackernews.com)

Internet of Things – IoT

• Canon warns of Wi-Fi security risks when discarding inkjet printers (bleepingcomputer.com)

Data Breaches/Leaks

• Cyber security breaches exposed 146 million records - ITSecurityWire

• Hack Crew Responsible for Stolen Data, NATO Investigates Claims (darkreading.com)

• Pentagon hit by ‘critical compromise’ of US air force communications – report | US military | The Guardian

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• UK MoD Error Sends Emails to Russia’s Ally Instead of US - Infosecurity Magazine (infosecurity-magazine.com)

• Been Hacked? These are Your Next Steps | Entrepreneur

• Cyber attack on B.C. health websites may have taken workers’ personal information (thestar.com)

• NI Executive Office and Patient and Client Council rapped for data breach risks | BelfastTelegraph.co.uk

• Cyber security Recovery Guide: How to Recover from a Data Breach (thelondoneconomic.com)

Organised Crime & Criminal Actors

• As Artificial Intelligence Accelerates, Cyber crime Innovates (darkreading.com)

• How Hackers Trick You With Basic Sales Techniques (makeuseof.com)

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Space Pirates Turn Cyber Sabers on Russian, Serbian Organisations (darkreading.com)

• Kaspersky crimeware report: Emotet, DarkGate and LokiBot | Securelist

• Hacktivists fund their operations using common cyber crime tactics (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Crypto Hacks in July Resulted in $165 Million in Losses (beincrypto.com)

• New Android malware uses OCR to steal credentials from images (bleepingcomputer.com)

• Millions stolen from crypto platforms through exploited ‘Vyper’ vulnerability (therecord.media)

• BlackBerry Discovers Crypto-Centric Malware Amid Stopping 1.5 Million Cyber a ttacks (ethnews.com)

• Couple admit laundering $4B of stolen Bitfinex Bitcoins • The Register

Insider Risk and Insider Threats

• How Ransomware Gangs Enlist Insiders (And How to Stop Them) (makeuseof.com)

• US military battling cyber threats from within and without • The Register

Deepfakes

• Humans Unable to Reliably Detect Deepfake Speech - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

Insurance

• Cyber Insurance and the Ransomware Challenge | Royal United Services Institute (rusi.org)

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Create a ‘win-win’ scenario for security teams and cyber insurers | SC Media (scmagazine.com)

Dark Web

• 'DarkBERT' GPT-Based Malware Trains Up on the Entire Dark Web (darkreading.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

Supply Chain and Third Parties

• Doctors sign up to legal case against Capita over GP data breach - Pulse Today

• Capita boss quits as potential fine looms for huge hack of confidential data | Capita | The Guardian

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

Software Supply Chain

• Lessons Not Learned From Software Supply Chain Attacks (darkreading.com)

Cloud/SaaS

• Attackers can turn AWS SSM agents into remote access trojans - Help Net Security

• New Microsoft Azure AD CTS feature can be abused for lateral movement (bleepingcomputer.com)

• Generative AI and cloud have created gaps in cyber security: Wipro report - BusinessToday

• In new ransomware model, cloud provider acts as front for bad actors: report | CSO Online

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• These Are the Top Five Cloud Security Risks, Qualys Says - SecurityWeek

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

• Google warns companies about keeping hackers out of cloud infrastructure | CyberScoop

Identity and Access Management

• The gap in users' identity security knowledge gives cyber criminals an opening - Help Net Security

Encryption

• Braverman fights Meta encryption plans ‘that aid paedophiles’ (thetimes.co.uk)

• SCARF cipher sets new standards in protecting sensitive data - Help Net Security

• Cult of Dead Cow hacktivists design encryption system for mobile apps - The Washington Post

Open Source

• Open-source security challenges and complexities - Help Net Security

• Linux version of Abyss Locker ransomware targets VMware ESXi servers (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Retail chain Hot Topic discloses wave of credential-stuffing attacks (bleepingcomputer.com)

Biometrics

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

Social Media

• Hackers continue to distribute malware through hacked verified pages on Facebook - Neowin

• Salesforce, Meta suffer phishing campaign that evades typical detection methods (securitybrief.co.nz)

• Beware: Tricky phishing email targeting Twitter Blue subscribers with X rebranding confusion - 9to5Mac

• Social media giants on notice over foreign cyber threat (themandarin.com.au)

• NodeStealer 2.0 takes over Facebook Business accounts - Security Affairs

• Instagram Flags AI-Generated Content (darkreading.com)

Travel

• Never share boarding passes online, cyber security experts warn travellers - NZ Herald

Regulations, Fines and Legislation

• New SEC Rules Require US Companies To Reveal Cyber Attacks Within 4 Days (informationsecuritybuzz.com)

• Strengthening Cyber security: Can The SEC’s New Rules Be Enforced? (forbes.com)

• CISA’s security-by-design initiative is at risk: Here’s a path forward | TechCrunch

• What is the Computer Fraud and Abuse Act (CFAA)? | Definition from TechTarget

• Why the California Delete Act Matters (darkreading.com)

• Organizations want stronger AI regulation amid growing concerns - Help Net Security

• Materiality Definition Seen as Tough Task in New SEC Cyber Rules | Mint (livemint.com)

• Cyber security Implementation Plan Offers a Roadmap for Cyber Priorities | Perkins Coie - JDSupra

Models, Frameworks and Standards

• OWASP Top 10 for LLM applications is out! - Security Affairs

• Security professionals unaware of NCSC Cyber Essentials framework - Lookout - IT Security Guru

• What is SOC 2 (System and Organization Controls 2)? | Definition from TechTarget

Careers, Working in Cyber and Information Security

• How the Talent Shortage Impacts Cyber security Leadership (securityintelligence.com)

• US Gov Rolls Out National Cyber Workforce, Education Strategy - SecurityWeek

• Women two-thirds more likely to fear losing CNI security jobs than men - IT Security Guru

• White House Cyber Workforce Strategy: No Quick Fix for Skills Shortage (darkreading.com)

• Cyber workforce strategy requires buy-in across sectors, experts say - Nextgov/FCW

Law Enforcement Action and Take Downs

• Bar for UK crimes prosecuted with live facial recognition could get much lower | Biometric Update

• FBI: Without Section 702, we can't ID cyber criminals • The Register

Privacy, Surveillance and Mass Monitoring

• Home Office plans new national police ‘facial-matching’ service after signing £50m deal for biometrics platform – PublicTechnology

• UK spy agencies want to relax ‘burdensome’ laws on AI data use | Data protection | The Guardian

• Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse (thehackernews.com)

• Instead of obtaining a warrant, the NSA would like to keep buying your data | Ars Technica

• Tor’s shadowy reputation will only end if we all use it | Engadget

• Delivering privacy in a world of pervasive digital surveillance: Tor Project's Executive Director speaks out - Help Net Security

• After talking to security expert, I deleted all Chrome extensions: they see everything | Cybernews

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats (thehackernews.com)

• BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities (thehackernews.com)

• Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures (thehackernews.com)

• Russian spies posed as Microsoft tech support in bid to hack governments (telegraph.co.uk)

• Elon Musk ‘stopped Ukraine military using Starlink for military operation’ | The Independent

• Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia (thehackernews.com)

• MacOS malware discovered on Russian dark web forum | Security Magazine

• Kazakhstan Rebuffs US Extradition Request for Russian Cyber security Expert - The Moscow Times

• Russian hackers crash Italian bank websites, cyber agency says | Reuters

• Ukrainian hackers viciously troll Russian navy, send malware to their phones (tvpworld.com)

China

• FBI warns of broad AI threats facing tech companies and the public | CyberScoop

• Chinese Malware Could Cut Power To US Military Bases, Businesses And Homes, Report Claims (forbes.com)

• Multiple Chinese APTs establish major beachheads inside sensitive infrastructure | Ars Technica

• US senator victim-blames Microsoft for Chinese hack • The Register

• Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor (thehackernews.com)

• US Tech Sanctions Against China Are Starting to Bite Hard | Tom's Hardware (tomshardware.com)

• Think tank wants monitoring of China's AI-enabled products • The Register

• Microsoft downplays damaging report on Chinese hacking its own engineers vetted | CyberScoop

• US military battling cyber threats from within and without • The Register

Iran

• Iranian Company Cloudzy Accused of Aiding Cyber criminals and Nation-State Hackers (thehackernews.com)

• Iran's APT34 Hits UAE With Supply Chain Attack (darkreading.com)

• Iranian Company Plays Host to Reams of Ransomware, APT Groups (darkreading.com)

North Korea

• STARK#MULE Targets Koreans with US Military-themed Document Lures (thehackernews.com)

• North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say | TechCrunch

Misc/Other/Unknown

• Researchers claim US-registered cloud host facilitated state-backed cyber attacks | TechCrunch

• Kaspersky unveils latest APT trends for Q2 | Media OutReach Newswire (media-outreach.com)

Vulnerability Management

• Relying on CVSS alone is risky for vulnerability management - Help Net Security

• Top 12 vulnerabilities list highlights troubling reality: many organizations still aren't patching | CyberScoop

• Old vulnerabilities, major vendors dominate list of most-exploited flaws of 2022 | SC Media (scmagazine.com)

• In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues - Security Affairs

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• CISA, NSA, FBI and International Partners Issue Advisory on the Top Routinely Exploited Vulnerabilities in 2022 > National Security Agency/Central Security Service > Press Release View

• What Causes a Rise or Fall in Fresh Zero-Day Exploits? (govinfosecurity.com)

• Piles of Unpatched IoT, OT Devices Attract ICS Cyber attacks (darkreading.com)

• Microsoft comes under blistering criticism for “grossly irresponsible” security | Ars Technica

Vulnerabilities

• Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins - SecurityWeek

• Over 640 Citrix servers backdoored with web shells in ongoing attacks (bleepingcomputer.com)

• New flaw in Ivanti Endpoint Manager Mobile actively exploited in the wild - Security Affairs

• Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks - SecurityWeek

• Apple iOS, Google Android Patch Zero-Days in July Security Updates | WIRED UK

• US fears attacks will continue against Ivanti MDM installs • The Register

• Cisco Talos Discusses Flaws in SOHO Routers Post-VPNFilter - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates (bleepingcomputer.com)

• Hackers exploit BleedingPipe RCE to target Minecraft servers, players (bleepingcomputer.com)

• Firefox 116: improved upload performance and security fixes - gHacks Tech News

• Oracle Critical Patch Update Advisory - July 2023

• Tenable CEO accuses Microsoft of negligence in addressing security flaw | CyberScoop

Tools and Controls

• Data Loss Prevention for Small and Medium-Sized Businesses - IT Security Guru

• Cyber Insurance Underwriting Is Still Stuck in the Dark Ages (darkreading.com)

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• 66% of Cyber security Leaders Don't Trust Their Current Cyber Risk Mitigation Strategies - ITSecurityWire

• US, Australia Issue Warning Over Access Control Vulnerabilities in Web Applications - SecurityWeek

• Data stolen from millions via missing web app access checks • The Register

• Keeping the cloud secure with a mindset shift - Help Net Security

• Strengthening security in a multi-SaaS cloud environment | TechCrunch

• 5 Essential Tips For Data Security On The Cloud (informationsecuritybuzz.com)

• AI has a place in cyber, but needs effective evaluation | Computer Weekly

• Top 5 benefits of SASE to enhance network security | TechTarget

• MDR 40-Plus: Top Managed Detection and Response (MDR) Companies: 2023 Edition - MSSP Alert

• 4 Generative AI Security Benefits (trendmicro.com)

• What is Data Security Posture Management (DSPM)? (thehackernews.com)

• Unified XDR and SIEM Alleviate Security Alert Fatigue (darkreading.com)

• What is an ISMS (Information Security Management System)? | UpGuard

• VPNs remain a risky gamble for remote access - Help Net Security

• Insider Threat Protection And Modern DLP (informationsecuritybuzz.com)

• Risk Appetite vs. Risk Tolerance: How are They Different? (techtarget.com)

Reports Published in the Last Week

• 2023 State of Ransomware | Malwarebytes

• Cyber Risk and Resiliency Report: Dueling Disaster in 2023 (informationweek.com)

Other News

• The top 6 cyber security incidents in July 2023 (cshub.com)

• UK legal sector at risk, National Cyber Security Centre warns | Today's Conveyancer (todaysconveyancer.co.uk)

• UK Military Embraces Security by Design - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber criminals targeting medical info warns FBI | KSNV (news3lv.com)

• How local governments can combat cyber crime - Help Net Security

• Governments and public services facing 40% more cyber attacks (securitybrief.co.nz)

• Utilities Face Security Challenges as They Embrace Data in New Ways (darkreading.com)

• Cyber Attacks Targeting Government Agencies Increase 40% - Infosecurity Magazine (infosecurity-magazine.com)

• BPP targeted in cyber attack - Legal Cheek

• Microsoft Flags Growing Cyber security Concerns for Major Sporting Events (thehackernews.com)

• Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack - SecurityWeek

• New Study Reveals Forged Certificate Attack Risks - Infosecurity Magazine (infosecurity-magazine.com)

• 80 percent of digital certificates vulnerable to man-in-the-middle attacks (betanews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Half of UK Businesses Struggle to Fill Cyber Security Skills Gap

Half of UK businesses have a cyber security skills gap that they are struggling to fill amid a challenging labour market, according to data published by the UK Department for Science, Innovation and Technology (DSIT), which found that there were more than 160,000 cyber security job postings in the last year – a 30% increase on the previous period. In all, the UK requires an additional 11,200 people with suitable cyber skills to meet the demands of the market, the report estimates.

In a separate report, it was found that a lack of executive understanding and an ever-widening talent gap is placing an unsustainable burden on security teams to prevent business-ending breaches. When asked how long it takes to fill a cyber security role, 82% of organisations report it takes three months or longer, with 34% reporting it takes seven months or more. These challenges have led one-third (33%) of organisations to believe they will never have a fully-staffed security team with the proper skills.

With such a gap, some organisations have turned to outsourcing cyber security roles, such as chief information security officers (CISOs), leading to a rise in virtual CISOs (vCISO). With outsourcing, organisations can ensure that they are easily able to pick up and use cyber security experts, greatly reducing the delay were they to hire. Black Arrow supports clients as their vCISO with specialist experience in cyber security risk management in a business context.

https://www.uktech.news/cybersecurity/uk-cybersecurity-skills-gap-20230725

https://www.helpnetsecurity.com/2023/07/26/security-teams-executive-burden/

• Deloitte Joins Fellow Big Four MOVEit victims PWC, EY as Victims Exceed 500

The global auditing and accounting firm Deloitte appeared alongside a further 55 MOVEit victims that were recently named by the Cl0p ransomware gang, making them the third Big Four accounting firm to be affected and amongst over 500 organisations in total with that number expected to continue to increase.

Research by Kroll has also uncovered a new exfiltration method used by Cl0p in their the MOVEit attacks, highlighting constant efforts by the ransomware gang. Worryingly, it has been reported that Cl0p have made between $75-100 million from ransom payments and it is expected this, along with the victim count, will rise.

https://cybernews.com/security/deloitte-big-four-moveit-pwc-ey-clop/

https://www.kroll.com/en/insights/publications/cyber/moveit-vulnerability-investigations-uncover-additional-exfiltration-method

https://www.infosecurity-magazine.com/news/clop-could-make-100m-moveit/

• Why Cyber Security Should Be Part of Your ESG Strategy

Organisations need to consider cyber security risks in their overall environmental, social and governance (ESG) strategy amid growing cyber threats and regulatory scrutiny. The ESG programme is, in many ways, a form of risk management to mitigate the risks to businesses, societies and the environment, all of which can be impacted by cyber security. The investment community has been singling out cyber security as one of the major risks that ESG programmes will need to address due to the potential financial losses, reputational damage and business continuity risks posed by a growing number of cyber attacks and data breaches.

Various ESG reporting frameworks have emerged in recent years to provide organisations with guidelines on how they can operate ethically and sustainably, along with metrics that they can use to measure their progress. There are also specific IT security standards and frameworks, including ISO 27001 and government guidelines. Some regulators have gone as far as mandating the adoption of baseline security standards by critical infrastructure operators and firms in industries like financial services, but that does not mean organisations outside of regulated sectors are less pressured to shore up their cyber security posture.

https://www.computerweekly.com/news/366545432/Why-cyber-security-should-be-part-of-your-ESG-strategy

• Lawyers Take Frontline Role in Business Response to Cyber Attacks

Cyber security risk has shot to the top of general counsels’ agendas as the sophistication and frequency of attacks has grown. According to security company Sophos’s State of Ransomware 2023 report, 44% of UK businesses surveyed said they had been hit with ransomware in the past year. Of those affected, 33% said their data was encrypted and stolen and a further 6% said that their data was not encrypted but they experienced extortion.

In-house lawyers have a key role around the boardroom table when dealing with a breach including war-gaming and discussing cases in which a company will pay a ransom. The advent of General Data Protection Regulation (GDPR) legislation in Europe, and equivalents elsewhere, demands that businesses hit by a data breach notify a regulator, and the individuals whose data was stolen, or both, depending on certain factors. This has led to far greater exposure of cyber incidents which companies previously could have tried to deal with privately.

https://www.ft.com/content/2af44ae8-78fc-4393-88c3-0d784a850331

• Organisations Face Record $4.5M Per Data Breach Incident

In a recent report conducted by IBM, the average cost per data breach for US business in 2023 jumped to $4.45 million, a 15% increase over three years. In the UK, the average cost was found to be £3.4 million, rising to £5.3 million for financial services. It is likely that the cost per breach will maintain a continual rise, with organisations struggling to crack down on cyber crime, something threat groups like Cl0p are taking advantage of.

https://www.darkreading.com/attacks-breaches/orgs-record-4.5m-data-breach-incident

https://uk.newsroom.ibm.com/24-07-2023-IBM-Security-Report-Cost-of-a-Data-Breach-for-UK-Businesses-Averages-3-4m

• Cryptojacking Soars as Cyber Attacks Diversify

According to a recent report, a variety of attacks have increased globally, including cryptojacking (399%), IoT malware (37%) and encrypted threats (22%). This reflects the increase in actors who are changing their methods of attacks. The report found that we can expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.

Cryptojacking, sometimes referred to as malicious cryptomining, is where an attacker will use a victim’s device to mine cryptocurrency, giving the attacker free money at the expense of your device, network health and electricity.

https://www.helpnetsecurity.com/2023/07/27/cryptojacking-attacks-rise/

• Ransomware Attacks Skyrocket in 2023

Ransomware attacks surged by 74% in Q2 2023 compared to the first three months of the year, a new report has found. The significant increase in ransomware over April, May and June 2023 suggests that attackers are regrouping. In July 2023, the blockchain analysis firm Chainalysis found that in the first half of 2023, ransomware attackers extorted $176m more than the same period in 2022, reversing a brief downward trend in 2022.

The report also observed an uptick in “pure extortion attacks,” with cyber criminals increasingly relying on the threat of data leaks rather than encrypting data to extort victims. Such schemes may not trigger any ransomware detection capability but could potentially be picked up by a robust Data Loss Prevention (DLP) solution.

https://www.infosecurity-magazine.com/news/ransomware-attacks-skyrocket-q2/

• Blocking Access to ChatGPT is a Short-Term Solution to Mitigate AI Risk

Despite the mass adoption of generative AI, most companies don’t know how to assess its security, exposing them to risks and disadvantages if they don’t change their approach. A report found that for every 10,000 enterprise users, an enterprise organisation is experiencing approximately 183 incidents of sensitive data being posted to ChatGPT per month. Worryingly, despite the security issues, only 45% have an enterprise-wide strategy to ensure a secure, aligned deployment of AI across the entire organisation.

Blocking access to AI related content and AI applications is a short term solution to mitigate risk, but comes at the expense of the potential benefits that AI apps offer to supplement corporate innovation and employee productivity. The data shows that in financial services and healthcare nearly 1 in 5 organisations have implemented a blanket ban on employee use of ChatGPT, while in the technology sector, only 1 in 20 organisations have done likewise.

https://www.helpnetsecurity.com/2023/07/28/chatgpt-exposure/

https://www.techradar.com/pro/lots-of-sensitive-data-is-still-being-posted-to-chatgpt

https://www.helpnetsecurity.com/2023/07/25/generative-ai-strategy/

• Protect Your Data Like Your Reputation Depends on It (Because it Does)

Data breaches can be incredibly costly. Be it lawsuits, regulatory fines, or a fall in stock price, the financial consequences of a breach can bring even the largest organisation to its knees. However, in the face of economic damage, it’s too easy to overlook the vast reputational impacts that often do more harm to a business. After all, it’s relatively easy to recoup monetary losses, less so to regain customer trust.

It’s important to remember that reputational damage isn’t limited to consumer perceptions. Stakeholder, shareholder, and potential buyer perception is also something that needs to be considered. By having effective defence in depth controls including robust data loss prevention (DLP) solutions in place, organisations can reduce the risk of a breach from happening.

https://informationsecuritybuzz.com/protect-your-data-like-your-reputation-depends-on-it-because-it-does/

• Why CISOs Should Get Involved with Cyber Insurance Negotiation

Generally negotiating cyber insurance policies falls to the general counsel, chief financial officer, or chief operations officer. Having the chief information security officer (CISO) at the table when negotiating with insurance brokers or carriers is a best practice for ensuring the insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organisation's strategy. That said, often best practices are ignored for reasons of expediency and lack of acceptance by other C-suite executives.

Sometimes being the CISO can be a no-win position. According to a recent survey more than half of all CISOs report to a technical corporate officer rather than the business side of the organisation. This lack of recognition by the board can diminish the CISO's ability to deliver business-imperative insights and recommendations, leaving operations to have a more commanding influence on the board than cyber security. Too often the CISO gets the responsibility to protect the company without the authority and budget to accomplish their task.

https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation

• Companies Must Have Corporate Cyber Security Experts, SEC Says

A recent report has found that only five Fortune 100 companies currently list a security professional in the executive leadership pages of their websites. This is largely unchanged from five of the Fortune 100 in 2018. One likely reason why a great many companies still don’t include their security leaders within their highest echelons is that these employees do not report directly to the company’s CEO, board of directors, or chief risk officer.

The chief security officer (CSO) or chief information security officer (CISO) position traditionally has reported to an executive in a technical role, such as the chief technology officer (CTO) or chief information officer (CIO). But workforce experts say placing the CISO/CSO on unequal footing with the organisation’s top leaders makes it more likely that cyber security and risk concerns will take a backseat to initiatives designed to increase productivity and generally grow the business.

The US Securities and Exchange Commission (SEC) has recently implemented new regulations necessitating publicly traded companies to report cyber attacks within four business days, once they're deemed material incidents. While the SEC is not presently advocating for the need to validate a board cyber security expert's credentials, it continues to insist that cyber security expertise within management be duly reported to them. The increased disclosure should help companies compare practices and may spur improvements in cyber defences, but meeting the new disclosure standards could be a bigger challenge for smaller companies with limited resources.

https://www.darkreading.com/edge-articles/companies-must-have-corporate-cybersecurity-experts-sec-says

https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

https://krebsonsecurity.com/2023/07/few-fortune-100-firms-list-security-pros-in-their-executive-ranks/

• Over 400,000 Corporate Credentials Stolen by Info-stealing Malware

Information stealers are malware that steal data stored in applications such as web browsers, email clients, instant messengers, cryptocurrency wallets, file transfer protocol (FTP) clients, and gaming services. The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cyber crime marketplaces. Worryingly, employees use personal devices for work or access personal stuff from work computers, and this may result in many info-stealer infections stealing business credentials and authentication cookies. A report has found there are over 400,000 corporate credentials stolen, from applications such as Salesforce, Google Cloud and AWS. Additionally, there was a significant increase in the number containing OpenAI credentials; this is alarming as where AI is used without governance, the credentials may leak things such as internal business strategies and source code.

With such an array of valuable information for an attacker, it is no wonder incidents involving info stealers doubled in Q1 2023. Organisations can best protect themselves by utilising password managers, enforcing multi-factor authentication and having strict usage controls. Additionally, user awareness training can help avoid common infection channels such as malicious websites and adverts.

https://www.bleepingcomputer.com/news/security/over-400-000-corporate-credentials-stolen-by-info-stealing-malware/

https://www.scmagazine.com/news/infostealer-incidents-more-than-doubled-in-q1-2023

Governance, Risk and Compliance

• Data Breaches Cost Businesses $4.5M on Average (darkreading.com)

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• Why Today's CISOs Must Embrace Change (darkreading.com)

• Enterprises should layer-up security to avoid legal repercussions - Help Net Security

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Explaining risk maturity models and how they work | TechTarget

• Why cyber security should be part of your ESG strategy | Computer Weekly

• The old “trust but verify” adage should be the motto for every CISO | CSO Online

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• Few Fortune 100 Firms List Security Pros in Their Executive Ranks – Krebs on Security

• The critical cyber security backup plan too many companies are ignoring (cnbc.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

• Why Computer Security Advice Is More Confusing Than It Should Be (darkreading.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• 4 Cyber security Budget Management Tips (trendmicro.com)

Threats

Ransomware, Extortion and Destructive Attacks

• Clop now leaks data stolen in MOVEit attacks on clearweb sites (bleepingcomputer.com)

• MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method (kroll.com)

• Clop Could Make $100m from MOVEit Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Millions of people's healthcare files accessed by Clop gang • The Register

• Ransomware Attacks Skyrocket in Q2 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Local Governments Targeted for Ransomware – How to Prevent Falling Victim (thehackernews.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• Dozens of Organisations Targeted by Akira Ransomware - SecurityWeek

• Ransomware Spotlight: Play - Security News (trendmicro.com)

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

• Risk & Repeat: Are data extortion attacks ransomware? | TechTarget

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

• Education Sector Has Highest Ransomware Victim Count - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware: Sophos says most universities pay | Times Higher Education (THE)

Ransomware Victims

• PwC has data leaked on the clear web - Cyber Security Connect

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Millions of people's healthcare files accessed by Clop gang • The Register

• Tampa General Hospital Says Patient Information Stolen in Ransomware Attack - SecurityWeek

• Another Cl0p victim goes public | Cybernews

• Yamaha confirms cyber attack after multiple ransomware gangs claim attacks (therecord.media)

Phishing & Email Based Attacks

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Critical Infrastructure Workers More Likely to Detect and Report Phishing and Malicious Emails, Study Finds - MSSP Alert

BEC – Business Email Compromise

• Repeatable VEC Attacks Target Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

Artificial Intelligence

• The Dark Side of AI (darkreading.com)

• Blocking access to ChatGPT is a short term solution to mitigate risk - Help Net Security

• UN Security Council to hold first talks on AI risks | Reuters

• Companies are rushing into generative AI without a cohesive, secure strategy - Help Net Security

• ChatGPT, Other Generative AI Apps Prone to Compromise, Manipulation (darkreading.com)

• Lots of sensitive data is still being posted to ChatGPT | TechRadar

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• The Good, the Bad and the Ugly of Generative AI - SecurityWeek

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• Intel's deepfake detector tested on real and fake videos - BBC News

• Are AI-Engineered Threats FUD or Reality? (darkreading.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Malware

• Over 400,000 corporate credentials stolen by info-stealing malware (bleepingcomputer.com)

• Infostealer incidents more than doubled in Q1 2023 | SC Media (scmagazine.com)

• The Alarming Rise of Infostealers: How to Detect this Silent Threat (thehackernews.com)

• Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets (thehackernews.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• FIN8 is rewriting its backdoor malware to avoid detection | SC Media (scmagazine.com)

• New Nitrogen malware pushed via Google Ads for ransomware attacks (bleepingcomputer.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software (thehackernews.com)

• Who and What is Behind the Malware Proxy Service SocksEscort? – Krebs on Security

Mobile

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• Spyhide stalkerware is spying on tens of thousands of phones | TechCrunch

• 5 steps to approach BYOD compliance policies | TechTarget

Botnets

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

Denial of Service/DoS/DDOS

• Critical UK Infrastructures in the crosshairs of DDoS attacks (link11.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

BYOD

• 5 steps to approach BYOD compliance policies | TechTarget

Internet of Things – IoT

• Peloton Bugs Expose Enterprise Networks to IoT Attacks (darkreading.com)

• Microsoft previews  Defender for IoT firmware analysis service (bleepingcomputer.com)

• Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats - SecurityWeek

Data Breaches/Leaks

• Deciphering The IBM Cost Of A Data Breach Report: A Statistical Perspective For Business Leaders (informationsecuritybuzz.com)

• Capita breach class action nears 1,000 sign-ups • The Register

• VirusTotal: We're sorry for mistake that exposed 5,000 users • The Register

• Deloitte joins fellow Big Four MOVEit victims PWC, EY | Cybernews

• NATO investigating apparent breach of unclassified information sharing platform | CyberScoop

• Tampa General Hospital Data Breach Impacts 1.2 Million Patients - Infosecurity Magazine (infosecurity-magazine.com)

• Australian Home Affairs cyber survey exposed personal data of participating firms | Data and computer security | The Guardian

• Data Breach Costs Hit Record High but Fall For Some - Infosecurity Magazine (infosecurity-magazine.com)

• Hacker Claims to Have Stolen Sensitive Medical Records from Egypt's Ministry of Health - Infosecurity Magazine (infosecurity-magazine.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• Nice Suzuki, sport: shame dealer left your data up for grabs - Security Affairs

• Johns Hopkins hit with class action lawsuit connected to data breach - CBS Baltimore (cbsnews.com)

Organised Crime & Criminal Actors

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Cryptojacking soars as cyber attacks increase, diversify - Help Net Security

• Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining (thehackernews.com)

• Cryptojacking: Understanding and defending against cloud compute resource abuse | Microsoft Security Blog

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• New Realst macOS malware steals your cryptocurrency wallets (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Dark Web Markets Offer New FraudGPT AI Tool - Infosecurity Magazine (infosecurity-magazine.com)

• Consumers demand more from businesses when it comes to security - Help Net Security

• CISOs gear up to combat the rising threat of B2B fraud - Help Net Security

• Booz Allen Pays $377m to Settle Government Fraud Case - Infosecurity Magazine (infosecurity-magazine.com)

• MPs launch inquiry into prosecution of Norton Motorcycles pension fraud | Crime | The Guardian

Insurance

• Why CISOs Should Get Involved With Cyber Insurance Negotiation (darkreading.com)

• Brave New World of Cyber Insurance Meets Old-World Contract Principles | New Jersey Law Journal

Dark Web

• BreachForums database and private chats for sale in hacker data breach (bleepingcomputer.com)

• How is the Dark Web Reacting to the AI Revolution? (bleepingcomputer.com)

Supply Chain and Third Parties

• Capita breach class action nears 1,000 sign-ups • The Register

• DHL investigating MOVEit breach as number of victims surpasses 20 million (therecord.media)

• The tail of the MOVEit hack may be longer than we realize | SC Media (scmagazine.com)

• Up to 11 Million People Hit by MOVEit Hack at Government Services Firm Maximus - SecurityWeek

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• Strengthening the weakest links in the digital supply chain - Help Net Security

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Supply Chain Attack Hits NHS Ambulance Trusts - Infosecurity Magazine (infosecurity-magazine.com)

Software Supply Chain

• Two ambulance services in UK lost access to patient records after a cyber attack on software provider - Security Affairs

Cloud/SaaS

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Shadow IT

• NCSC Publishes New Guidance on Shadow IT - Infosecurity Magazine (infosecurity-magazine.com)

Encryption

• The UK Government Is Very Close To Eroding Encryption Worldwide  | Electronic Frontier Foundation (eff.org)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• Hacking police radios: 30-year-old crypto flaws in the spotlight – Naked Security (sophos.com)

• Researchers Find ‘Backdoor’ in Encrypted Police and Military Radios (vice.com)

API

• Reining in API sprawl | TechCrunch

• ALPHV ransomware adds data leak API in new extortion strategy (bleepingcomputer.com)

Open Source

• New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection (thehackernews.com)

• Rust-based malware used to hack both Windows and Linux servers - Neowin

• Banking Sector Targeted in Open-Source Software Supply Chain Attacks (thehackernews.com)

• New P2PInfect worm malware targets Linux and Windows Redis servers (bleepingcomputer.com)

• Ubuntu Linux Cloud Workloads Face Rampant Root Take Takeovers (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA: Most cyber attacks on gov’ts, critical infrastructure involve valid credentials (therecord.media)

Social Media

• How to avoid LinkedIn phishing attacks in the enterprise | TechTarget

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Training, Education and Awareness

• Why are computer security guidelines so confusing? - Help Net Security

Travel

• The New Summer Vacation Necessity: Cyber Hygiene (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Stanford researchers find Mastodon has a massive child abuse material problem - The Verge

Regulations, Fines and Legislation

• SEC now requires companies to disclose cyber attacks in 4 days (bleepingcomputer.com)

• Companies Must Have Corporate Cyber security Experts, SEC Says (darkreading.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Apple could opt to stop iMessage and FaceTime services due to the government's surveillance demands - Security Affairs

• OpenAI, Meta and other tech firms sign onto White House AI commitments | FedScoop

• EU Agrees On Common Position For Cyber Resilience Act To Enhance Security Of Digital Products (informationsecuritybuzz.com)

Data Protection

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Protect Your Data Like Your Reputation Depends On It (Because It Does) (informationsecuritybuzz.com)

Careers, Working in Cyber and Information Security

• Companies encounter months-long delays in filling critical security positions - Help Net Security

• UK Government Report Finds Cyber security Skills Gap Stagnant - Infosecurity Magazine (infosecurity-magazine.com)

• Bridging the cyber security skills gap through cyber range training - Help Net Security

• Overcoming the cyber security talent shortage with upskilling initiatives - Help Net Security

Law Enforcement Action and Take Downs

• The FBI's Cynthia Kaiser on how the bureau fights ransomware | CyberScoop

Privacy, Surveillance and Mass Monitoring

• More US States are ramping up data privacy laws in 2023 (bleepingcomputer.com)

• Amazon agrees to $25 million fine for Alexa children privacy violations (bleepingcomputer.com)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Ryanair Hit With Lawsuit Over Use of Facial Recognition Technology (darkreading.com)

Misinformation, Disinformation and Propaganda

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Anonymous Sudan DDoS strikes dominate attacks by KillNet collective | SC Media (scmagazine.com)

• Russian court jails cyber security executive for 14 years in treason case | Reuters

• Russia ‘using disinformation’ to imply Sweden supported Qur’an burnings | Sweden | The Guardian

• 69% of Russian gamers are pirating after Ukraine invasion pushback | Ars Technica

China

• Top FBI officials warn of 'unparalleled' threat from China and AI | CyberScoop

• China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED

• Stolen Microsoft key may have opened up more than inboxes • The Register

• Chinese Hackers Breached Ambassador’s Email - Infosecurity Magazine (infosecurity-magazine.com)

• The Chinese groups accused of hacking the US and others | Reuters

• Industrial Organisations in Eastern Europe Targeted by Chinese Cyber spies - SecurityWeek

• Chinese-backed Hacking Group Launches Two Bugs Targeting Android Devices - MSSP Alert

• China Propaganda Spreads via US News Sites, Freelancers, Times Square (darkreading.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• US Senator Wyden Accuses Microsoft of ‘Cyber security Negligence’ - SecurityWeek

• China’s Wuhan Earthquake Center Suffers Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

North Korea

• North Korean Cyber spies Target GitHub Developers (darkreading.com)

• JumpCloud hack linked to North Korea after OPSEC mistake (bleepingcomputer.com)

• GitHub warns of Lazarus hackers targeting devs with malicious projects (bleepingcomputer.com)

• Lazarus hackers hijack Microsoft IIS servers to spread malware (bleepingcomputer.com)

• Lazarus hackers linked to $60 million Alphapo cryptocurrency heist (bleepingcomputer.com)

• APT “Mysterious Elephant” Emerges in Q2 2023, Kaspersky Reports - Infosecurity Magazine (infosecurity-magazine.com)

Misc/Other/Unknown

• Advanced Persistent Threats (APTs): Detection and Mitigation (blueteamresources.in)

• Part 1: Historic To 2022 – The APT And Logical Threats (informationsecuritybuzz.com)

Vulnerability Management

• Google: 41 zero-day vulnerabilities exploited in 2022 | TechTarget

• CVSS 4.0 Is Here, But Prioritizing Patches Still a Hard Problem (darkreading.com)

• Want to live dangerously? Try running Windows XP in 2023 • The Register

• A step-by-step guide for patching software vulnerabilities - Help Net Security

Vulnerabilities

• Over 20,000 Citrix Appliances Vulnerable to New Exploit - SecurityWeek

• A flaw in OpenSSH forwarded ssh-agent allows remote code execution-Security Affairs

• Apple fixes new zero-day used in attacks against iPhones, Macs (bleepingcomputer.com)

• Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 - Security Affairs

• NetScaler RCE bug abused to pilfer critical infrastructure Active Directory data | SC Media (scmagazine.com)

• Ivanti patches MobileIron zero-day bug exploited in attacks (bleepingcomputer.com)

• Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1 | Ars Technica

• Apache OpenMeetings Wide Open to Account Takeover, Code Execution (darkreading.com)

• Super Admin elevation bug puts 900,000 MikroTik devices at risk (bleepingcomputer.com)

• Norwegian government IT systems hacked using zero-day flaw (bleepingcomputer.com)

• VMware fixes bug exposing CF API admin credentials in audit logs (bleepingcomputer.com)

• Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required (thehackernews.com)

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

• Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks (thehackernews.com)

• Atlassian RCE Bugs Plague Confluence, Bamboo (darkreading.com)

• Zenbleed attack leaks sensitive data from AMD Zen2 processors (bleepingcomputer.com)

• Microsoft shares fix for some Outlook hyperlinks not opening (bleepingcomputer.com)

• Critical Flaws Found in Microsoft Message Queuing Service - Infosecurity Magazine (infosecurity-magazine.com)

• China-backed hackers suspected in NetScaler RCE attacks | SC Media (scmagazine.com)

• Study reveals silent Python package security fixes • The Register

• Windows 10 KB5028244 update released with 19 fixes, improved security (bleepingcomputer.com)

• VMware Patches Vulnerability Exposing Admin Credentials - Infosecurity Magazine (infosecurity-magazine.com)

• Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation - SecurityWeek

• Multiple DDoS Botnets Exploiting Recent Zyxel Vulnerability - SecurityWeek

• Zimbra patches zero-day vulnerability exploited in XSS attacks (bleepingcomputer.com)

• WordPress Ninja Forms plugin flaw lets hackers steal submitted data (bleepingcomputer.com)

• Two flaws in Linux Ubuntu affect 40% of Ubuntu users - Security Affairs

Tools and Controls

• Aligning Risk Appetite, Tolerance, And Thresholds With Business Planning: A Comprehensive Guide To Enterprise Risk Management (informationsecuritybuzz.com)

• Why cyber security should be part of your ESG strategy | Computer Weekly

• Lawyers take frontline role in business response to cyber attacks | Financial Times (ft.com)

• Explaining risk maturity models and how they work | TechTarget

• Microsoft enhances Windows 11 Phishing Protection with new features (bleepingcomputer.com)

• Shadow Coding Is An Intoxicating Shortcut—And A Security Landmine (forbes.com)

• Zero trust rated as highly effective by businesses worldwide - Help Net Security

• 50% of Zero Trust Programs Risk Failure According to PlainID Survey (darkreading.com)

• Google Chrome to offer 'Link Previews' when hovering over links (bleepingcomputer.com)

• Why are computer security guidelines so confusing? - Help Net Security

• Threat Intelligence Is Growing — Here's How SOCs Can Keep Up (darkreading.com)

• The challenge of managing unlimited threats in a limited budget: cyber security experts comment | CSO Online

• Shaping the future of digital identity - Help Net Security

• How to Put the Sec in DevSecOps (darkreading.com)

• Designing a Security Strategy for Defending Multicloud Architectures (darkreading.com)

• How Microsoft Defender Experts for XDR helps triage, investigate, and respond to cyberthreats | Microsoft Security Blog

• Converging networking and security with SASE - Help Net Security

• 5 steps to approach BYOD compliance policies | TechTarget

• KnowBe4 Phishing Test Results Reveal Half of Top Malicious Email Subjects Are HR Related (darkreading.com)

• Windows 11 just got a big upgrade to protect you from phishing attacks — here’s how it works | Tom's Guide (tomsguide.com)

• Artificial Intelligence Continues To Revolutionize Cyber security (forbes.com)

• Key factors for effective security automation - Help Net Security

• Microsoft previews Defender for IoT firmware analysis service (bleepingcomputer.com)

• The 4 Keys to Building Cloud Security Programs That Can Actually Shift Left (thehackernews.com)

• CISOs consider zero trust a hot security ticket - Help Net Security

• How a Cyber Security Platform Addresses the 3 “S” (trendmicro.com)

• 4 Cyber security Budget Management Tips (trendmicro.com)

Reports Published in the Last Week

• The Email Threat Landscape, Q1 2023: Key Takeaways (informationsecuritybuzz.com)

• Cost of a data breach 2023 | IBM

• Internet Organised Crime Threat Assessment (IOCTA) | Europol (europa.eu)

• Q1 Report: Email Threat Trends Discover Q1 trends and stay ahead of email based threats. - VIPRE

Other News

• Maritime Cyber attack Database Launched by Dutch University - SecurityWeek

• Google’s new security pilot program will ban employee Internet access | Ars Technica

• Inspiring secure coding: Strategies to encourage developers' continuous improvement - Help Net Security

• macOS Under Attack: Examining the Growing Threat and User Perspectives (thehackernews.com)

• Why whistleblowers in cyber security are important and need support | CSO Online

• Cyber crime as a Public Health Crisis (darkreading.com)

• 7 in 10 MSPs Name Data Security and Network Security As Their Top IT Priorities for 2023 (darkreading.com)

• TETRA Radio Code Encryption Has a Flaw: A Backdoor | WIRED

• World's most internetty firm tries life off the net • The Register

• Exam board cyber attack investigation: Teenager arrested (schoolsweek.co.uk)

• Companies Need to Prove They Can Be Trusted with Technology (hbr.org)

• Heart monitor manufacturer hit by cyber attack, takes systems offline (bitdefender.com)

• How do companies protect customer data? | TechTarget

• Cyber security Agencies Warn Against IDOR Bugs Exploited for Data Breaches (thehackernews.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.