Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

China Suspected of Hacking UK Ministry of Defence, Through Its Payroll Provider

UK Defence Secretary Grant Shapps has confirmed that over 270,000 personal details have been leaked after the MoD was hacked through its third-party payroll provider, SSCL. The affected systems have been pulled offline since the attack. SSCL’s website describes that it manages HR for the armed forces, the Metropolitan Police and other areas of British government. The commercial supply chain, and in particular HR and payroll providers, is increasing being used as the soft underbelly to attack larger and better protected organisations.

Sources: [LBC] [The Register] [Sky News]

Security Tools Fail to Translate Risks for Executives

Organisations are struggling with internal communication barriers, hindering their ability to address and mitigate cyber security threats, according to a report which found that seven out of 10 C-suite executives said their security teams talk in technical terms without providing business context. However, in contrast, 75% of CISO’s highlight the issue is rooted in security tools that cannot generate the insights C-level executives and boards can use to understand business implications. The role of a good CISO should be to take the output of these tools and turn that data into metrics the Boards can understand.

The issues highlight the necessity for organisations to have someone in their organisation, whether an employee or a third-party, who is able to ingest technical results and translate them into a style that the C-suite can understand for business risk management.

Source: [Help Net Security]

Gang Accused of MGM Hack Shifts Attacks to Finance Sector

The hacking group responsible for the infamous hack on MGM and Caesar’s Palace resorts is engaged in a new campaign targeting the financial sector. The group known as Scattered Spider has targeted 29 companies since 20 April this year, compromising at least 2 insurance companies so far. The research has stated that the attackers are purchasing lookalike domains that match the name of target companies, hosting fake log-in pages. Links to these are sent to employees, in an attempt to direct them there. The most recent attack took place just days ago, with more expected.

Sources: [Bloomberg Law] [Claims Journal]

Are SMEs Paving the Way for Cyber Attacks on Larger Companies?

A recent study highlights the escalating cyber threats facing businesses, particularly SMEs and supply chains. The study found that 32% of UK businesses, including 69% of large and 59% of mid-sized organisations, suffered a cyber attack last year. The situation is worse for SMEs, with weaker security systems and 77% lacking in-house cyber security. SMEs can become entry points for hackers targeting larger partners through interconnected supply chains. Meanwhile, Verizon’s latest data breaches report revealed a 68% increase in supply chain breaches, accounting for 15% of all breaches in 2023, up from 9% in 2022. These breaches are primarily driven by third-party software vulnerabilities exploited in ransomware and extortion attacks. Experts emphasise proactive cyber policies, vulnerability scans, and employee education for SMEs to bolster defences. They also urge organisations to consider third-party bugs as both vulnerability and vendor management problems, make better vendor choices, and use external signals like SEC disclosures in the United States to guide decisions. These measures can help prevent SMEs from becoming gateways for larger attacks and manage the rising threat of supply chain breaches.

Sources: [Insurance Times] [Dark Reading]

Misconfigurations Drive 80% of Security Exposure, Report Finds

A recent report has found that 80% of security exposures are caused by identity and credential misconfigurations, with a third of these putting critical assets at risk of a breach. According to the report, the majority of this is within an organisation’s network user management (Active Directory) and 56% of breaches that impact critical assets are within cloud platforms. There is often the misconception that cloud-based environments are secure by default, but misconfigurations can undo any security benefits and still leave you exposed. Just because someone else built and maintains your house, it is still your responsibility to lock the doors and windows.

Sources: [Security Magazine]

Only 45% of Organisations Employ MFA Protections

A recent report of IT decision-makers has found that 97% are facing challenges with identity verification and 52% are very concerned about credential compromise, followed by account takeover (50%). When it comes to reinforcing identity verification, only 45% used multi-factor authentication (MFA). By using MFA, organisations are forcing two identification verifications: simply knowing a username and password is not enough, especially given the speeds with which attackers can crack passwords, with average 8 character passwords able to be cracked in less than a minute. Whilst no control is 100% impenetrable, enabling MFA will aid in increasing your organisation's cyber resilience.

Source: [Help Net Security]

You Cannot Protect What You Do Not Know You Have, as Criminals are Exploiting Vulnerabilities Faster Than Ever

For many organisations, visibility of their information assets can be incredibly hard to obtain and maintain, with different tools, under-reporting and shadow IT contributing to the problem. Unfortunately, cyber criminals are getting faster at exploiting vulnerabilities, and if you do not know you have the vulnerability in your estate then you cannot patch against it. In their recent report, Fortinet found that attacks started on average 4.76 days after new exploits were publicly disclosed.

Interestingly though, while zero-day threats garner much attention (these are ‘new’ vulnerabilities that are being exploited by attackers but for which there are no security patches yet available), one third of all exploits are for older vulnerabilities. This highlights the need for a comprehensive and robust approach to network security and vulnerability management, beyond simply patching what Microsoft puts out once a month. To have effective patch management, organisations must know what they need to patch and therefore must have visibility of the corporate environment. A good starting block is the creation of a robust information asset register.

Sources: [Security Brief] [Help Net Security] [IT Security Guru]

The Rise and Stealth of The Socially Engineered Insider

Social engineering has become increasingly prevalent as the preferred tactic for foreign adversaries. Insiders are prime targets due to their privileged access to sensitive data. This is particularly affecting the technology, pharma, and critical infrastructure sectors. Advances in AI and social platforms have made it easier to exploit these vulnerabilities. These advances allow threat actors to tailor attacks with unprecedented speed and realism. Using methods like coercion or deception, these actors exploit employees to gain high-value data that can be weaponised. As a result, the threat landscape has become more complex, blurring the lines between internal and external risks. To bolster their defences, organisations are now investing in insider risk management and AI. They are also emphasising employee education and cross-sector collaboration.

Source: [Forbes]

Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training

An ISACA study and the AI Security & Governance Report reveal a complex landscape of AI adoption and security. 73% of European organisations and 54% of global organisations use AI, with 79% increasing their AI budgets, however training and policy development lag behind. Only 30% offer limited training, 40% provide none, and a mere 17% have a comprehensive AI policy. Despite AI’s potential, 80% of data experts find it complicates security, with concerns high around generative AI exploitation (61% of respondents) and AI-powered attacks (over 50% of business leaders). Data poisoning and privacy issues persist, yet 85% of leaders express confidence in their data security strategies, with 83% revising privacy and governance guidelines. With 86% recognising a need for AI training within two years, the call for dynamic governance strategies and formal education is clear to manage evolving threats.

Sources: [Help Net Security] [IT Security Guru]

Don't Be the Weakest Link – You and Your Team's Crucial Role in Cyber Security

Cyber security success depends on more than just technology. Bad actors are always looking for the easiest entry point, meaning that employees’ everyday actions are crucial, when even one careless click or a weak password can be an open door for hackers. However, empowered with the right knowledge and tools, staff can become a robust defence. Nearly 80% of organisations have reported an increase in phishing attacks, but training programs like role-playing exercises and phishing simulations significantly reduce these risks. Effective cyber security also hinges on C-suite leaders promoting a security-first culture, ensuring all employees understand the risks and follow strict protocols like MFA and strong password policies. Consistent training and open communication are vital in fostering a resilient, security-aware workforce.

Source: [JDSupra]

Ransomware Activity Thrives, Despite Law enforcement Efforts

Despite the recent law enforcement takedowns on ransomware groups, ransomware remains rife. Whilst the takedown of a group can come as an initial relief in that the group has gone, it simply forces ransomware affiliates to diversify. This is reflected in ransomware continuing its growth in the first quarter of 2024, with 18 new leak sites, the largest number in a single quarter, emerging over this period. When comes to those at risk, both financial services and healthcare remain a prominent target.

Sources: [Help Net Security ] [Infosecurity Magazine] [Help Net Security]

NATO Warns of Russian Hybrid Warfare

NATO has issued a statement in which it describes it is “deeply concerned about Russia's hybrid actions and the threat that they constitute to NATO security”.  The actions are described to include sabotage, acts of violence, cyber and electronic interference, and disinformation campaigns. This comes as many countries including the UK and US are due to have elections this year.

Sources: [EU Reporter] [Financial Times]

Governance, Risk and Compliance

• You cannot protect what you do not understand (securitybrief.co.nz)

• Why 2024 will be the year of the CISO | CSO Online

• Security tools fail to translate risks for executives - Help Net Security

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs (thehackernews.com)

• Now More Than Ever, it's Crucial for Companies to Get Cyber Security Right (newsweek.com)

• Why SMBs are facing significant security, business risks - Help Net Security

• Are SMEs paving the way for cyber attacks on larger companies? | Insurance Times

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

• The Art Of Cyber Security Governance: Safeguarding Beyond Code (forbes.com)

• CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes (darkreading.com)

• 92% of CISOs Question the Future of Their Role Amidst Growing AI Pressures | Business Wire

• What's the Future Path for CISOs? (darkreading.com)

• RSAC: How CISOs Should Protect Themselves Against Indictments - Infosecurity Magazine (infosecurity-magazine.com)

• Three strategies for winning the cyber security arms race | Fintech Nexus

• Why Cyber Security Is More Important Than Ever | Inc.com

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• CIOs and CFOs, two parts of the same whole - IT Security Guru

Threats

Ransomware, Extortion and Destructive Attacks

• Gang Accused of MGM Hack Turns Its Sights on Finance Sector (bloomberglaw.com)

• The State of Ransomware 2024 - InfoRiskToday

• Cybercrime Unicorns: What Everyone Needs to Know About Ransomware Gangs (pcmag.com)

• Why Paying Should Be A Last Resort In Ransomware Attacks (forbes.com)

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Ransomware evolves from extortion to 'psychological attacks' • The Register

• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (thehackernews.com)

• Ransomware attacks impact 20% of sensitive data in healthcare orgs - Help Net Security

• An overwhelming majority of organisations paid ransomware last year - eCampus News

• Global ransomware crisis worsens - Help Net Security

• The Growing Threat of Advanced Ransomware Attacks (inforisktoday.com)

• Law enforcement seized Lockbit group's website again (securityaffairs.com)

• Consultant charged with $1.5M extortion of IT giant • The Register

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• Alleged Russian hacker unmasked as Bermuda joins sanctions effort - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

• Ransomware crooks SIM swap kids to pressure parents • The Register

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• CISA boss: Secure software needed to stop ransomware • The Register

• Shields Up: How to Minimize Ransomware Exposure - Security Week

• How financial services organisations can protect valuable data in the age of ransomware (finextra.com)

• Defenders assemble: Time to get in the game – Sophos News

Ransomware Victims

• UnitedHealth’s 'egregious negligence' led to that ransomware • The Register

• Ascension healthcare takes systems offline after cyber attack (bleepingcomputer.com)

• London Drugs president tight-lipped over recent cyber attack | CBC News

• Boeing confirms attempted $200 million ransomware extortion attempt | CyberScoop

• Cyber attack disrupts operations at major US health care network | CNN Business

• City of Wichita Shuts Down Network Following Ransomware Attack - Security Week

• Patient appointments imperilled by cyber attack on French radiologist (therecord.media)

• Ransomware attack hits Brandywine Realty Trust | SC Media (scmagazine.com)

Phishing & Email Based Attacks

• NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Social Engineering

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• What is social engineering penetration testing? | Definition from TechTarget

Artificial Intelligence

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

• Organisations go ahead with AI despite security risks - Help Net Security

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

• Strategies for preventing AI misuse in cyber security - Help Net Security

• AI is changing the game when it comes to cyber security | ITPro

• Why the Cyber Security Industry Is Obsessed With AI Right Now - CNET

• LLMs & Malicious Code Injections: 'We Have to Assume It's Coming' (darkreading.com)

• Cyber Security, Deepfakes and the Human Risk of AI Fraud (govtech.com)

• How to detect deepfakes manually and using AI | TechTarget

• Report Shows AI Fraud, Deepfakes Are Top Challenges For Banks - Infosecurity Magazine (infosecurity-magazine.com)

• Criminal Use of AI Growing, But Lags Behind Defenders - Security Week

2FA/MFA

• Only 45% of organisations use MFA to protect against fraud - Help Net Security

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

Malware

• Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (thehackernews.com)

• ZLoader Malware adds Zeus's anti-analysis feature (securityaffairs.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Hackers are using fake apps to distribute this dangerous Mac malware — don’t fall for this | Tom's Guide (tomsguide.com)

• Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

Mobile

• Mobile Banking Malware Surges 32% - Infosecurity Magazine (infosecurity-magazine.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

• Ransomware crooks SIM swap kids to pressure parents • The Register

Denial of Service/DoS/DDOS

• 87% of DDoS Attacks Targeted Windows OS Devices in 2023 (darkreading.com)

Data Breaches/Leaks

• How does a data breach affect you and why should you care? | TechRadar

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Dell customer order database stolen, for sale on dark web • The Register

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• 10,000 Customers’ Data Exposed in UK Government Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics | WIRED

• Cyber attack: Large volume of data stolen in attack on Scottish health board (scotsman.com)

• Security breach affects 6,000 German military VC meetings (avinteractive.com)

• Security company exposes 1.2M guard and suspect records • The Register

• Children's mental health records published after cyber attack - BBC News

• Georgia education agency's MOVEit data theft impacted 800K • The Register

• Data Brokers: What They Are and How to Safeguard Your Privacy - IT Security Guru

• Zscaler Investigates Hacking Claims After Data Offered for Sale - Security Week

• UK government departments reveal rise in data breaches & lost devices (datacentrenews.uk)

• 'Sophisticated' cyber attacks involving British Colombia government networks found | CBC News

• Cancer patients' sensitive information accessed by "unidentified parties" after being left exposed by screening lab for years (bitdefender.com)

• Over 380K more NYC students had info leaked, bringing total to over 1M (nypost.com)

• Dating apps kiss'n'tell all sorts of sensitive user info • The Register

Organised Crime & Criminal Actors

• Hackers of all kinds are attacking routers across the world | TechRadar

• Cyber crime stats you can't ignore - Help Net Security

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

• Threat Actors Weaponize Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Massive webshop fraud ring steals credit cards from 850,000 people (bleepingcomputer.com)

• Scattered Spider group a unique challenge for cyber cops, FBI leader says (therecord.media)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Insider Risk and Insider Threats

• The Rise And Stealth Of The Socially Engineered Insider (forbes.com)

• Don't Be the Weakest Link – Your Team's Crucial Role in Cyber Security | NAVEX - JDSupra

Supply Chain and Third Parties

• UK Military Data Breach a Reminder of Third-Party Risk (darkreading.com)

• Details of UK military personnel exposed in huge payroll data breach | AP News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• DBIR: Supply Chain Breaches Up 68% Year Over Year (darkreading.com)

• IT Consulting Firm Blames MSP for Data Breach | MSSP Alert

• The complexities of third-party risk management - Help Net Security

Cloud/SaaS

• What is Cloud Security in Banking? | HackerNoon

• Does cloud security have a bad reputation? | InfoWorld

Encryption

• Cop complaints won't stop E2EE, says encryption advocate • The Register

• European Threat To End-To-End Encryption Would Invade Phones (forbes.com)

Linux and Open Source

• Open-Source Cyber Security Is a Ticking Time Bomb (gizmodo.com)

• Spies Among Us: Insider Threats in Open Source Environments (darkreading.com)

• A Guide to Open Source Software Security - The New Stack

Passwords, Credential Stuffing & Brute Force Attacks

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

• Microsoft introduces Passkeys support for consumer accounts - gHacks Tech News

• Google Announces Passkeys Adopted by Over 400 Million Accounts (thehackernews.com)

• UnitedHealth Attack: Stolen Credentials, No MFA | MSSP Alert

• Hackers can crack average 8-character passwords in under a minute (newsbytesapp.com)

• What is credential stuffing? | Kaspersky official blog

• How secure is the “Password Protection” on your files and drives? - Help Net Security

Social Media

• These Dangerous Scammers Don’t Even Bother to Hide Their Crimes | WIRED

Training, Education and Awareness

• Over 70% of Staff Use AI At Work, But Only 30% of European Organisations Provide AI Training - IT Security Guru

Regulations, Fines and Legislation

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• EU plan to force messaging apps to scan for CSAM risks millions of false positives, experts warn | TechCrunch

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

• Innovation, Not Regulation, Will Protect Corporations From Deepfakes (darkreading.com)

Models, Frameworks and Standards

• The NIS2 Compliance Deadline Is Nearing. Are You Prepared? - Security Boulevard

Data Protection

• Privacy requests increased 246% in two years - Help Net Security

Careers, Working in Cyber and Information Security

• How workforce reductions affect cyber security postures - Help Net Security

• One in Four Tech CISOs Unhappy with Compensation - Security Boulevard

Law Enforcement Action and Take Downs

• Ransomware activity is back on track despite law enforcement efforts - Help Net Security

• Law Enforcement Takedowns Force Ransomware Affiliates to Diversify - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit's seized darknet site resurrected by police, teasing new revelations (therecord.media)

• LockBit leader unmasked and sanctioned - National Crime Agency

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• German police bust Europe's 'largest' scam call centre – DW – 05/02/2024

• Consultant charged with $1.5M extortion of IT giant • The Register

• 97% of Organisations Hit by Ransomware Worked with Law Enforcement (globenewswire.com)

• Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering (securityaffairs.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Israeli private investigator wanted for hacking in US is arrested in London | The Independent

• Cyber Attacks on US Utilities: New Trends in Cyber Warfare - ClearanceJobs

• 'The Mask' Espionage Group Resurfaces After 10-Year Hiatus (darkreading.com)

Nation State Actors

China

• Defence secretary Grant Shapps confirms name of contractor running MoD system hacked by China | Politics News | Sky News

• Firm at centre of MoD 'China' hack handles data for several Whitehall departments (inews.co.uk)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• Geopolitical tensions rise with China. (thecyberwire.com)

• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion (thehackernews.com)

Russia

• Malice from Moscow: NATO warns of Russian hybrid warfare - EU Reporter

• Russia plotting sabotage across Europe, intelligence agencies warn (ft.com)

• How Nato could respond after wave of Russian spy arrests across Europe (inews.co.uk)

• EU, NATO denounce Russia's cyber attacks on Germany, Czechia (kyivindependent.com)

• Russia Cyber Attack Germany's Ruling Party, Defence | Silicon UK

• Foreign Ministry:  Czech institutions targeted by GRU cyber attacks | Radio Prague International

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Russia-linked APT28 and crooks are still using the Moobot botnet (securityaffairs.com)

• Russia slammed for cyber attacks (emergingrisks.co.uk)

• Ukraine records increase in financially motivated attacks by Russian hackers (therecord.media)

• UK joins partners in condemnation of malicious cyber activity by Russian Intelligence Services: UK government statement - GOV.UK (www.gov.uk)

• Russian cyber attacks on Germany spur intensified cyber recruitment and training   - Freelance Informer

• Cyber War? EU rages over alleged Russian cyber attack on German’s ruling SPD (brusselssignal.eu)

• Lessons from LOCKED SHIELDS 2024 cyber exercise | SC Media (scmagazine.com)

• A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED

• Russia says Germany using baseless 'hacker myths' to destroy ties | Reuters

• Highlights of international and Ukrainian cyber security news in April 2024 - National Security and Defence Council of Ukraine (rnbo.gov.ua)

• Poland says it too was targeted by Russian hackers – POLITICO

• Kaspersky denies claims it helped Russia with drones • The Register

Iran

• Iranian hackers pose as journalists to push backdoor malware (bleepingcomputer.com)

• Iranian hackers harvest credentials through advanced social engineering campaigns | CSO Online

North Korea

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Far-right websites hacked and defaced  | CyberScoop

• Threat Actors Weaponise Hacktivism for Financial Gain - Infosecurity Magazine (infosecurity-magazine.com)

• Amnesty International Cites Indonesia as a Spyware Hub (darkreading.com)

• New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs (thehackernews.com)

• Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know | WIRED

Vulnerability Management

• Cyber criminals are getting faster at exploiting vulnerabilities - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Patch management vs. vulnerability management: Key differences | TechTarget

• How remote work is changing patch management | TechTarget

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• CISA’s KEV list improving private and public-sector patching • The Register

• CISA Announces CVE Enrichment Project 'Vulnrichment' - Security Week

Vulnerabilities

• Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities (thehackernews.com)

• Citrix Addresses High-Severity NetScaler Servers Flaw (darkreading.com)

• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (bleepingcomputer.com)

• Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) - Help Net Security

• LiteSpeed Cache WordPress plugin actively exploited in the wild (securityaffairs.com)

• New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)

• New BIG-IP Next Central Manager bugs allow device takeover (bleepingcomputer.com)

• Microsoft: April Windows Server updates also cause crashes, reboots (bleepingcomputer.com)

• Android bug can leak DNS traffic with VPN kill switch enabled (bleepingcomputer.com)

• Mirai Botnet Exploits Ivanti Connect Secure Flaws for Malicious Payload Delivery (thehackernews.com)

• Apple just fixed an iTunes security flaw for Windows users, but they probably have bigger issues to worry about anyway | iMore

• Citrix warns customers to update PuTTY version installed on their XenCenter system manually (securityaffairs.com)

Tools and Controls

• Behind Closed Doors: The Rise of Hidden Malicious Remote Access (cybereason.com)

• Security tools fail to translate risks for executives - Help Net Security

• Misconfigurations drive 80% of security exposures | Security Magazine

• A Guide to Cyber Threat Intelligence (greydynamics.com)

• NSA, FBI Alert on North Korean Hackers Spoofing Emails from Trusted Sources (thehackernews.com)

• Microsoft plans to lock down Windows DNS like never before. Here’s how. | Ars Technica

• Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica

• Cyber Threat Research: Poor Patching Practices and Unencrypted Protocols Continue to Haunt Enterprises - IT Security Guru

• Strategies for preventing AI misuse in cyber security - Help Net Security

• Shadow APIs: An Overlooked Cyber Risk for Orgs (darkreading.com)

• How to detect deepfakes manually and using AI | TechTarget

• What is social engineering penetration testing? | Definition from TechTarget

• How workforce reductions affect cyber security postures - Help Net Security

• What is biometrics? 10 physical and behavioural identifiers that can be used for authentication | CSO Online

• What is Risk-Based Vulnerability Management (RBVM)? (techtarget.com)

• Top 10 physical security considerations for CISOs | CSO Online

• Three Battle-Tested Tips for Surviving a Cyber Attack - Infosecurity Magazine (infosecurity-magazine.com)

• IT chiefs plan to spend and innovate their way out of ransomware swamp | TechRadar

• A SaaS Security Challenge: Getting Permissions All in One Place  (thehackernews.com)

• Tips for Protecting Active Directory From Ransomware Attacks | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Tips for Controlling the Costs of Security Tools - The New Stack

• Rethinking Cyber Security Investment Amid Rising Threats (govinfosecurity.com)

• Microsoft confirms Windows 11 24H2 turns on Device Encryption by default (windowslatest.com)

Reports Published in the Last Week

• The State of Ransomware 2024 - Sophos

Other News

• Microsoft overhaul treats security as ‘top priority’ after a series of failures - The Verge

• Microsoft will base part of senior exec comp on security, add deputy CISOs to product groups – GeekWire

• The EU Cyber Diplomacy Toolbox: Shaping Global Cyber Security Standards | UpGuard

• Complexity leads to trade-off between risk and innovation (betanews.com)

• When has the UK faced cyber attacks in the past? | The Independent

• Man-in-the-middle attack: The new cyber security threat | YourStory

• Paris 2024 gearing up to face unprecedented cyber security threat | Reuters

• From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats - Security Week

• 38% of riskiest cyber physical systems neglected, warns Claroty report (securitybrief.co.nz)

• Why undersea cables need high-priority protection • The Register

• GAO: NASA Faces 'Inconsistent' Cyber Security Across Spacecraft (darkreading.com)

• Cyber security regulations: Are non-compliant cars more vulnerable? | Autocar

• Fujitsu sets aside £200m as calls mount for Post Office scandal payout

• eGates across UK airports go down (thelondoneconomic.com)

• FE News | Why the education sector needs to do the homework on cyber security as attacks soar

• Caught with our pants down - The Royal Gazette | Bermuda News, Business, Sports, Events, & Community |

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox

The 2024 Cyber Claims Report by insurer Coalition reveals critical vulnerabilities and trends affecting cyber insurance policyholders. Notably, over half of the claims in 2023 stemmed from funds transfer fraud (FTF) and business email compromise (BEC), underlining the critical role of email security in cyber risk management. The report also indicated heightened risks associated with boundary devices like firewalls and VPNs, particularly if they are exposed online and have known vulnerabilities. Additionally, the overall claims frequency and severity rose by 13% and 10% respectively, pushing the average loss to $100,000. These insights emphasise the necessity of proactive cyber security measures and the valuable role of cyber insurance in mitigating financial losses from cyber incidents.

Sources: [IT Security Guru] [Emerging Risks]

Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery

The global cost of cyber crime is expected to soar to $10.5 trillion annually by 2025, a steep rise from $3 trillion in 2015, underscoring a significant improvement in the methods of cyber criminals, according to Cybersecurity Ventures. Beyond direct financial losses like ransomware payments, the hidden costs of cyber attacks for businesses include severe operational disruptions, lost revenue, damaged reputations, strained customer relationships, and regulatory fines. These incidents, further exacerbated by increased insurance premiums, collectively contribute to substantial long-term financial burdens. The report indicates that 88% of data breaches are attributable to human error, underscoring the importance of comprehensive employee training alongside technological defences. To combat these evolving cyber threats effectively, organisations must adopt a multi-pronged strategy that includes advanced security technologies, regular system updates, employee education, and comprehensive security audits.

According to another report from SiliconAngle, cyber insurance claims increased 13% year-over-year in 2023, with the 10% rise in overall claims severity attributed to mounting ransomware attack claims.

Sources: [The Hacker News] [Huntress] [SC Media]

Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy

Cyber security has transformed from a secondary concern into the cornerstone of corporate risk management. The historical view of cyber security as merely a component of broader risk strategies is outdated; it now demands a central role in safeguarding against operational, financial, and reputational threats. Many businesses, recognising the vital role of technology in all operations, have begun elevating the position of Chief Information Security Officer (CISO) to integrate cyber security into their overall enterprise risk frameworks. This shift not only enhances visibility and strategic alignment at the highest organisational levels but also fosters more robust defences against cyber threats. As such, adopting a cyber security-centric approach is crucial for compliance and long-term resilience in the face of growing digital threats.

Source: [Forbes]

Ransomware Double-Dip: Re-Victimisation in Cyber Extortion

A recent cyber security study reveals a troubling trend of re-victimisation among organisations hit by cyber extortion or ransomware attacks. Analysis of over 11,000 affected organisations shows recurring victimisation due to repeated attacks, data reuse among criminal affiliates, or cross-affiliate data sharing. Notably, cyber extortion incidents have surged by 51% year-on-year. Additionally, a separate study reports payments exceeding $1 billion and a 20% increase in ransomware attack victims since early 2023. These findings underscore the increasing sophistication and persistence of cyber criminals. Despite law enforcement efforts, adaptable cyber crime groups swiftly resume operations, complicating effective threat mitigation. Organisations must enhance their cyber security measures to avoid becoming repeated targets.

Sources: [Security Magazine] [The Hacker News] [SC Media]

AI is a Major Threat and Many Financial Organisations Are Not Doing Enough

Artificial intelligence (AI) is a major concern for organisations, especially for the financial services sector due to the information they hold. Recent reports have found that AI has driven phishing up by 60% and AI tools have been linked to data exposure in 1 in 5 UK organisations. But it is not just attackers utilising AI: a separate report found that 20% of employees have exposed data via AI.

Currently, many financial organisations are not doing enough to secure themselves to fight AI. In a recent survey, 69% of fraud-management decision makers, AML professionals, and risk and compliance leaders reported that criminals are more advanced at using AI for financial crime than firms are in defending against it.

Sources: [Verdict] [Beta News] [Infosecurity Magazine] [TechRadar] [Security Brief]

[Biometric Update]

6 out of 10 Businesses Struggle to Manage Cyber Risk

A report has found that 6 in 10 businesses are struggling to manage their cyber risk and just 43% have confidence in their ability to address cyber risk. Further, 35% of total respondents worry that senior management does not see cyber attacks as a significant risk; the same percentage also reported a struggle in hiring skilled professionals. When it came to implementing their security policy, half of respondents found difficulty, and when it came to securing the supply chain, a third reported worries.

Given the inevitability of a cyber attack, organisations need to prepare themselves. Those that struggle to manage their cyber risk and/or hire skilled professions will benefit from outsourcing to skilled, reputable cyber security organisations who can guide them through the process.

Sources: [PR Newswire] [Beta News]

'Junk Gun' Ransomware: New Low-Cost Cyber Threat Targets SMBs

Sophos’ research reveals a concerning trend: ‘junk gun’ ransomware variants are now traded on the dark web. Rather than going the traditional route of selling or buying ransomware to or as an affiliate, attackers have now begun creating and selling unsophisticated ransomware variants for a one-time cost. Priced at a median of $375, they attract lower-skilled attackers, especially those targeting small and medium-sized businesses (SMBs). As major ransomware players fade, these variants pose significant threats, accounting for over 75% of cyber incidents affecting SMBs in 2023.

Source: [Security Brief] [Tripwire]

Penetration Testing Infrequency Leaves Security Gaps

Many organisations are struggling to maintain the balance between penetration testing and IT changes within the organisation, leaving security gaps according to a recent report. The report found that 73% of organisations reported changes to their IT environments at least quarterly, however only 40% performed penetration testing at the same frequency.

The issue arises where there is a significant duration during which changes have been implemented without undergoing assessment, leaving organisations open to risk for extended periods of time. Consider the situation in which an organisation moves their infrastructure from on-premise to the cloud: they now have a different IT environment, and with that, new risks.

Black Arrow always recommends that a robust penetration test should be conducted whenever changes to internet facing infrastructure have been made, and at least annually.

Source: [MSSP Alert]

Bank Prohibited from Opening New Accounts After Regulators Lose Patience with Poor Cyber Security Governance

A bank in India has been banned from signing up new customers, and instructed to focus on improving its cyber security after “serious deficiencies and non-compliances” were found within their IT environment. The compliances provided by the bank were described as “inadequate, incorrect or not sustained”. The bank is now subject to an external audit, which if passed, will consider the lifting of the restrictions placed upon them.

Source: [The Register]

The Psychological Impact of Phishing Attacks on Your Employees

Phishing remains one of the most prevalent attack vectors for bad actors, and its psychological impact on employees can be severe, with many employees facing a loss in confidence and job satisfaction as well as an increase in anxiety. In a study by Egress, it was found that 74% of employees were disciplined, dismissed or left voluntarily after suffering a phishing incident, which can cause hesitation when it comes to reporting phishing.

Phishing incidents and simulations where employees have clicked should be seen as an opportunity to learn, not to blame, and to understand why a phish was successful and what can be done in future to prevent it. Organisations should perform security education and awareness training to help employees lessen their chance of falling victim, as well as knowing the reporting procedures.

Source: [Beta News]

Where Hackers Find Your Weak Spots

A recent analysis highlights social engineering as a primary vector for cyber attacks, emphasising its reliance on meticulously gathered intelligence to exploit organisational vulnerabilities. Attackers leverage various intelligence sources; Open Source Intelligence (OSINT) for public data, Social Media Intelligence (SOCMINT) for social media insights, Advertising Intelligence (ADINT) from advertising data, Dark Web Intelligence (DARKINT) from the DarkWeb, and the emerging AI Intelligence (AI-INT) using artificial intelligence. These methods equip cyber criminals with detailed knowledge about potential victims, enabling targeted and effective attacks. The report underscores the critical importance of robust information management and employee training to mitigate such threats, specifically advocating for regular training, AI-use policies, and proactive intelligence gathering by organisations to protect against the substantial risks posed by social engineering.

Source: [Dark Reading]

The Role of Threat Intelligence in Financial Data Protection

The financial industry’s reliance on digital processes has made it vulnerable to cyber attacks. Criminals target sensitive customer data, leading to financial losses, regulatory fines, and reputational damage. To combat these threats such as phishing, malware, ransomware, and social engineering, financial institutions must prioritise robust cyber security measures. One effective approach is threat intelligence, which involves ingesting reliable threat data, customised to your sector and the technology you have in place, and dark web monitoring.

Source: [Security Boulevard]

Government Cannot Protect Business and Services from Cyber Attack, Decision Makers Say

According to a recent report, 66% of surveyed IT leaders expressed a lack of confidence in their government’s ability to defend people and enterprises from cyber attacks, especially those from nation state actors. This scepticism arises from the growing complexity of threats and the rapid evolution of cyber warfare. While governments play a critical role in national security, their agility in adapting to the ever-changing digital landscape leaves organisations finding themselves increasingly responsible for their own protection.

Source: [TechRadar] [Security Magazine]

Governance, Risk and Compliance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• Six out of 10 businesses struggle to manage cyber risk (betanews.com)

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• It Costs How Much?!? The Financial Pitfalls of Cyber Attacks on SMBs | Huntress

• Why Cyber Security Should Be Driving Your Enterprise Risk Management Strategy (forbes.com)

• Cyber attacks are on the rise, and that includes small businesses. Here's what to know | AP News

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• UK government cannot protect businesses and services from cyber attacks, IT pros say | TechRadar

• Why cyber attacks shouldn’t be viewed as isolated incidents - Raconteur

• Bank banned from opening new accounts over IT risks • The Register

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Cyber Attacks Keep Rising. Here's What Small Businesses Need to Know | Inc.com

• 73% of SME security pros missed or ignored critical alerts - Help Net Security

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• 4 steps CISOs can take to raise trust in their business | TechTarget

• NCSC Says Newer Threats Need Network Defence Strategy | Trend Micro (US)

• Uncertainty is the most common driver of noncompliance - Help Net Security

• More and more businesses now have CISOs - but they're increasingly taking the blame for attacks | TechRadar

• Cyber metrics journey | Professional Security

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Report finds a near 20% increase in ransomware victims year-over-year | Security Magazine

• Risks to ransomware attack payment | Professional Security

• Ransomware Double-Dip: Re-Victimization in Cyber Extortion (thehackernews.com)

• 'Junk gun' ransomware: New low-cost cyber threat targets SMBs (securitybrief.co.nz)

• Mandiant: Attacker dwell time down, ransomware up in 2023 | TechTarget

• Behavioural patterns of ransomware groups are changing - Help Net Security

• Record ransomware attacks in March 2024, report finds (securitybrief.co.nz)

• Ransomware payments drop to record low of 28% in Q1 2024 (bleepingcomputer.com)

• Hackers use developing countries as testing ground for new ransomware attacks (ft.com)

• Ransomware Still On Rise Despite Better Defences, Firm Says - Law360

• Hackers are using developing countries for ransomware practice | Ars Technica

• Dark web inundated by cheap ransomware tools | SC Media (scmagazine.com)

• Unmasking the True Cost of Cyber Attacks: Beyond Ransom and Recovery (thehackernews.com)

• Action needed amid escalating ransomware attacks, record-high payments | SC Media (scmagazine.com)

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! - Help Net Security

• CL0P ransomware gang is on the rise | Hogan Lovells - JDSupra

• Proportion paying ransoms declines in Q1 2024, even as takings break a new record (computing.co.uk)

• Megazord Ransomware Attacking Healthcare & Govt Entities (cybersecuritynews.com)

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

• DragonForce Ransomware Group Uses LockBit’s Leaked Builder - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber Hygiene Helps Organisations Mitigate Ransomware-Related Vulnerabilities  | CISA

• Ransomware attacks rise in global food & agriculture sector (securitybrief.co.nz)

• Preventing Ransomware Attacks at Scale (hbr.org)

Ransomware Victims

• Hackers Were in Change Healthcare 9 Days Before Attack (pymnts.com)

• UnitedHealth BlackCat Attack Cost is $872M in Q1 | MSSP Alert

• UnitedHealth admits breach could affect large chunk of US • The Register

• Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update (darkreading.com)

• UnitedHealth Paid Ransom to Protect Patient Data | MSSP Alert

• Will the Change Healthcare case finally make providers do a business impact analysis? | SC Media (scmagazine.com)

• UNDP, City of Copenhagen Targeted in Data-Extortion Cyber Attack (darkreading.com)

• Cannes Hospital Cancels Medical Procedures Following Cyber Attack - Security Week

• Small medical practices will close because of Change cyber attack, says AMA | Healthcare IT News

• HelloKitty ransomware rebrands, releases CD Projekt and Cisco data (bleepingcomputer.com)

• Sweden's liquor shelves to run empty this week due to ransomware attack (therecord.media)

• Authentication failure blamed for Change Healthcare ransomware attack | CSO Online

• Ransomware feared as Octapharma Plasma closes 150+ centers • The Register

• Red Ransomware takes credit for Targus attack | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Carpetright unable to trade after cyber attack - Retail Gazette

• Street lights in Leicester City cannot be turned off due to a cyber attack (securityaffairs.com)

Phishing & Email Based Attacks

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• The psychological impact of phishing attacks on your employees (betanews.com)

• Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments (darkreading.com)

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike (thehackernews.com)

• LA County Health Services: Patients' data exposed in phishing attack (bleepingcomputer.com)

BEC

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

Other Social Engineering

• LastPass Users Lose Master Passwords to Ultra-Convincing Scam (darkreading.com)

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Artificial Intelligence

• AI is a major threat and financial organisations are not doing enough to fight it | Biometric Update

• Phishing attacks up 60 percent driven by AI (betanews.com)

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

• Five Eyes agencies publish report on AI security | Hogan Lovells - JDSupra

• AI tools linked to data exposure in 1 in 5 UK organisations (securitybrief.co.nz)

• Security Leaders Braced for Daily AI-Driven Attacks by Year-End - Infosecurity Magazine (infosecurity-magazine.com)

• CSOs say AI is 'biggest cyber threat' to organisations | TechRadar

• Man arrested for 'framing colleague' with AI-generated voice • The Register

• Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (thehackernews.com)

• People doubt their own ability to spot AI-generated deepfakes - Help Net Security

• A National Security Insider Does the Math on the Dangers of AI | WIRED

• 40% of organisations have AI policies for critical infrastructure | Security Magazine

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• 25 cyber security AI stats you should know - Help Net Security

• Cyber Threats in the Age of AI: Protecting Your Digital DNA - Security Boulevard

• The Dark Side of Deepfakes: How Malicious Actors Use Synthetic Media to Manipulate and Deceive | Metaverse Post (mpost.io)

• 6 security items that should be in every AI acceptable use policy | CSO Online

• 'Poisoned' data could wreck AIs in wartime, warns Army software acquisition chief - Breaking Defence

• The use of AI in war games could change military strategy (theconversation.com)

2FA/MFA

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

Malware

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Microsoft unmasks Russia-linked ‘GooseEgg’ malware (therecord.media)

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Beware! Notorious Samurai Stealer Used in Targeted Attacks (cybersecuritynews.com)

• Threat Actor Uses Multiple Infostealers in Global Campaign - Security Week

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Antivirus updates hijacked to drop dangerous malware | TechRadar

• Hackers infect users of antivirus service that delivered updates over HTTP | Ars Technica

• Researchers sinkhole PlugX malware server with 2.5 million unique IPs (bleepingcomputer.com)

• Millions of IPs remain infected by USB worm years after its creators left it for dead | Ars Technica

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Mobile

• Report says over 10 million devices were infected by data-stealing malware in 2023 - PhoneArena

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• iPhone password reset attacks are real – how to protect yourself | Mashable

• New Brokewell malware takes over Android devices, steals data (bleepingcomputer.com)

• Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries (darkreading.com)

• Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users (thehackernews.com)

• Give Your iPhone a Security Boost With This iOS 17.4 Feature - CNET

• A Briefing on SIM Hijacking | Intel471

Data Breaches/Leaks

• 5.3M World-Check records may be leaked; how to check your records | SC Media (scmagazine.com)

• Hackers stole 7,000,000 people's DNA. But what can they do with it? | Tech News | Metro News

• AT&T Offers All Customers Free Security Bundle After Data Breach (tech.co)

• AT&T faces class action lawsuit over massive data breach exposing 70 million customers’ personal information (click2houston.com)

• App bug exposes 1M neighbourhood watchers to data harvesters • The Register

• Fifth of CISOs Admit Staff Leaked Data Via GenAI - Infosecurity Magazine (infosecurity-magazine.com)

Organised Crime & Criminal Actors

• Rising Ransomware Issue: English-Speaking Western Affiliates (govinfosecurity.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners (thehackernews.com)

• Lazarus On the Hunt: How North Korean Hackers are Targeting Crypto via LinkedIn (bitcoinist.com)

Insider Risk and Insider Threats

• Most people still rely on memory or pen and paper for password management - Help Net Security

• The rise of the outsmarted insider (betanews.com)

• CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal | TechCrunch

Insurance

• Ransomware triggers cyber insurance claims increase | SC Media (scmagazine.com)

• Coalition Finds More Than Half of Cyber Insurance Claims Originate in the Email Inbox - IT Security Guru

• Email inbox cyber crime leaps as claims soar (emergingrisks.co.uk)

• Coalition: Insurance claims for Cisco ASA users spiked in 2023 | TechTarget

• Munich Re on the impact of cyber rate changes | Insurance Business America (insurancebusinessmag.com)

Supply Chain and Third Parties

• Battening down the hatches: Navigating third-party cyber threats  | SC Media (scmagazine.com)

• Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor - Security Week

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

Cloud/SaaS

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

Identity and Access Management

• How Attackers Can Own a Business Without Touching the Endpoint (thehackernews.com)

• Identity-based security threats are growing rapidly: report | CSO Online

Encryption

• Europol asks tech firms, governments to get rid of E2EE • The Register

• How tech firms are tackling the risks of quantum computing | World Economic Forum (weforum.org)

• Australian authorities call for Big Tech help with decryption • The Register

Linux and Open Source

• Open Source Groups Warn of Social Engineering Backdoors | MSSP Alert

Passwords, Credential Stuffing & Brute Force Attacks

• Most people still rely on memory or pen and paper for password management - Help Net Security

• Apple @ Work: Over 52% of workers try to memorize and reuse the same password across multiple apps at work - 9to5Mac

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Brute Force Password Cracking Takes Longer - Don't Celebrate Yet (technewsworld.com)

Social Media

• Dutch govt body: Don't use Facebook if unsure about privacy • The Register

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Malvertising

• Windows 11 now comes with its own adware (engadget.com)

Training, Education and Awareness

• 10 colleges and universities shaping the future of cyber security education - Help Net Security

Regulations, Fines and Legislation

• What is the EU Cyber Solidarity Act? | UpGuard

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• NIS2: Preparing for EU’s New Cyber Security Rules | Wilson Sonsini Goodrich & Rosati – JDSupra

• Compliance in 2024: Cutting through the noise (federalnewsnetwork.com)

• Google Postpones Third-Party Cookie Deprecation Amid UK Regulatory Scrutiny (thehackernews.com)

• A view from Brussels: To be sovereign, or not to be (iapp.org)

• Cyber Security | UK Regulatory Outlook April 2024 - Lexology

• Net neutrality has been restored in the US - Help Net Security

Models, Frameworks and Standards

• Fortifying your business with ISO 27001 - DCD (datacenterdynamics.com)

• Preparing for NIS2: A Compliance Guide For Covered Entities | UpGuard

• Taking Time to Understand NIS2 Reporting Requirements - Security Boulevard

Data Protection

• International Lawyers Network Announces the Launch of Comprehensive Data Protection Guide (prleap.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• A view from Brussels: To be sovereign, or not to be (iapp.org)

Careers, Working in Cyber and Information Security

• Cyber staff priority as threats continue – report (emergingrisks.co.uk)

• Pluralsight Study Finds the Biggest Technical Skills Gaps are in Cyber Security, Cloud, and Software Development (prnewswire.com)

• Three Ways Organisations Can Overcome the Cyber Security Skills Gap - Security Boulevard

• Addressing the cyber skills shortage: 5 key steps to take | CSO Online

• Five Essential Steps To Land Your First Cyber Security Job (forbes.com)

• Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army - IT Security Guru

Law Enforcement Action and Take Downs

• Exploring Law Enforcement Hacking as a Tool Against Transnational Cyber Crime - Carnegie Endowment for International Peace

• Authorities investigate LabHost users after phishing service shut down | SC Media (scmagazine.com)

• Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan | Trend Micro (US)

• To Catch a Cyber Criminal -- and the Fallout That Follows (informationweek.com)

• Man arrested for 'framing colleague' with AI-generated voice • The Register

Misinformation, Disinformation and Propaganda

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (thehackernews.com)

China

• ToddyCat APT Is Stealing Data on 'Industrial Scale' (darkreading.com)

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• UK mulls fresh controls on 'sensitive tech' after China cyber claim (thenextweb.com)

• FBI Director Wray Issues Dire Warning on China's Cyber Security Threat (darkreading.com)

• Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters

• New tool used in China-linked attacks against Asia-Pacific | SC Media (scmagazine.com)

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ads on .gov.uk websites raise eyebrows over privacy • The Register

• China's Vision for Global Security: Implications for Southeast Asia | United States Institute of Peace (usip.org)

Russia

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• Microsoft issues warning over ‘GooseEgg’ tool used in Russian hacking campaigns | ITPro

• Chinese, Russian espionage campaigns increasingly targeting edge devices (therecord.media)

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• Who Are APT29? - Security Boulevard

• Overflowing Water Tank Linked to Russian Cyber Attack (govtech.com)

• Russia accused of jamming GPS signal on flights from UK causing route chaos (inews.co.uk)

• Russian Sandworm hackers targeted 20 critical orgs in Ukraine (bleepingcomputer.com)

• Rare Computer Virus Detected in Ukrainian Network, Confidential Document Potentially Compromised (kyivpost.com)

• Russian FSB Counterintelligence Chief Gets 9 Years in Cyber Crime Bribery Scheme – Krebs on Security

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (therecord.media)

• MITRE breached by nation-state threat actor via Ivanti zero-days - Help Net Security

• Ukraine participates in NATO cyber security exercise in Estonia / The New Voice of Ukraine (nv.ua)

• Cyber attacks on Poland surged after election of pro-Ukraine regime (thenextweb.com)

Iran

• $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defence Contractors - Security Week

• Campaigns and political parties are in the crosshairs of election meddlers | CyberScoop

• Mandiant: Russia, Iran pose biggest threat to 2024 elections • The Register

• Iranian nationals charged with hacking US companies, Treasury and State departments | CyberScoop

• The Biggest 2024 Elections Threat: Kitchen-Sink Attack Chains (darkreading.com)

North Korea

• Over 10 Defence Industry Firms Targeted in Concentrated Cyber Attacks by N. Korean Hackers l KBS WORLD

• Hackers hijack antivirus updates to drop GuptiMiner malware (bleepingcomputer.com)

• Microsoft Warns: North Korean Hackers Turn to AI-Fuelled Cyber Espionage (thehackernews.com)

• North Korean Hackers Target Dozens of Defence Companies - Infosecurity Magazine (infosecurity-magazine.com)

• North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures (thehackernews.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Dutch intelligence warns of stronger threats from China, jihadists and extremists | NL Times

Vulnerability Management

• Third-Party Software Patching: Your Cyber Armor in 2024 | MSSP Alert

• Automated patch management: 9 best practices for success | TechTarget

• Vulnerability Exploitation on the Rise as Attacker Ditch Phishing - Infosecurity Magazine (infosecurity-magazine.com)

• Vulnerabilities Versus Intentionally Malicious Software Components - The New Stack

• GPT-4 can exploit real vulnerabilities by reading advisories • The Register

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Vulnerabilities

• 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (bleepingcomputer.com)

• Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack (thehackernews.com)

• Nation-state actors exploited two zero-days in Cisco ASA and FTD firewalls to breach government networks - Security Affairs

• Russia's Fancy Bear Pummels Windows Print Spooler Bug (darkreading.com)

• 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity (darkreading.com)

• Microsoft: APT28 hackers exploit Windows flaw reported by NSA (bleepingcomputer.com)

• MITRE says state hackers breached its network via Ivanti zero-days (bleepingcomputer.com)

• GitLab affected by GitHub-style CDN flaw allowing malware hosting (bleepingcomputer.com)

• Google Patches Critical Chrome Vulnerability - Security Week

• Microsoft releases Exchange hotfixes for security update issues (bleepingcomputer.com)

• PoC Exploit Released For Critical Oracle VirtualBox Vulnerability (gbhackers.com)

• Critical Forminator plugin flaw impacts over 300k WordPress sites (bleepingcomputer.com)

• Dependency Confusion Vulnerability Found in Apache Project - Infosecurity Magazine (infosecurity-magazine.com)

• Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk (cybersecuritynews.com)

• Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs (darkreading.com)

• GitHub vulnerability leaks sensitive security reports | TechTarget

• New Password Cracking Analysis Targets Bcrypt - Security Week

• Maximum severity Flowmon bug has a public exploit, patch now (bleepingcomputer.com)

Tools and Controls

• Seedworm Hackers Exploit RMM Tools to Deliver Malware (cybersecuritynews.com)

• Third-Party Software Patching: Your Cyber Armour in 2024 | MSSP Alert

• The Role of Threat Intelligence in Financial Data Protection - Security Boulevard

• Automated patch management: 9 best practices for success | TechTarget

• Rethinking How You Work with Detection and Response Metrics (darkreading.com)

• Choosing SOC Tools? Read This First [2024 Guide] - Security Boulevard

• Research Shows How Attackers Can Abuse EDR Security Products - SecurityWeek

• What is multi-factor authentication (MFA), and why is it important? - Help Net Security

• Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security

• Zero Trust Takes Over: 63% of Orgs Implementing Globally (darkreading.com)

• Pen Testing Infrequency Leaves Security Gaps | MSSP Alert

• 5 Hard Truths About the State of Cloud Security 2024 (darkreading.com)

• Explore CASB use cases before you decide to buy | TechTarget

• SD-WAN: Don't Build a Dead End, Prepare for Future-Proof Secure Networking - SecurityWeek

• Identity-based security threats are growing rapidly: report | CSO Online

• Microsoft criticized for charging for security add-ons • The Register

• 5 insights from new Microsoft CNAPP guide | Microsoft Security Blog

• The Peril of Badly Secured Network Edge Devices (inforisktoday.com)

• VPNs, Firewalls' Nonexistent Telemetry Lures APTs (darkreading.com)

• The first steps of establishing your cloud security strategy - Help Net Security

• 40% of organizations have AI policies for critical infrastructure | Security Magazine

• Understand the Benefits and Limitations of Automated Tools in Penetration Testing (prweb.com)

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Tech Investments Help SMBs Fortify Supply Chains Amid Economic, Workforce, and Security Concerns | Business Wire

• CISA ransomware warning program set to fully launch by end of 2024 | CyberScoop

Reports Published in the Last Week

• M-Trends 2024 | Google Cloud

• Mandiant's M-Trends Report Reveals New Insights from Frontline Cyber Investigations (prnewswire.com)

• Coalition's 2024 Cyber Claims Report (coalitioninc.com)

• Boost your data protection with insights from Dell's report - SiliconANGLE

• 2024 Cisco Cyber Security Readiness Index

• Rising Cyber Threats Pose Serious Concerns for Financial Stability (imf.org)

• Cyber Security in the UK - House of Commons Library (parliament.uk)

Other News

• These sectors are top targets for cyber crime, and other cyber security news to know this month | World Economic Forum (weforum.org)

• Online Banking Security Still Not Up to Par, Says Which? - Infosecurity Magazine (infosecurity-magazine.com)

• Why Educating HR Professionals on Cyber Risk Is Crucial (thehrdirector.com)

• Where Hackers Find Your Weak Spots (darkreading.com)

• Network Threats: A Step-by-Step Attack Demonstration (thehackernews.com)

• Microsoft is reportedly making security improvements its current top priority at the company - Neowin

• UK cyber agency NCSC announces Richard Horne as its next chief executive (therecord.media)

• Internet cable at Cali airport cut in apparent sabotage • The Register

• DOD establishes Office of the Assistant Secretary of Defence for Cyber Policy (securityintelligence.com)

• EU Statement – UN General Assembly 1st Committee: Cyber Security | EEAS (europa.eu)

• US: The European Union and the United States hold the 9th Cyber Dialogue in Brussels | EEAS (europa.eu)

• Why Tourists Are Particularly Vulnerable To Cyber Attacks (maltatoday.com.mt)

• Microsoft needs to win back trust - The Verge

• AI Is Going Well For Microsoft, But Cyber Security Is Not - Microsoft (NASDAQ:MSFT) - Benzinga

• Questions for IT and cyber leaders from the CSRB Microsoft report | Computer Weekly

• World´s most advanced cyber defence exercise kicks off in Tallinn

• Why Cyber Security Is Key To Solving Global Crises (forbes.com)

• Cyber Security is Relentless! | Gray Reed - JDSupra

• Colleges spending more than ever on cyber security efforts (insidehighered.com)

• Foreign states targeting UK universities, MI5 warns - BBC News

• Cyber resilience in the public sector: lessons for UK Councils (techinformed.com)

• Digital Blitzkrieg: Unveiling Cyber Logistics Warfare (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Triple Threat: Insecure Economy, Cyber Crime Recruitment and Insider Threats

Across all sectors employees are feeling the ramifications of economic uncertainty, coupled with ransomware attacks continuing to evolve and become more sophisticated, and with this, cyber crime gangs are increasing their recruitment efforts. All the while, the cyber security skills gap persists and continues to widen for most organisations. This has the potential to create a perfect storm in terms of insider threats.

Insider threats can be malicious or unintentional, and they might come from current or former employees, business partners, board members or consultants. A recent report found that the past two years have seen a 44% rise in insider incidents. There is no quick fix to solve the insider threat problem. At a time when many businesses are struggling with visibility issues brought on by digital transformation and vendor sprawl, what’s needed is planning. Reducing the risk associated with insider threats requires a multifaceted approach.

https://www.securityweek.com/triple-threat-insecure-economy-cybercrime-recruitment-and-insider-threats/

• Ensuring Security Remains/Becomes Everyone’s Responsibility

In the same way as organisations believe that everyone is somewhat responsible for keeping costs reasonable, why would an organisation not think the same of cyber security, especially as cyber security is not just a technology problem: it is a business problem. One of the best methods for ensuring that security is everyone’s responsibility is to make cyber a top-down issue, with the board and C-suite setting the tone for security; they should provide clear direction and guidance, prioritising security as a business objective.

Other methods that can help ensure security as everyone’s responsibility include integrating it into the functions of roles, creating a security culture, providing awareness and training and rewarding employees for responses such as reporting phishing attacks.

https://cisoseries.com/20-ways-to-ensure-security-remains-becomes-everyones-responsibility/

• Insured Companies More Likely to be Ransomware Victims, Sometimes More Than Once

Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers.

According to the survey by Barracuda Networks, 77% of organisations with cyber insurance were hit at least once, compared to 65% without insurance. Of those with insurance, 39% paid the ransom. Worryingly, the survey found that insured companies were also 70% more likely to be hit multiple times. Repeat victims were also more likely to pay the ransom, and less likely to use backup systems to help them recover.

https://www.csoonline.com/article/3696350/insured-companies-more-likely-to-be-ransomware-victims-sometimes-more-than-once.html

• Software Supply Chain Attacks Hit 61% of Firms

More than three-fifths (61%) of businesses have been directly impacted by a software supply chain threat over the past year, according to a new report. The report pointed to open source software as a key source of supply chain risk. Open source is now used by 94% of companies in some form, with over half (57%) using multiple open source platforms, the report revealed.

Organisations may be putting themselves at further risk by not having a full view of the software which is used within their corporate environment. One of the first things an organisation seeking to reduce their risk of a software supply chain attack should do is to understand their attack surface and maintain a record of the software which they use.

https://www.infosecurity-magazine.com/news/software-supply-chain-attacks-hit/

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees

In a newly released 2023 Fortune 1000 Identity Exposure Report, an analysis of the dark net exposure of employees across 21 industries, including technology, financial, retailing and media, researchers analysed 2.27 billion exposed dark web assets. These assets included more than 423 million records containing personally identifiable information (PII) found in data breaches and exfiltrated from malware-infected devices tied directly to Fortune 1000 employees’ email addresses.  

Additional findings include 27.48 million pairs of credentials with Fortune 1000 corporate email addresses and plain text passwords, and a 62% re-use rate of passwords amongst Fortune 1000 employees. Whilst the research focuses on Fortune 1000 employees, it is unlikely that these are the only employees who are exposed on the dark web. Organisations should be aware of how such PII could include their own employees, and how to avoid password re-use in the corporate environment.

https://www.msspalert.com/cybersecurity-research/more-than-2-25-million-exposed-assets-on-the-dark-web-tied-to-fortune-1000-employees/

• Law Enforcement Crackdowns and New Techniques are Forcing Cyber Criminals to Pivot

Researchers say that law enforcement crackdowns and new investigative tools are putting pressure on cyber criminals, but challenges for defenders remain. It can seem like cyber criminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes. With such pressure, financially motivated threat actors are pivoting to crimes that have a higher rate of success, such as selling data instead of extorting, and romance scams and pig butchering (building rapport and trust with victims over time only to steal from them) are replacing the old get-rich schemes.

https://www.csoonline.com/article/3696748/law-enforcement-crackdowns-and-new-techniques-are-forcing-cybercriminals-to-pivot.html

• Talking Security Strategy: Why Cyber Security Requires a Seat at the Boardroom Table

Cyber security is no longer a fringe issue for businesses. What was once a siloed function is now woven into the fabric of any successful business. Any business still treating its cyber security initiatives as a side project is setting itself up to fail. The US Securities and Exchange Commission (SEC) has laid to rest any doubts about the importance of cyber security with new regulations around how boards of directors should approach it. The regulations, which are in the process of being finalised, will require companies to openly report any serious cyber security attack and explain who on their board is responsible for dealing with it. The regulations also will require businesses to include board of directors' cyber security experience and credentials as part of any public disclosure.

https://www.darkreading.com/vulnerabilities-threats/talking-security-strategy-cybersecurity-has-a-seat-at-the-boardroom-table

• How Incident Response Rehearsals and Readiness Exercises Can Aid Incident Response

Incident response rehearsals and readiness exercises can aid organisations by identifying security gaps, testing communications in the event of a cyber attack, and understanding roles in reducing response times. All of which benefits the business objectives of the organisation.

The importance for organisations to understand who their adversaries are and how they operate against their enterprise environments cannot be overstated. An organisation's approach to cyber security testing and resilience improvements in the face of an increasingly volatile threat landscape must be underpinned around this perspective.

Rehearsals should look to leverage scenarios based on evolving and emerging attacker techniques, tactics and procedures (TTPs), with different levels of complexity; this allows an organisation to constantly sharpen their technique and update rehearsals to reflect the current attack environment. These TTPs should be driven by an intelligence-led and risk-based approach. Additionally, organisations need to set metrics for understanding the results of rehearsals, which in turn should be used in established feedback channels to drive improvement in the organisation’s incident response.

https://www.darkreading.com/edge-articles/5-ways-security-testing-can-aid-incident-response 

• Ransomware’s Real Goals are to Exploit Internet Facing Apps, Mine Intellectual Property and Grab Sensitive Information

The majority of ransomware attacks in 2022 were intended to unearth personal data, mine intellectual property and grab other sensitive information rather than financial extortion or data encryption, Kaspersky said in a new report.

Most attacks started off as exploiting public facing applications (43%), data from compromised user accounts (24%) and malicious emails (12%). The goal was to snatch information the cyber crews could leverage into bigger and more lucrative scores. The report also revealed that the longest-running ransomware attacks began with the exploitation of public-facing applications, with just over 2% of them lasting for a year and more.

https://www.msspalert.com/cybersecurity-research/ransomwares-real-goals-are-exploit-internet-facing-apps-mine-intellectual-property-grab-sensitive-info/

• Organisations’ Cyber Resilience Efforts Fail to Keep Up with Evolving Threats

A steady increase in cyber attacks and an evolving threat landscape are resulting in more organisations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber capabilities, according to Immersive Labs. The report found that while 86% of organisations have a cyber resilience program, 52% of respondents say their organisation lacks a comprehensive approach to assessing cyber resilience.

Organisations have taken steps to deploy cyber resilience programs; however, 53% of respondents indicate the organisation’s workforce is not well-prepared for the next cyber attack and just over half say they lack a comprehensive approach to assessing cyber resilience. These statistics indicate that although cyber resilience is a priority and programs are in place, their current structure and training are ineffective.

https://www.helpnetsecurity.com/2023/05/18/cyber-resilience-programs-shortcomings/

• Fraudsters Send Fake Invoice, Follow Up with Fake Executive Confirmation

Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. The fraud attempt begins with an email containing a payment request for a fake invoice. The recipient, an employee in a company’s finance department, reads the email and checks who sent it. The sender’s email address looks like it belongs to one of the company’s trusted vendors, and the VP of Finance has been CC-ed. Soon after, the “VP of Finance” replies to the email thread, and asks the employee (by name) to pay this at the earliest convenience.

Most organisations view social engineering methods as a one step process; however, threat actors are employing multiple layers. In this case, adding management to increase authenticity. Businesses looking to bolster their resilience should look to ensure that these kinds of attacks are addressed in their organisation’s user education and awareness training.

https://www.helpnetsecurity.com/2023/05/16/payment-request-fraud/

• Capita Warns Customers They Should Assume Data was Stolen

Outsourcing giant Capita is warning customers to assume that their data was stolen in a cyber attack that affected its systems in early April. This includes the Universities Superannuation Scheme (USS), the largest private pension scheme in the UK, which holds pensions of over 500,000 individuals. A total of 350 UK corporate retirement schemes are believed to be impacted. The cyber attack, originally described to be a technical problem, has been reported to the UK’s Information Commissioner’s Office.

https://www.bleepingcomputer.com/news/security/capita-warns-customers-they-should-assume-data-was-stolen/

Governance, Risk and Compliance

• Cyber security Often Overlooked as Key Factor for Business Success, New Study Says - MSSP Alert

• Cyber Risk Management in 2023: The People Element (trendmicro.com)

• Is Your Cyber security “Too” Good? (securityintelligence.com)

• Cyber risk: Can banks win the arms race? | Financial Times (ft.com)

• Security breaches push digital trust to the fore | CSO Online

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Keeping a competitive edge in the cyber security ‘game’ | CyberScoop

• UK NCSC, ICO debunk 6 cyber attack reporting myths | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Accelerating Security Risk Management (trendmicro.com)

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• 20 Ways to Ensure Security Remains/Becomes Everyone’s Responsibility (cisoseries.com)

• Talking Security Strategy: Cyber security Has a Seat at the Boardroom Table (darkreading.com)

• ‘Attackers only have to get it right once’: how cyber security burst into the boardroom | Financial Times (ft.com)

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

Threats

Ransomware, Extortion and Destructive Attacks

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

• Ransomware payments nearly double in one year | Cyber crime | The Guardian

• Ransomware’s Real Goals are Exploit Internet Facing Apps, Mine Intellectual Property, Grab Sensitive Info - MSSP Alert

• The Week in Ransomware - May 12th 2023 - New Gangs Emerge (bleepingcomputer.com)

• New trends in ransomware attacks shape the future of cyber security - Help Net Security

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Bl00dy Ransomware Gang Strikes Education Sector with Critical PaperCut Vulnerability (thehackernews.com)

• ABB 'suffers cyber attack' by ransomware gang Black Basta (techmonitor.ai)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Experts question San Bernardino's $1.1M ransom payment | TechTarget

• Manufacturers Targeted as Ransomware Victim Numbers Spike 27% - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware corrupts data, making restoration harder • The Register

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• VPN vulnerability linked to ransomware attack on Law Society: PDPC - CNA (channelnewsasia.com)

• New 'MichaelKors' Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems (thehackernews.com)

• Philadelphia Inquirer operations disrupted after cyber attack (bleepingcomputer.com)

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• New RA Group ransomware targets US orgs in double-extortion attacks (bleepingcomputer.com)

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• US Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator (thehackernews.com)

• Qilin Ransomware Operation Outfits Affiliates With Sleek, Turnkey Cyber attacks (darkreading.com)

• Qilin's Dark Web Ransomware Targets Critical Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware-as-a-service groups pay affiliates top dollar • The Register

• Russian ransomware affiliate charged with attacks on critical infrastructure (bleepingcomputer.com)

• This new ransomware group is targeting big businesses - here's what you need to know | TechRadar

• Warning Issued About BianLian Ransomware Attacks By CISA & FBI (informationsecuritybuzz.com)

• FBI confirms BianLian ransomware switch to extortion only attacks (bleepingcomputer.com)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• MalasLocker ransomware targets Zimbra servers, demands charity donation (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

• A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Phishing & Email Based Attacks

• What the Email Security Landscape Looks Like in 2023-Security Affairs

• New Phishing-as-a-Service Platform Lets Cyber criminals Generate Convincing Phishing Pages (thehackernews.com)

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Google's .zip Top Level domain is already used in phishing attacks - gHacks Tech News

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Microsoft Teams Features Amp Up Orgs' Cyber attack Exposure (darkreading.com)

• Social Engineering Risks Found in Microsoft Teams - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

Artificial Intelligence

• 10 Types of AI Attacks CISOs Should Track (darkreading.com)

• New Google search tool will distinguish real images from AI-generated phonies | ZDNET

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

• Generative AI Empowers Users but Challenges Security (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Security Vulnerabilities of ChatGPT-Generated Code (trendmicro.com)

• 3 Ways Hackers Use ChatGPT to Cause Security Headaches (darkreading.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

2FA/MFA

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

Malware

• Microsoft is scanning the inside of password-protected zip files for malware | Ars Technica

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market - Infosecurity Magazine (infosecurity-magazine.com)

• The new info-stealing malware operations to watch out for (bleepingcomputer.com)

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Stealthy MerDoor malware uncovered after five years of attacks (bleepingcomputer.com)

• Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (thehackernews.com)

• New ZIP domains spark debate among cyber security experts (bleepingcomputer.com)

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Once Again, Malware Discovered Hidden in npm (darkreading.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Mobile

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Converso walks back E2EE claims, yanks app from stores • The Register

• OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users (thehackernews.com)

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• Millions of Smartphones Distributed Worldwide With Preinstalled 'Guerrilla' Malware - SecurityWeek

Botnets

• Beware Bots: Human Internet Traffic Dives to Lowest Level in Eight Years, New Report Finds - MSSP Alert

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• Bad bots are coming for APIs - Help Net Security

• Spanish cops arrest 69 in immigration bot scheme • The Register

Denial of Service/DoS/DDOS

• Polish news websites hit by DDoS attacks | Reuters

• Europe: The DDoS battlefield - Help Net Security

Internet of Things – IoT

• Netgear Routers' Flaws Expose Users to Malware, Remote Attacks, and Surveillance (thehackernews.com)

• Why 2.4GHz Wi-Fi is both the savior and the scourge of the smart home - The Verge

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyber attacks (darkreading.com)

• Government Publishes Playbook to Enhance Smart City Security - Infosecurity Magazine (infosecurity-magazine.com)

• Is your car safe from a cyber attack? | E&T Magazine (theiet.org)

Data Breaches/Leaks

• UK's largest private pension scheme hit by Capita attack • The Register

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• More than 2.25 Million Exposed Assets on the Dark Web Tied to Fortune 1000 Employees - MSSP Alert

• MP’s laptop stolen from Welcome Break spot 'not covered by CCTV' | UK News | Metro News

• Discord discloses data breach after support agent got hacked (bleepingcomputer.com)

• Data of 237,000 US government employees breached - CNA (channelnewsasia.com)

• Toyota: Car location data of 2 million customers exposed for ten years (bleepingcomputer.com)

• Toyota's bungling of customer privacy is becoming a pattern • The Register

• Making Sure Lost Data Stays Lost (darkreading.com)

• WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers - SecurityWeek

• Personal info of 90k hikers leaked by French tourism company La Malle Postale-Security Affairs

• Ransomware gang steals data of 5.8 million PharMerica patients (bleepingcomputer.com)

• Airline exposes passenger info to others due to a 'technical error' (bleepingcomputer.com)

• University admission platform exposed student passports-Security Affairs

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Organised Crime & Criminal Actors

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• An Executive's Guide To The Cyber crime Underground (forbes.com)

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Former Ubiquiti Employee Gets 6 Years in Jail for $2 Million Crypto Extortion Case (thehackernews.com)

• How Cyber criminals Adapted to Microsoft Blocking Macros by Default (darkreading.com)

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Lemon Group Uses Millions of Pre-Infected Android Phones to Enable Cyber crime Enterprise (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Atomic malware steals Mac passwords, crypto wallets, and more • Graham Cluley

• Hacker admits he was connected to 'tens of thousands’ laptops to mine crypto (finbold.com)

• CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware (thehackernews.com)

• Latest variant of RapperBot botnet adds cryptojacking capabilities-Security Affairs

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• DangerousPassword - A Malware Attack Pattern to Infect Devices (gbhackers.com)

• Landmark crypto rules make exchanges liable for customer losses in EU | Ars Technica

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

Insider Risk and Insider Threats

• Triple Threat: Insecure Economy, Cyber crime Recruitment and Insider Threats - SecurityWeek

• Avoiding Reputational Damage By Conquering Insider Threats (informationsecuritybuzz.com)

• Insider threats surge across US CNI as attackers exploit human factors | CSO Online

• Ex-Apple engineer accused of stealing self-driving car secrets - BBC News

• Identity crimes: Too many victims, limited resources - Help Net Security

Fraud, Scams & Financial Crime

• Fraudsters send fake invoice, follow up with fake exec confirmation - Help Net Security

• Exploring the tactics of phishing and scam websites in 2023 - Help Net Security

• Edinburgh coffee shop owner devastated after losing £100,000 life savings to cyber criminals in internet scam | Edinburgh News (scotsman.com)

• How To Avoid Mother's Day Scams By Protecting Your Purse And Heart (informationsecuritybuzz.com)

• US Says VoIP Firm Delivered Billions of Scam Robocalls - Infosecurity Magazine (infosecurity-magazine.com)

• Spanish cops arrest 69 in immigration bot scheme • The Register

• This Is Catfishing on an Industrial Scale | WIRED

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

AML/CFT/Sanctions

• How China came to dominate the black market for money laundering (telegraph.co.uk)

Insurance

• Insured companies more likely to be ransomware victims, sometimes more than once | CSO Online

Dark Web

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Infamous cyber crime marketplace offers pre-order service for stolen credentials - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Mitigating Dark Web Risks: The Role Of AI And Machine Learning (forbes.com)

Supply Chain and Third Parties

• Capita warns customers they should assume data was stolen (bleepingcomputer.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Another security calamity for Capita: Unsecured AWS bucket • The Register

• UK's largest private pension scheme hit by Capita attack • The Register

• Discord Informs Users of Data Breach Involving Customer Support Provider - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Software Supply Chain

• Software Supply Chain Attacks Hit 61% of Firms - Infosecurity Magazine (infosecurity-magazine.com)

Cloud/SaaS

• Security experts share cloud auditing best practices | TechTarget

• Stop worrying about cloud-lock-in, and outages: Gartner • The Register

• Microsoft Azure VMs Hijacked in Cloud Cyber attack (darkreading.com)

• Why High Tech Companies Struggle with SaaS Security (thehackernews.com)

• Sticking to traditional security playbook is mistake for cloud security: Palo Alto Networks SVP (techrepublic.com)

• Capita hit by new data breach incident | Financial Times (ft.com)

• Why Amazon S3 is a ransomware target and how to protect it | TechTarget

• Microsoft lets Azure AD choose authentication method • The Register

Encryption

• Converso walks back E2EE claims, yanks app from stores • The Register

• Protect against current and future threats with encryption | TechTarget

API

• Bad bots are coming for APIs - Help Net Security

• Attack automation becomes a prevalent threat against APIs - Help Net Security

Open Source

• EU attempts to secure software could hurt open source • The Register

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• Malicious open-source components threatening digital infrastructure - Help Net Security

• Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop

• Enhancing open source security: Insights from the OpenSSF on addressing key challenges - Help Net Security

Passwords, Credential Stuffing & Brute Force Attacks

• Time Taken For Hackers to Crack Passwords Revealed - IT Security Guru

• AI-Powered Tools Threaten Password Strength, New Study Finds - MSSP Alert

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Ransomware Prevention – Are Meeting Password Security Requirements Enough (bleepingcomputer.com)

• KeePass 2.X Master Password Dumper allows retrieving the KeePass master password-Security Affairs

Social Media

• Former TikTok official says China had access to app data | Al Arabiya English

• Ongoing Facebook phishing campaign without a sender and (almost) without links

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

• Twitter sued over Saudi spying that allegedly landed popular user in prison [Updated] | Ars Technica

Training, Education and Awareness

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

Parental Controls and Child Safety

• Parental control app with 5 million downloads vulnerable to attacks (bleepingcomputer.com)

Regulations, Fines and Legislation

• EU attempts to secure software could hurt open source • The Register

• AI Is About to Be Everywhere: Where Will Regulators Be? (darkreading.com)

• ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence - SecurityWeek

• Preparing for federal supply chain security standardization - Help Net Security

Secure Disposal

• Making Sure Lost Data Stays Lost (darkreading.com)

• Millions of deleted files recovered in hard drives purchased online | TechRadar

Careers, Working in Cyber and Information Security

• How I Got Started: Offensive Security

• Open source and Linux skills are still in demand in a dark economy | ZDNET

• Top 10 Ideas for Addressing the Cyber security Skills Gap in 2023 (analyticsinsight.net)

• Google Cloud CISO on why the Google Cyber security Certificate matters - Help Net Security

• Improving cyber mindfulness - IT Security Guru

• The Future is (Cyber) Mindful - IT Security Guru

Law Enforcement Action and Take Downs

• Law enforcement crackdowns and new techniques are forcing cyber criminals to pivot | CSO Online

• Hacker marketplace still active despite police 'takedown' claim - BBC News

• Spanish cops arrest 69 in immigration bot scheme • The Register

• Identity crimes: Too many victims, limited resources - Help Net Security

• Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands (thehackernews.com)

• Admin of the darknet carding platform Skynet Market pleads guilty-Security Affairs

• 18-year-old charged with hacking 60,000 sports betting accounts (bleepingcomputer.com)

• Russian national indicted for ransomware attacks against the US | CSO Online

Privacy, Surveillance and Mass Monitoring

• The UK’s Secretive Web Surveillance Program Is Ramping Up | WIRED

• WhatsApp allows users to lock sensitive chats - Help Net Security

• Apple blocked 1.7 million apps for privacy, security issues in 2022 (bleepingcomputer.com)

• Google details its next steps for wiping out Chrome tracking cookies | Engadget

• Zut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France – Naked Security (sophos.com)

Misinformation, Disinformation and Propaganda

• Pakistan shut down the internet - but that didn't stop the protests - BBC News

• Twitter wrong to block tweets during Turkey election - Wikipedia founder - BBC News

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• President Zelensky imposes sanctions against the Russian IT sector-Security Affairs

• 4 Countries Join NATO Cyber Defence Center - SecurityWeek

Nation State Actors

• Former TikTok official says China had access to app data | Al Arabiya English

• Cyber Warfare Escalates Amid China-Taiwan Tensions - Infosecurity Magazine (infosecurity-magazine.com)

• New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe (thehackernews.com)

• Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocol-Security Affairs

• Gatewatcher unveils research into advanced persistent threats | Data Centre Solutions

• China's 'Satellite Killer' Spacecraft Threatens To Puncture US Military In Space By Crippling Its Recon, Navigation & EW Satellites

• How China came to dominate the black market for money laundering (telegraph.co.uk)

• Lancefly APT Custom Backdoor Targets Government and Aviation Sectors - Infosecurity Magazine (infosecurity-magazine.com)

• Researchers Uncover Powerful Backdoor and Custom Implant in Year-Long Cyber Campaign (thehackernews.com)

• North Korean hackers stole $721 million in cryptocurrency from Japan - Nikkei | Reuters

• Hackers infect TP-Link router firmware to attack EU entities (bleepingcomputer.com)

• Chinese Hackers Mustang Panda Attacks TP-Link Routers (informationsecuritybuzz.com)

• Cyble — Cisco Routers Exploited by Russian State-Sponsored Attackers

• DOJ links Iran, China and Russia to five IP theft-related cases | SC Media (scmagazine.com)

• Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict (darkreading.com)

Vulnerability Management

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Remote updates on motherboards could lead to bricked servers • The Register

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Microsoft Advisories Are Getting Worse (darkreading.com)

• How to build a better vulnerability management program | TechTarget

• Google Announces New Rating System for Android and Device Vulnerability Reports - SecurityWeek

• How to Protect Your Organisation From Vulnerabilities (darkreading.com)

Vulnerabilities

• Hackers target Wordpress plugin flaw after PoC exploit released (bleepingcomputer.com)

• Critical Flaws in Cisco Small Business Switches Could Allow Remote Attacks (thehackernews.com)

• KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) - Help Net Security

• Apple fixes three new zero-days exploited to hack iPhones, Macs (bleepingcomputer.com)

• XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (thehackernews.com)

• Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers - SecurityWeek

• CVE-2023-0008 PAN-OS: Local File Disclosure Vulnerability in the PAN-OS Web Interface (paloaltonetworks.com)

• Arm confident Cortex-M is secure after side-channel attack • The Register

• Microsoft Follina Bug Is Back in Meme-Themed Cyber attacks Against Travel Orgs (darkreading.com)

• CISA: Several Old Linux Vulnerabilities Exploited in Attacks - SecurityWeek

• Remote updates on motherboards could lead to bricked servers • The Register

• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug | Ars Technica

• Microsoft pulls Defender update fixing Windows LSA Protection bug (bleepingcomputer.com)

• WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities – WP Tavern

• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency (thehackernews.com)

• Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities - SecurityWeek

Tools and Controls

• Organisations' cyber resilience efforts fail to keep up with evolving threats - Help Net Security

• Hacking Groups Rapidly Weaponizing N-Day Vulnerabilities (gbhackers.com)

• Cyber-Resilience Programs Failing on Poor Visibility - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security Testing Can Aid Incident Response (darkreading.com)

• Organisations reporting cyber resilience are hardly resilient: Study | CSO Online

• Making Sure Lost Data Stays Lost (darkreading.com)

• Passkeys may not be for you, but they are safe and easy—here’s why | Ars Technica

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• The Ultimate Guide to Multi-Factor Authentication - Security Boulevard

• Open-source Cobalt Strike port 'Geacon' used in macOS attacks (bleepingcomputer.com)

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• Protect against current and future threats with encryption | TechTarget

• Can AI Decision-Making Be Trusted for Cyber security? (analyticsinsight.net)

• 'Strictly limit' remote desktop to avoid BianLian ransomware • The Register

• Millions of deleted files recovered in hard drives purchased online | TechRadar

• Key Metrics In Evaluating DevOps Threat Matrix (informationsecuritybuzz.com)

• ChatGPT is about to revolutionize cyber security | VentureBeat

• A Requirements-Driven Approach to Cyber Threat Intelligence | Mandiant

• Embedding Security by Design: A Shared Responsibility (darkreading.com)

Reports Published in the Last Week

• UK Cyber security Landscape: challenges and opportunities | Expel

• Kaspersky Incident Response report 2022 | Securelist

• The State of Pentesting 2023 Report | Cobalt

• Introducing the DRM-Report Q1 2023: Unveiling the Current State of Ransomware - -Security Affairs-Security Affairs

Other News

• Heightened cyber attacks threat before Council of Europe summit in Reykjavik – EURACTIV.com

• White House plan to implement cyber strategy includes ambitious digital education effort | CyberScoop

• 12 common network protocols and their functions explained | TechTarget

• Pentagon Hacking Fears Fueled by Microsoft's Monopoly on Military IT (newsweek.com)

• Ukraine, Ireland, Japan and Iceland join NATO CCDCOE-Security Affairs

• Web entity activity reveals insights into internet security - Help Net Security

• Microsoft Security highlights from RSAC 2023 - Microsoft Security Blog

• Top 5 Cyber security Predictions and Statistics for 2023 (analyticsinsight.net)

• No more macros? No problem, say attackers, we'll adapt • The Register

• Not-Too-Safe Boot: Remotely Bypassing Endpoint Security Solutions (AV/EDR/…) and Anti-Tampering Mechanisms – Zero-Day Zone (zerodayzone.com)

• Researchers show ways to abuse Microsoft Teams accounts for lateral movement | CSO Online

• Rebinding Attacks Persist With Spotty Browser Defences (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.