Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Risks Top Worldwide Business Concerns In 2022

Cyber perils are the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer. The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the COVID-19 pandemic, all of which have heavily affected firms in the past year.

Cyber incidents tops the Allianz Risk Barometer for only the second time in the survey’s history (44% of responses), Business interruption drops to a close second (42%) and Natural catastrophes ranks third (25%), up from sixth in 2021. Climate change climbs to its highest-ever ranking of sixth (17%, up from ninth), while Pandemic outbreak drops to fourth (22%).

The annual survey incorporates the views of 2,650 experts in 89 countries and territories, including CEOs, risk managers, brokers and insurance experts. View the full global and country risk rankings.

https://www.helpnetsecurity.com/2022/01/20/cyber-concern-2022/

Bosses Think That Security Is Taken Care Of: CISOs Aren't So Sure

The World Economic Forum warns about a significant gap in understanding between C-suites and information security staff - but it's possible to close the gap.

Organisations could find themselves at risk from cyberattacks because of a significant gap between the views of their own security experts and the boardroom.

The World Economic Forum's new report, The Global Cyber Security Outlook 2022, warns there are big discrepancies between bosses and information security personnel when it comes to the state of cyber resilience within organisations.

According to the paper, 92% of business executives surveyed agree that cyber resilience is integrated into enterprise risk management strategies – or in other words, protecting the organisation against falling victim to a cyberattack, or mitigating the incident so it doesn't result in significant disruption.

However, only 55% of security-focused executives believe that cyber resilience is integrated into risk management strategies – indicating a significant divide in attitudes to cyber security.

This gap can leave organisations vulnerable to cyberattacks, because boardrooms believe enough has been done in order to mitigate threats, while in reality there could be unconsidered vulnerabilities or extra measures put in place.

https://www.zdnet.com/article/managers-think-their-systems-are-unbreakable-cybersecurity-teams-arent-so-sure/

Fraud Is On the Rise, and It's Going to Get Worse

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.

As more daily activities — work, education, shopping, and entertainment — shift online, fraud is also on the rise. A trio of recent reports paint a bleak picture, highlighting concerns that companies are experiencing increasing losses from fraud and that the situation will get worse over the coming year.

In KPMG's survey of senior risk executives, 67% say their companies have experienced external fraud in the past 12 months, and 38% expect the risk of fraud committed by external perpetrators to somewhat increase in the next year. External fraud, which includes credit card fraud and identity theft, is specifically referring to incidents perpetuated by individuals outside the company. For most of these respondents, there was a financial impact: Forty-two percent say their organisations experienced 0.5% to 1% of loss as a result of fraud and cybercrime.

https://www.darkreading.com/edge-articles/fraud-is-on-the-rise-and-its-going-to-get-worse

Two-Fifths of Ransomware Victims Still Paying Up

Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research.

The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK, Australia, Singapore, Hong Kong, India, New Zealand, the UAE, Mexico and Brazil.

Some 87% said their organisation had been the victim of a successful attack resulting in damage, disruption, or a breach since 2019. However, 83% said they’d experienced more attacks since the start of the pandemic.

Over half (52%) were ransomware victims, with 39% paying up. Of these, 58% gave their attackers between $100,000 and $1m, while 7% handed over more than $1m.

https://www.infosecurity-magazine.com/news/two-fifths-ransomware-victims/

Less Than a Fifth of Cyber Leaders Feel Confident Their Organisation is Cyber-Resilient

Less than one-fifth (17%) of cyber leaders feel confident that their organisations are cyber-resilient, according to the World Economic Forum (WEF)’s inaugural Global Cyber Security Outlook 2022 report.

The study, written in collaboration with Accenture, revealed there is a wide perception gap between business executives and security leaders on the issue of cyber security. For example, 92% of businesses believe cyber-resilience is integrated into their enterprise risk-management strategies, compared to just 55% of cyber leaders.

This difference in attitude appears to be having worrying consequences. The WEF said that many security leaders feel that they are not consulted in security decisions, and only 68% believe cyber-resilience forms a major part of their organisation’s overall corporate risk management.

In addition, over half (59%) of all cyber leaders admitted they would find it challenging to respond to a cyber security incident due to a shortage of skills within their team.

Supply chain security was another major concern among cyber leaders, with almost nine in 10 (88%) viewing SMEs as a key threat to supply chains.

Interestingly, 59% of cyber leaders said cyber-resilience and cyber security are synonymous, with the differences not well understood.

https://www.infosecurity-magazine.com/news/cyber-leaders-organisation/

Endpoint Malware And Ransomware Detections Hit All-Time High

Endpoint malware and ransomware detections surpassed the total volume seen in 2020 by the end of Q3 2021, according to researchers at the WatchGuard Threat Lab. In its latest report, WatchGuard also highlights that a significant percentage of malware continues to arrive over encrypted connections.

While zero-day malware increased by just 3% to 67.2% in Q3 2021, the percentage of malware that arrived via Transport Layer Security (TLS) jumped from 31.6% to 47%. Data shows that many organisations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks.

https://www.helpnetsecurity.com/2022/01/20/endpoint-malware-ransomware-detections-q3-2021/

End Users Remain Organisations' Biggest Security Risk

With the rapid adoption of hybrid working environments and increased attacks, IT and security professionals worry that future data breaches will most likely be the result of end users who are negligent of or break security policy, according to a recent Dark Reading survey. The percentage of respondents in Dark Reading's 2021 Strategic Security Survey who perceive users breaking policy as the biggest risk fell slightly, however, from 51% in 2020 to 48% in 2021. Other potential issues involving end users showed improvements as well, with social engineering falling in concern from 20% to 15% and remote work worries halving from 26% to 13%.

While this trend is positive, it's unclear where the increased confidence comes from, since more people now report ineffective end-user security awareness training (11%, to 2020's 7%).

Respondents shared their heightened concern about well-funded attacks. In 2021, 25% predicted an attack targeted at their organisations (a rise from 2020, when 20% said the same), and fear of a nation-state-sponsored action rose to 16% from 9% the year before. Yet only 16% reported sophisticated, automated malware as a top concern, a 10% drop from 2020, and fear of a gap between security and IT advances only merited 9%. A tiny 3% worried that their security tools wouldn't work well together, dropping from the previous year's 10%.

https://www.darkreading.com/edge-threat-monitor/despite-rise-of-third-party-concerns-end-users-still-the-biggest-security-risk

Supply Chain Disruptions Rose In 2021

56% of businesses experienced more supply chain disruptions in 2021 than 2020, a Hubs report reveals.

Last year was marked by a number of challenges, including computer chip shortages, port congestion, the ongoing impacts of COVID-19, logistics impediments, and energy crises, though with every hurdle faced, solutions are being sought. It is increasingly clear that while certain risks are hard to anticipate and difficult to plan for, it is possible to mitigate the effects of supply chain disruptions by establishing a robust and agile supply chain.

Over 98% of global companies are now planning to boost the resilience of their manufacturing supply chains, however, 37% have yet to implement any measures. As businesses develop long term strategies, over 57% of companies say diversification of their supply chains is the most effective way of building resilience. This report explores last year’s most disruptive events, how disruptions have changed over time, industry trends and strategies for strengthening manufacturing supply chains.

https://www.helpnetsecurity.com/2022/01/19/supply-chain-disruptions-2021/

Red Cross Begs Attackers Not to Leak Stolen Data for 515K People

A cyber attack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. UPDATE: The ICRC says it’s open to confidentially communicating with the attacker.

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director general of the International Committee for the Red Cross (ICRC), said in a release on Wednesday. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

https://threatpost.com/red-cross-begs-attackers-not-to-leak-515k-peoples-stolen-data/177799/

DHL Dethrones Microsoft As Most Imitated Brand In Phishing Attacks

DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.

This isn't surprising considering that the final quarter of every year includes the Black Friday, Cyber Monday, and Christmas shopping season, so phishing lures based on package deliveries naturally increase.

DHL is an international package delivery and express mail service, delivering over 1.6 billion parcels per year.

As such, phishing campaigns impersonating the brand have good chances of reaching people who are waiting for a DHL package to arrive during the holiday season.

The specific lures range from a package that is stuck at customs and requires action for clearance to supposed tracking numbers that hide inside document attachments or embedded links.

https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/

Threats

Ransomware

• New White Rabbit Ransomware Linked To FIN8 Hacking Group (bleepingcomputer.com)

• Conti Ransomware Gang Started Leaking Files Stolen From Bank Indonesia - Security Affairs

• This New Ransomware Comes With A Small But Dangerous Payload | ZDNet

• FBI Warning: This New Ransomware Makes Demands Of Up To $500,000 | ZDNet

• Experts Warn Of Attacks Using A New Linux Variant Of SFile Ransomware - Security Affairs

• SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack | Threatpost

• FBI Warns Organisations of Diavol Ransomware Attacks | SecurityWeek.Com

• Marketing Giant RRD Confirms Data Theft In Conti Ransomware Attack (bleepingcomputer.com)

• After Ransomware Arrests, Some Dark Web Criminals Are Getting Worried | ZDNet

BEC – Business Email Compromise

• Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group | SecurityWeek.Com

Phishing

• Phishing Impersonates Shipping Giant Maersk To Push STRRAT Malware (bleepingcomputer.com)

• #COVID19 Phishing Emails Surge 500% on Omicron Concerns - Infosecurity Magazine

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

Malware

• Microsoft Details Recent Damaging Malware Attacks on Ukrainian Organisations (darkreading.com)

• Custom-Written Malware Discovered Across Windows, MacOS, And Linux Systems | TechSpot

• Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

• Ukraine: Wiper Malware Masquerading As Ransomware Hits Government Organisations - Help Net Security

• Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware (thehackernews.com)

• Linux Malware Is On The Rise. Here Are Three Top Threats Right Now | ZDNet

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

• New MoonBounce UEFI Malware Used By Apt41 In Targeted Attacks (bleepingcomputer.com)

Data Breaches/Leaks

• Exposed Records Exceeded 40 Billion In 2021 - Help Net Security

• European Regulators Hand Out €1.1bn in GDPR Fines - Infosecurity Magazine

Organised Crime & Criminal Actors

• Financially Motivated Earth Lusca Threat Actors Targets Orgs Worldwide - Security Affairs

• A Hacker Is Negotiating With Victims on the Blockchain After $1.4M Heist (vice.com)

• FBI & European Police Take Down Computer Servers Used In Major Cyberattacks Worldwide - CNNPolitics

• Europol Shuts Down VPNLab, Cyber Criminals' Favourite VPN Service (thehackernews.com)

Cryptocurrency/Cryptomining/Cryptojacking

• 2FA Bypassed in $34.6M Crypto.com Heist | Threatpost

• Cyber Criminals Actively Target VMware vSphere with Cryptominers | Threatpost

• New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets (thehackernews.com)

• Cheap Malware Is Behind A Rise In Attacks On Cryptocurrency Wallets | ZDNet

Insider Risk and Insider Threats

• Research: Why Employees Violate Cyber Security Policies (hbr.org)

• What CISOs Can Learn About Insider Threats From Iran's Human Espionage Tactics | CSO Online

Fraud, Scams & Financial Crime

• How Buy Now, Pay Later Is Being Targeted By Fraudsters - Help Net Security

• Romance Scammer Who Targeted 670 Women Gets 28 Months In Jail – Naked Security (sophos.com)

Insurance

• Merck Awarded $1.4B Insurance Payout over NotPetya Attack | Threatpost

CNI, OT, ICS, IIoT and SCADA

• UK Mulls Making MSPs Subject To Mandatory Security Standards • The Register

• ‘Anomalous’ Spyware Stealing Credentials In Industrial Firms (bleepingcomputer.com)

• European Union Simulated A Cyber Attack On A Fictitious Finnish Power Company - Security Affairs

Nation State Actors

• Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure (thehackernews.com)

• Ukraine Cyber Attack Timeline: Microsoft, CISA, White House and Kyiv Statements - MSSP Alert

• Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks (thehackernews.com)

• Security Scanners Across Europe Tied To China Govt, Military | AP News

Cloud

• Attackers Use Public Cloud Providers To Spread RATs | CSO Online

Privacy

• UK.Gov's No Place To Hide campaign flops on launch • The Register

Passwords & Credential Stuffing

• Your Keyboard Walking Password Isn’t Complex Or Secure – Review Geek

• Box Flaw Allowed To Bypass MFA And Takeover Accounts - Security Affairs

Spyware, Espionage & Cyber Warfare

• Malware That Can Survive OS Reinstalls Strikes Again, Likely for Cyber Espionage | PCMag

Vulnerabilities

• CISA Adds 13 Exploited Vulnerabilities To List, 9 with Feb. 1 Remediation Date | ZDNet

• Microsoft RDP Vulnerability Makes It A Breeze For Attackers To Become Men-In-The-Middle - TechRepublic

• High-Severity Vulnerabilities Patched in McAfee Enterprise Product | SecurityWeek.Com

• Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM (thehackernews.com)

• A bug in McAfee Agent allows to run code with SYSTEM privileges - Security Affairs

• Zoho Fixes A Critical Vulnerability (CVE-2021-44757) in Desktop Central - Security Affairs

• Ubuntu Patch For Heap Buffer Overflow Vulnerability • The Register

• Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers (thehackernews.com)

• Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks (thehackernews.com)

• F5 Patches Two Dozen Vulnerabilities in BIG-IP | SecurityWeek.Com

• McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges | Threatpost

• Oracle Critical Patch Update for January 2022 will fix 483 new flaws - Security Affairs

• 20K WordPress Sites Exposed by Insecure Plugin REST-API | Threatpost

• Nasty Linux Kernel Bug Found And Fixed | ZDNet

• Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (thehackernews.com)

• Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks (thehackernews.com)

• Critical SAP Vulnerability Allows Supply Chain Attacks | SecurityWeek.Com

• Zoho Plugs Another Critical Security Hole In Desktop Central (bleepingcomputer.com)

• Safari Exploit Can Leak Browser Histories And Google Account Info | Engadget

Sector Specific

Financial Services Sector

• Singapore Pushed To Introduce Security Measures Amidst Online Banking Scams | ZDNet

Health/Medical/Pharma Sector

• More Than Half Of Medical Devices Found To Have Critical Vulnerabilities | ZDNet

• Additional Healthcare Firms Disclose Impact From Netgain Ransomware Attack | SecurityWeek.Com

Retail

• PCI SSC Updates Card Security Standards To Secure The Card Production Process - Help Net Security

Education and Academia

• Kids Won’t Stop Launching DDoS Attacks Against Their Schools | TechRadar

Other News

• Biggest MSP Takeaways From The Apache Log4j Vulnerability - MSSP Alert

• The Emotional Stages Of A Data Breach: How To Deal With Panic, Anger, And Guilt | CSO Online

• The Log4j Vulnerability Puts Pressure on the Security World | Threatpost

• Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes (thehackernews.com)

• BadUSB explained: How rogue USBs threaten your organisation | CSO Online

• Millions of UK Wi-Fi Routers Vulnerable To Security Threats - IT Security Guru

• NATO, Ukraine Sign Deal to 'Deepen' Cyber Cooperation | SecurityWeek.Com

• UK Umbrella Company Parasol Group Confirms Cyber Attack • The Register

• MPs Criticise Cyber Agency For Not Aiding China Rights Group After It Was Hacked | China | The Guardian

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.