Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

World Economic Forum and UN Warn of Growing ‘Cyber Insecurity’ Amid Heightened Threat Landscape

The World Economic Forum (WEF) and the United Nations (UN) have highlighted “cyber insecurity” as one of the most critical challenges facing organisations worldwide. A recent report reveals that over 80% of surveyed organisations feel more exposed to cyber crime than in the previous year, leading to calls for increased collaboration across sectors and borders to enhance business resilience. The study shows a growing gap in cyber resilience between organisations, with small and medium-sized enterprises facing declines of 30% in cyber resilience. Moreover, the cyber skills shortage continues to widen, with only 15% of organisations optimistic about improvements in cyber education and skills.

The report also underscores the impact of generative AI on cyber security, emphasising the need for ongoing innovation in digital security efforts. According to a separate report by the United Nations Office on Drugs and Crime, there has been a significant uptick in the use of large language model-based chatbots, deepfake technology, and automation tools in cyber fraud operations. These technologies pose a significant threat to the formal banking industry and require focused attention from authorities to counter their impact. The convergence of these trends underscores the urgency and complexity of the cyber security landscape.

Sources: [ITPro] [The Debrief]

Cyber Attacks Reveal Fragility of Financial Markets as Attacks on Financial Services Sector Surge

The financial sector is facing an increased risk from cyber attacks, with cyber security now being listed as the top systemic risk according to a Bank of England survey. Cyber attacks rose by 64% in 2023, with a shift towards AI-facilitated ransomware attacks and Vendor Email Compromise (VEC), which rose 137%, and Business Email Compromise (BEC) attacks, which rose by 71%, both of which exploit human error and pose a severe threat to the industry.

However, there is a lack of readiness by financial organisations to manage cyber attacks due to sophisticated attacks, talent shortages, and insufficient cyber defence investments. Ransomware incidents reported to the UK’s Financial Conduct Authority doubled in 2023, making up 31% of cyber incidents, up from 11% in 2022. The financial sector remains a prime target for cyber criminals, especially ransomware groups.

Sources: [ITPro] [Law Society] [Security Brief] [Financial Times]  [Infosecurity Magazine]

Researcher Uncovers One of The Biggest Password Dumps in Recent History

Researchers have found that nearly 71 million unique stolen credentials for logging into websites such as Facebook, Roblox, eBay, Coinbase and Yahoo have been circulating on the Internet for at least four months. The massive amount of data was posted to a well-known underground market that brokers sales of compromised credentials.

Whilst there is a large number of re-used passwords in the data dump, it appears to contain roughly 25 million new passwords and 70 million unique email addresses. This serves as a crucial reminder about properly securing accounts, such as not reusing passwords, using a password manager and securing accounts with multi factor authentication.

Source: [Ars Technica]

Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023

Email security remained at the forefront of cyber related issues for decision-makers, with over nine in ten (94%) having to deal with a phishing attack, according to email security provider Egress. The top three phishing techniques used in 2023 were malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts. 96% of targeted organisations were negatively impacted by these attacks, up 10% from the previous year.

Source: [Infosecurity Magazine]

75% of Organisations Hit by Ransomware in 2023

A recent report found that 75% of participants suffered at least one ransomware attack last year, and 26% were hit four or more times. The report noted that of the 25% who claimed to not have been hit, some could have been a victim but may not have the facilities to detect and therefore be aware as such. Ransomware remains a security threat and no organisation is immune.

Source: [Infosecurity Magazine]

The Dangers of Quadruple Blow Ransomware Attacks

With the introduction of new regulatory requirements like NIS 2.0 and changes to US Securities and Exchange Commission (SEC) statutes, organisations are now mandated to promptly report cyber incidents, sometimes with deadlines as tight as four days. However, attackers are evolving their tactics to exploit these regulations. They add a new level of coercion by threatening to report non-compliant organisations to the regulator, thereby increasing the pressure on their victims. This was first seen last year as a ransomware gang AlphV reported one of its victims, MeridianLink, to the SEC for failing to report a successful cyber attack.

This coercive strategy places immense pressure on companies, especially as they grapple with data encryption, data exfiltration, and public exposure threats. In response to these evolving threats and regulatory pressures, organisations must invest in cyber resilience. This enables them to effectively respond to attacks, communicate with regulators, and recover services promptly, ultimately fortifying their defences against future threats.

Source: [TechRadar]

Human Error and Insiders Expose Millions in UK Law Firm Data Breaches

UK law firms are falling victim to data breaches primarily because of insiders and human error, according to an analysis of data from the Information Commissioner’s Office (ICO). According to research, 60% of data breaches in the UK legal sector where the result of insider actions. In total, breaches led to the exposure of information of 4.2 million people. Often, even those organisations that implement measures to prevent breaches will still miss insider risk. Insider risk is not always malicious; it can also be negligence or due to a lack of knowledge, and it is important to protect against it.

Source: [Infosecurity Magazine]

It’s a New Year and a Good Time for a Cyber Security Checkup

2023 brought a slew of high-profile vulnerabilities and data breaches impacting various sectors, including healthcare, government, and education. Notable incidents included ransomware attacks, such as the MOVEit, GoAnywhere, and casino operator breaches, along with the exploitation of unpatched legacy vulnerabilities like Log4j and Microsoft Exchange. Furthermore, new regulatory requirements from the likes of the US Securities Exchange Commission (SEC), and state security and privacy laws, added to the complexity. As we enter 2024, it is crucial for organisations, regardless of size, to reassess their cyber security strategies, incorporating lessons learned and adapting to new requirements. Comprehensive cyber security programs encompass people, operations and technology, addressing the confidentiality, integrity, and availability of information.

Black Arrow can help with comprehensive and impartial assessments including gap analyses and security testing. These provide you with the objective assurance you need to understand whether your controls are providing you with your intended security and risk management.

Source: [JDSupra]

Applying the Tyson Principle to Cyber Security: Why Attack Simulations are Key to Avoiding Disaster

Mike Tyson’s famous adage “Everyone has a plan until they get punched in the face," is something we too often see in the world of security. When it comes to cyber security, preparedness is not just a luxury but a necessity. Far too often, unrealistic expectations in cyber defences create a false sense of security, leading to dire consequences when the reality of an attack hits. No-one wants to be testing their defences and implementing their response plan for the first time during a real incident.

In comes the benefit of incident and attack simulations: a reality check of your defences in a safe environment. Regular tabletop war-gaming exercises that simulate the fall out of an attack for senior leadership, can help to build muscle memory for when something does happen. They make sure everyone knows what to do, and crucially also not to do, when such an event happens for real. A deeper exercise would be a simulated attack that can be systematic and controlled, to mimic a real attacker and then adapted as attackers change their tactics, techniques, and procedures. From simulations, organisations can assess how their defences performed, applying insights and measuring and refining their defences for the event of a real attack.

Source: [The Hacker News]

Cyber Threats Top Global Business Risk Concern for 2024

Cyber related incidents, including ransomware attacks, data breaches and IT disruptions are the biggest concern for companies globally in 2024, according to a recent report by Allianz. The report highlights that these risks are a concern for businesses of all sizes, but the resilience gap between large and small companies is widening, “as risk awareness among larger organisations has grown since the pandemic with a notable drive to upgrade resilience.” Smaller businesses lack the time and resources that larger organisations have available, and as such need to carefully select and prioritise their resilience efforts.

Source: [Insurance Journal]

Generative AI has CEOs Worried About Cyber Security, PwC Survey Says

A recent PwC global survey found that when it comes to generative AI risks, 64% of CEOs said they are most concerned about its impact on cyber security, with over half of the total interviewed stating concerns about generative AI spreading misinformation in their company.  When we think of generative AI, we often worry about outside risk and the impact it can have for attackers, but the risk can also be internal, with things such as accidental disclosure by employees to unregulated generative AI. There is a necessity for organisations to govern the usage of AI in their corporate environment, to prevent such risks.

Source: [Quartz]

With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too

As the threat landscape continues to evolve, the cyber insurance market is experiencing significant changes that will impact businesses in the coming months with experts predicting that cyber insurance costs are on the verge of an upward trend. The COVID-19 pandemic and the shift to remote work and the cloud disrupted the cyber insurance market, leading to rising costs and reduced coverage options. In 2022, a temporary respite saw lower premiums, but 2023 has seen a resurgence in attacker activity, making it a challenging year for insurers. Cyber insurance remains a critical component of risk management, with the industry expected to continue growing despite higher rates. For businesses, understanding the evolving landscape of cyber insurance and ensuring adequate coverage is crucial in the face of escalating cyber threats.

Source: [Dark Reading]

Digital Resilience: a Step Up from Cyber Security

In today's digital landscape, the focus on digital resilience is paramount for organisations. While cyber security has garnered attention, digital resilience is the new frontier. Digital resilience involves an organisation's ability to maintain, adapt, and recover technology-dependent operations. As we increasingly rely on digital technology and the internet of things, understanding the critical role of technology in core business processes is vital. It goes beyond cyber security, encompassing change management, business resilience, operational risk, and competitiveness. Digital resilience means being ready to adopt new technology and swiftly recover from disruptions. Recognising its value and managing it at the senior level is crucial for long-term success in our rapidly evolving digital world. Moreover, amid a rising number of cyber attacks, addressing the statistic that only 18% of UK businesses provided cyber security training to employees last year is essential. Bridging this knowledge gap through cyber hygiene, a culture of cyber security, and robust safety measures will strengthen an organisation's cyber resilience against evolving threats.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Sources: [CSO Online] [Financial Times]

Governance, Risk and Compliance

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Cyber Threats Top Global Business Risk Concern for 2024: Allianz (insurancejournal.com)

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• JPMorgan suffers 45bn cyber attacks a day (ft.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Generative AI has CEOs worried about cyber security, PwC survey says (qz.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• It’s a New Year and a Good Time for a Cyber Security Checkup | Clark Hill PLC - JDSupra

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Financial organisations remain in cyber criminals' crosshairs (emergingrisks.co.uk)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• How to Recover After Failing a Cyber Security Audit - Security Boulevard

• Businesses Lack Confidence Overcome Cyber Attacks | Silicon UK

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

• Security considerations during layoffs: Advice from an MSSP - Help Net Security

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• How to improve cyber resilience across your workforce (ft.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 75% of Organisations Hit by Ransomware in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• UK finance firms faced a torrent of ransomware attacks in 2023 as threat actors ramped up activities | ITPro

• Veeam Data Protection Trends Report 2024 Finds Cyber Attacks the #1 Cause of Business Outages | Business Wire

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion (thehackernews.com)

• The Top 10 Ransomware Groups of 2023 - Security Boulevard

• 3 Ransomware Group Newcomers to Watch in 2024 (thehackernews.com)

• Ransomware causes mental, physical trauma to security pros • The Register

• The dangers of quadruple blow ransomware attacks | TechRadar

• Ransomware: how financial institutions can prepare to react quickly through regulatory compliance (finextra.com)

• Ransomware: To Pay or Not to Pay — What the Experts Say | MSSP Alert

• Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot - Help Net Security

• Outsmarting Ransomware’s New Playbook - SecurityWeek

• TeamViewer abused to breach networks in new ransomware attacks (bleepingcomputer.com)

• Ransomware negotiation: When cyber security meets crisis management - Help Net Security

Ransomware Victims

• Ransomware gang targets nonprofit providing clean water to world’s poorest (therecord.media)

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• British Library to share learning from cyber attack - Museums Association

• British Library starts restoring services online after hack - BBC News

• British cosmetics firm Lush confirms cyber attack (therecord.media)

• Delay to Manx Care dental services after cyber attack - BBC News

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Majorca city Calvià extorted for $11M in ransomware attack (bleepingcomputer.com)

• A key part of Foxconn has been hit by the Lockbit ransomware | TechRadar

• Kansas State University cyber attack disrupts IT network and services (bleepingcomputer.com)

Phishing & Email Based Attacks

• Microsoft warns of new spearphishing attack targeting workers at top companies | TechRadar

• Email Nightmare: 94% of Firms Hit by Phishing Attacks in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Vendor Email Attacks Surged by 137% in Financial Sector in 2023 - Infosecurity Magazine (infosecurity-magazine.com)

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• US Secret Service court documents reveal new tactics in antivirus renewal phishing scam | TechRadar

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• Waiting for Your Pay Raise? Cofense Warns Against HR-Related Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• US court docs expose fake antivirus renewal phishing tactics (bleepingcomputer.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

• Shipping-Themed Emails: Not Just for The Holidays - Security Boulevard

Artificial Intelligence

• AI driven cyber threats loom over business in the year ahead says report (emergingrisks.co.uk)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• How cyber criminals are using AI to attack targets faster - Insurance Post (postonline.co.uk)

• Adversaries exploit trends, target popular GenAI apps - Help Net Security

• The Dual Role AI Plays in Cyber Security: How to Stay Ahead (bleepingcomputer.com)

• The power of AI in cyber security - Help Net Security

• Flipping the BEC funnel: Phishing in the age of GenAI - Help Net Security

• AI Could Make Cyber Threats Harder to Detect (newswise.com)

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

2FA/MFA

• Senators want to know why the SEC’s X account wasn’t secured with MFA (engadget.com)

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

Malware

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Updated Atomic Stealer malware emerges | SC Media (scmagazine.com)

• Data-theft malware exploits Windows Defender SmartScreen • The Register

• Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk | TechRadar

• MacOS info-stealers quickly evolve to evade XProtect detection (bleepingcomputer.com)Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• Remcos RAT Spreading Through Adult Games in New Attack Wave (thehackernews.com)

• Botnet activity surges as criminals get braver - can your business stand strong? | TechRadar

• JinxLoader Malware: Next-Stage Payload Threats Revealed - Security Boulevard

• $80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell (darkreading.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Mobile

• 5 malware mistakes most people make while traveling and trying to charge (nypost.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Denial of Service/DoS/DDOS

• Environmental Websites Hit by DDoS Surge in COP28 Crossfire - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Your washing machine could be sending 3.7 GB of data a day — LG washing machine owner disconnected his device from Wi-Fi after noticing excessive outgoing daily data traffic | Tom's Hardware (tomshardware.com)

• Bigpanzi botnet infects 170,000 Android TV boxes with malware (bleepingcomputer.com)

• Modernising print security for today’s working world | TechRadar

• Securing Public Sector Against IoT Malware in 2024 - Security Boulevard

Data Breaches/Leaks

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Insufficient cyber security caused PSNI data breach  (iapp.org)

• Cyber Attack On Insurer Compromised Over 64K, Suit Says - Law360

• Modular laptop maker Framework contacts customers after phishing scheme hooks internal spreadsheet packed with personal data | Tom's Hardware (tomshardware.com)

• Email threats to patients escalate after Fred Hutch cyber attack | The Seattle Times

Organised Crime & Criminal Actors

• Just ten groups were responsible for nearly half of all cyber attacks last year | TechRadar

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Threat Actors Team Up for Post-Holiday Phishing Email Surge (darkreading.com)

• GitLab Releases Updates to Address Critical Vulnerabilities (darkreading.com)

• Stupid Human Tricks: Top 10 Cyber Crime Cases of 2023 - Security Boulevard

• Illegal online casinos spread crypto-crime across Asia • The Register

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• Organised Crime is Leveraging Artificial Intelligence and Cryptocurrencies, Concerning New UN Report Says - The Debrief

• Hacker spins up 1 million virtual servers to illegally mine crypto (bleepingcomputer.com)

• Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine (infosecurity-magazine.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024 - Infosecurity Magazine (infosecurity-magazine.com)

• Illegal online casinos spread crypto-crime across Asia • The Register

Insider Risk and Insider Threats

• Human Error and Insiders Expose Millions in UK Law Firm Data Breaches - Infosecurity Magazine (infosecurity-magazine.com)

• Preventing insider access from leaking to malicious actors - Help Net Security

Insurance

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Re-writing the underwriting story: How to navigate the complexities of modern risks (allianz.com)

• Fighting ransomware: A guide to getting the right cyber security insurance | SC Media (scmagazine.com)

Supply Chain and Third Parties

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Capita hits back as pension holders look to sue over Russian-linked cyber attack (yahoo.com)

• Improving Supply Chain Security, Resiliency (informationweek.com)

• Key Considerations for Successful Cyber Security Supply Chain Risk Management (C-SCRM) - Security Boulevard

Cloud/SaaS

• Insurance website's buggy API leaked Office 365 password • The Register

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• 3 ways to combat rising OAuth SaaS attacks - Help Net Security

• FBI: Beware of cloud-credential thieves building botnets • The Register

• Weaponised AWS SES Accounts Anchor Massive Stealth Attack (darkreading.com)

Identity and Access Management

• Digital nomads amplify identity fraud risks - Help Net Security

Encryption

• New Report Charts Roadmap To A Quantum-Secure Financial System – Eurasia Review

Passwords, Credential Stuffing & Brute Force Attacks

• Researcher uncovers one of the biggest password dumps in recent history | Ars Technica

• GitHub scrambles to rotate keys after credentials in production containers were potentially exposed | ITPro

• Insurance website's buggy API leaked Office 365 password • The Register

• FBI: Beware of cloud-credential thieves building botnets • The Register

Social Media

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

Malvertising

• Latest Adblock update causes massive YouTube performance hit (bleepingcomputer.com)

Training, Education and Awareness

• The right strategy for effective cyber security awareness - Help Net Security

• Before starting your 2024 security awareness program, ask these 10 questions - Security Boulevard

• How to improve cyber resilience across your workforce (ft.com)

Regulations, Fines and Legislation

• Senators Demand Probe into SEC Hack After Bitcoin Price Spike - Infosecurity Magazine (infosecurity-magazine.com)

• As hacks worsen, SEC turns up the heat on CISOs | TechCrunch

• IT consultant in Germany fined for exposing shoddy security • The Register

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

• Why the US Needs Comprehensive Cyber Security Legislation - Security Boulevard

• Home improvement marketers dial up trouble from regulator • The Register

Models, Frameworks and Standards

• 10 cyber security frameworks you need to know about - Help Net Security

• NIST Offers Guidance on Measuring and Improving Your Company’s Cyber Security Program | NIST

Backup and Recovery

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

Data Protection

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• Data regulator fines HelloFresh £140K for sending 80M+ spams • The Register

• Norton Rose Fulbright’s 19th Annual Litigation Trends Survey reveals heightened risk around cyber security and data protection amid AI boom (globenewswire.com)

Careers, Working in Cyber and Information Security

• Ransomware causes mental, physical trauma to security pros • The Register

• Protecting the protectors: combating stress in the cyber security industry | The Independent

• Best practices to mitigate alert fatigue - Help Net Security

• Universities not delivering the right skills for cyber security (betanews.com)

Law Enforcement Action and Take Downs

• 29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services (thehackernews.com)

• A Look at UK Domain and IP Address Seizures in the Criminal Justice Bill - ISPreview UK

Misinformation, Disinformation and Propaganda

• Staying cyber secure in the age of misdirection | The Independent

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Election Security 2024: Biggest Cyber Threats and Practical Solutions - Infosecurity Magazine (infosecurity-magazine.com)

• OODA Loop - Elections Are Coming: Time to Sound Misinformation’s Clarion Call… Again

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• Cyberwar continues to underperform (reason.com)

Nation State Actors

China

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Stealthy New macOS Backdoor Hides on Chinese Websites (darkreading.com)

• Feds warn China-made drones pose risk to US critical infrastructure | SC Media (scmagazine.com)

• China warns of AirDrop de-anonymisation flaw • The Register

Russia

• FBI Warns of More Election Chaos in 2024 (darkreading.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• Cyber Attack on Ukraine’s largest telecom provider will cost it about $100 million (therecord.media)

• Russia finds way around sanctions on battlefield tech: report – POLITICO

• Moscow imports a third of battlefield tech from western companies (ft.com)

• Prolific Russian hacking unit using custom backdoor for the first time | CyberScoop

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

Iran

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Threat-hunter says Iran is stepping up the sophistication of its cyber attacks (therecord.media)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• World Economic Forum warns of growing ‘cyber insecurity’ amid heightened threat landscape | ITPro

• Geopolitical tensions combined with technology will drive new security risks - Help Net Security

• Ukrainian hackers successfully attack payment website of one of Russia's regional energy companies (yahoo.com)

• Israeli civil servants' personal data latest casualty Iranian cyber war - The Jerusalem Post (jpost.com)

• Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos (securityaffairs.com)

• New Tool Identifies Pegasus and Other iOS Spyware - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Why we must bring order to cyber vulnerability chaos | TechRadar

Vulnerabilities

• CISA: Critical SharePoint vuln is under active exploitation • The Register

• Ivanti Connect Secure zero-days now under mass exploitation (bleepingcomputer.com)

• Juniper warns of critical RCE bug in its firewalls and switches (bleepingcomputer.com)

• Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (securityaffairs.com)

• VMware Urges Customers to Patch Critical Aria Automation Vulnerability  - SecurityWeek

• Zero-Day Alert: Update Chrome Now to Fix New Actively Exploited Vulnerability (thehackernews.com)

• Two more Citrix NetScaler bugs exploited in the wild • The Register

• Atlassian warns of critical RCE flaw in older Confluence versions (bleepingcomputer.com)

• Millions of GPUs from Apple, AMD and Qualcomm have a serious security flaw — and it could put literally all your data at risk if it isn't fixed | TechRadar

• End-of-life Cisco routers targeted by China’s Volt Typhoon group (therecord.media)

• Apple Magic Keyboards are at risk from security attacks – update now to protect your Mac or iPad | TechRadar

• Windows 10 security update requires some major changes - experts only need apply | TechRadar

• GitLab Patches Critical Password Reset Vulnerability - SecurityWeek

• Balada Injector continues to infect thousands of WordPress sites (securityaffairs.com)

• Vulnerabilities Expose PAX Payment Terminals to Hacking - SecurityWeek

• Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins - SecurityWeek

• Most older iPhones, Macs, and iPads are vulnerable to GPU flaw (appleinsider.com)

• New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling | Ars Technica

• China warns of AirDrop de-anonymisation flaw • The Register

• Drupal Releases Security Advisory for Drupal Core | CISA

• Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise - Infosecurity Magazine (infosecurity-magazine.com)

• Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows (thehackernews.com)

Tools and Controls

• Akira ransomware attackers are wiping NAS and tape backups - Help Net Security

• Underwriters concerned about ransomware and supply-chain attacks: Woodruff Sawyer - Reinsurance News

• Munich Re secures cyber war exclusions at 1.1 as wording tension dissipates | Insurance Insider

• How to improve your organisation's cyber hygiene score | World Economic Forum (weforum.org)

• With Attacks on the Upswing, Cyber Insurance Premiums Poised to Rise Too (darkreading.com)

• Digital resilience – a step up from cyber security | CSO Online

• If you don’t already have a generative AI security policy, there’s no time to lose | CSO Online

• Key elements for a successful cyber risk management strategy - Help Net Security

• Preventing insider access from leaking to malicious actors - Help Net Security

• Applying the Tyson Principle to Cyber Security: Why Attack Simulation is Key to Avoiding a KO (thehackernews.com)

• Over 90 percent of organisations set to increase data protection spending (betanews.com)

• As Enterprise Cloud Grows, So Do Challenges (darkreading.com)

• Best practices to mitigate alert fatigue - Help Net Security

• Modernising print security for today’s working world | TechRadar

• APIs in peril: Wallarm's latest report exposes uptick in API attacks and highlights security predictions for 2024 | Business Wire

• MFA Spamming and Fatigue: When Security Measures Go Wrong (thehackernews.com)

• Cyber incident response impaired by stress | SC Media (scmagazine.com)

• Effective Incident Response Relies on Internal and External Partnerships (darkreading.com)

• InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defence (darkreading.com)

• Digital nomads amplify identity fraud risks - Help Net Security

• Out with the old and in with the improved: MFA needs a revamp - Help Net Security

• The right strategy for effective cyber security awareness - Help Net Security

• SOC-as-a-Service: The Five Must-Have Features - Security Boulevard

Other News

• Post Office scandal latest: MPs 'shocked' by evidence from Fujitsu and Post Office boss - as victims Alan Bates and Jo Hamilton say they were 'gaslit' | UK News | Sky News

• Post Office syndrome: why we’re more vulnerable than ever to Horizon-like computer systems | The Independent

• What’s on the Smartest Cyber Security Minds for 2024? (cybereason.com)

• How news organisations became a prime target for cyber attacks (pressgazette.co.uk)

• UK doubles spending on overseas cyber security projects (ft.com)

• Huge boost for global security with almost £1 billion government investment - GOV.UK (www.gov.uk)

• NCSC Builds New “Cyber League” Threat Tracking Community - Infosecurity Magazine (infosecurity-magazine.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• UK, US Intelligence Agencies Warn Managed Service Providers, including External IT Providers, Are Now Prime Targets for Cyber Attacks

The Five Eyes coalition of international cyber security authorities, this week issued an advisory to warn managed service providers (MSPs), including external IT providers, of an escalating threat of attack from both everyday cyber criminals and state-sponsored threat actors.

MSPs provide or operate information and communications technology services.

With input from cyber security leaders from Australia, Canada, New Zealand, the UK and the US, the NSA provided recommendations to help bolster their cyber defences, including:

• Finding and disabling dormant accounts.

• Implementing and enforcing multifactor authentication on accounts.

• Ensuring contracts clearly map out who owns and is responsible for securing data.

Malicious actors are targeting MSPs to break into their customers' networks and deploy ransomware, steal data, and spy on them, the Five Eyes authorities have formally warned in a joint security alert.

"The UK, Australian, Canadian, New Zealand, and US cyber security authorities expect malicious cyber actors — including state-sponsored advanced persistent threat (APT) groups — to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the alert warned.

These types of supply-chain or "island-hopping" attacks can prove very lucrative for cyber criminals because once they break into an MSP, they gain access to all of the customers' networks and data being managed, and in turn commit computer crimes and fraud against those customers' customers.

https://www.darkreading.com/attacks-breaches/nsa-warns-managed-service-providers-are-now-prime-targets-for-cyberattacks

• Wannacry – 5 Years On, 68% Of Enterprises Are Still at Risk

5 years on from one of the world’s most damaging ransomware attacks, research from network detection and response leader ExtraHop has found that 68% of enterprises are still running insecure protocol that were exploited by the North Korean ransomware.

The events of 12 May 2017 live on in cyber security lore. WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale – from downtime to ransom paid to reputational damage. Yet despite the danger, huge numbers of organisations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.

https://informationsecuritybuzz.com/expert-comments/wannacry-5-years-on-68-of-enterprises-are-still-at-risk/

• You Can’t Eliminate Cyber Attacks, So Focus on Reducing the Blast Radius

Given it is impossible to prevent all cyber attacks, many organisations should look to reduce the size of the company’s attack surface and the limit the “blast radius” of a potential attack.

There is a danger that the biggest risk concerning cyber attacks is that we’re becoming desensitised to them. After all, businesses experience a ransomware attack every 11 seconds—the majority of which the public never hears about. Faced with this reality, it may seem like efforts to safeguard the enterprise are futile. But that’s all the more reason to strengthen your resolve—and switch up your cyber defence strategy.

The core of this strategy should be the concept of “reducing the blast radius” of an attack, and since you can’t completely eliminate cyber attacks, you need to take steps to contain the impact.

This strategy should contain basic blocking and also consider things such as Zero Trust for remote access, traffic inspection, software-based micro-segmentation and other practical measures to reduce your attack surface.

https://threatpost.com/cyberattacks-blast-radius/179612/

• Just In Time? Bosses Are Finally Waking Up to The Cyber Security Threat

Boardrooms have a reputation for not paying much attention to cyber security, but it could be that executives are finally keen to take more interest in securing the systems and networks their businesses rely on.

Senior figures from American, British and Australian cyber security agencies have said that business execs are now more aware of cyber threats and are actively engaging with their chief information security officer (CISO) and information security teams.

Chief execs are starting to ask their CISOs the right questions, rather than leaving them to it because they don't have to understand complex technology. It does feel like a much more engaging strategic conversation, but there can still be a disconnect between knowing what needs to happen, then actually budgeting for and implementing a cyber security strategy.

https://www.zdnet.com/article/just-in-time-bosses-are-finally-waking-up-to-the-cybersecurity-threat/

• Most Organisations Hit by Ransomware Would Pay Up If Hit Again

Almost nine in 10 organisations that have suffered a ransomware attack would choose to pay the ransom if hit again, according to a new report, compared with two-thirds of those that have not experienced an attack.

The findings come from a report titled "How business executives perceive ransomware threat" by security company Kaspersky, which states that ransomware has become an ever-present threat, with 64 percent of companies surveyed already having suffered an attack, but more worryingly, that executives seem to believe that paying the ransom is a reliable way of addressing the issue.

The report is based on research involving 900 respondents across North America, South America, Africa, Russia, Europe, and Asia-Pacific. The respondents were in senior non-IT management roles at companies between 50 and 1,000 employees.

Kaspersky claims that in 88 percent of organisations that have had to deal with a ransomware incident, business leaders said they would choose to pay the money if faced with another attack. In contrast, among those that have not so far suffered a ransomware attack, only 67 percent would be willing to pay, and they would be less inclined to do so immediately.

https://www.theregister.com/2022/05/13/organizations_pay_ransomware/

• 31,000 FTSE 100 Logins Found on Dark Web

Researchers with Outpost24 are reporting over 31,000 corporate credentials for many of the UK’s leading FTSE 100 firms on the dark web. These are the 100 biggest companies listed on the London Stock Exchange by market capitalisation. The researchers used their threat monitoring and auditing tool Blueliv to search dark web sites for the breached credentials.

Key findings from stolen and leaked credentials study:

• The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web

• 31,135 total stolen and leaked credentials detected for FTSE 100 companies, with 38% disclosed on the underground in the past 12 months

• Nearly half (42%) of FTSE 100 companies have more than 500 compromised credentials exposed on the dark web

• Up to 20% of credentials are stolen via malware infection and stealers

• 11% disclosed in the last 3 months (21% in the last 6 months and over 68% have been exposed for over 12 months)

• Over 60% of stolen credentials came from 3 industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%)

• IT/Telecoms industry is the most at risk with the highest total amount (7,303) and average stolen credentials per company (730), they are most affected by malware infection and have the most amount of stolen credentials disclosed in the last 3 months

• On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they found themselves increasingly in the cyber criminals’ crosshairs since the pandemic.

https://informationsecuritybuzz.com/expert-comments/31000-ftse-100-logins-found-on-dark-web/

• Ransomware: How Executives Should Prepare Given the Current Threat Landscape

As the number of ransomware attacks continue to increase, the response at C-level must be swift and decisive.

Top executives are increasingly dreading the phone call from their fellow employee notifying them that their company has been hit by a cyber attack. Nearly every week in 2021 and early 2022, a prominent organisation has been in the media spotlight as their public relations team struggles to explain how they were attacked and how they can regain consumer confidence. A recent survey showed that 37 percent of organisations surveyed had been affected by ransomware attacks in the last year.

Worse, the days when executive leadership teams could fully delegate responsibility to a CISO are over. Regardless of reality, surveys have shown that about 40 percent of the public perception of fault for a ransomware attack lands squarely on the CEO’s shoulders, and that 36 percent of attacks result in the loss of C-level talent. While executive involvement in the security program does not guarantee a successful defence, it does give the executive leadership team (ELT) a degree of ownership of the final product, as well as the ability to speak confidently and knowledgeably to the public.

https://www.techrepublic.com/article/ransomware-how-executives-should-prepare-given-the-current-threat-landscape/

• What Your Cyber Insurance Application Form Can Tell You About Ransomware Readiness

The annual cyber insurance application form shows what the carriers think you should be doing to best prevent and recover from ransomware attacks. Pay attention.

If it’s the time of year for you to fill out the annual cyber insurance policy application, you will see how the focus for insurance firms is changing. Each year you can get an insight into what insurance vendors are using to rate the risks and threats to your business and what they are stressing firms should have in place as best practice or what they are expecting you should have in place as a baseline set of controls. Not having them in place could affect insurance rates, whether you are able to get cyber coverage at all, or crucially whether they would pay out in the event of you having to make a claim.

This year you might find more questions specifically around ransomware prevention techniques and protections, from Multi Factor Authentication (MFA) to Endpoint Detection and Response (EDR), and email filtering protections to the robustness of your backups.

Make sure to review your cyber insurance policy and its related questionnaire. And ask whether you are doing everything you can to protect your firm and tailoring your actions to align with what your insurance provider has deemed as a best practice.

https://www.csoonline.com/article/3659831/what-your-cyber-insurance-application-form-can-tell-you-about-ransomware-readiness.html#tk.rss_news

• NCSC Shut Down 2.7 Million Scams in 2021

The UK National Cyber Security Centre (NCSC) removed 2.7 million online scams last year, it was revealed this week, four times as many scams compared to 2020.

The announcement comes as the security agency shared the most recent data from its Active Cyber Defence initiative at the CYBERUK summit earlier in the week.

According to the NCSC, neutralised scams included fake celebrity endorsements and spoof extortion emails.

It has also been revealed that fraud campaigns used common themes, with NHS vaccines and vaccine passports being particularly popular.

Some cyber criminals even posed as NCSC CEO Lindy Cameron – victims received an email claiming the NCSC had prevented £5m of their money from being stolen, and were urged to supply personal information to retrieve the funds.

https://www.itsecurityguru.org/2022/05/10/ncsc-shut-down-2-7-million-scams-in-2021/

• Security Threats Targeting Remote Workers

Remote work offers great benefits, like reduced commute time, increased freedom, and more time to spend with loved ones. But there can be security downsides if sufficient controls are not in place to protect remote workers against the digital threats that come with working via unsecured connections.

Being on a home network lacks the layered network security of the company environment. Remote work itself is not new, but the dramatic shift to working from home over the past two years means there are more security-naive people who are not in the office.

Not all security threats are the fault of technology. Much of it also comes from human error.

Remote work greatly exacerbates human-activated risk, and people are working in more distracting environments where they may have to answer the door for deliveries or might multitask with household chores. That means mistakes are more likely to happen, like sending an email to the wrong recipient or falling for a malicious email attack.

Recent research by Egress found that 77% of IT leaders said they have seen an increase in security compromises since going remote two years ago.

https://www.darkreading.com/endpoint/top-6-security-threats-targeting-remote-workers

• Password Reuse Is Rampant Among Employees in All Sectors

SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications.

Drawing on a database of over 200 billion recaptured assets, researchers identified over 687 million exposed credentials and PII tied to Fortune 1000 employees, a 26% increase from last year’s analysis.

Analysis of this data showed a 64% password reuse rate, widespread use of easy-to-guess passwords, and a spike in malware-infected devices –– all sources of cyber risk for both employers and consumers who rely on businesses to safeguard their personal data. With remote work blurring the lines between work and personal device use, a larger attack surface compounds the risk of cyber attacks proliferating beyond compromised employee and consumer identities to penetrate corporate networks.

https://www.helpnetsecurity.com/2022/05/11/fortune-1000-identity-exposure/

Threats

Ransomware

• Costa Rica Shows the Damage Ransomware Can Do to a Country - The Washington Post

• Ransomware-as-a-Service: Understanding The Cyber Crime Gig Economy And How To Protect Yourself - Microsoft Security Blog

• Ransomware Works Fast, You Need to Be Faster To Counter It - Help Net Security

• A Closer Look At Today’s Ransomware Attack Landscape - MSSP Alert

• Ransomware Is a National Security Threat, So Please Tell Us About Attacks, Says Government | ZDNet

• 5 Years That Altered the Ransomware Landscape (darkreading.com)

• Colonial Pipeline Faces Nearly $1m Fine After Ransomware • The Register

• These Ransomware Attackers Sent Their Ransom Note to The Victim's Printer | ZDNet

• New Malware Samples Indicate Return of REvil Ransomware | SecurityWeek.Com

• How to Avoid Falling Victim to PayOrGrief's Next Rebrand (darkreading.com)

• Examining the Black Basta Ransomware’s Infection Routine (trendmicro.com)

Phishing & Email Based Attacks

• Novel Phishing Trick Uses Weird Links to Bypass Spam Filters | Threatpost

• New Email Security Tool Launched to Help Organisations Check Their Defences - NCSC.GOV.UK

• TA578 Using Thread-Hijacked Emails to Push ISO Files For Bumblebee Malware - SANS Internet Storm Center

Malware

• Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks | Threatpost

• Low-rent Remote Access Trojan (RAT) Worries Researchers | Threatpost

• Eternity Malware Kit Offers Stealer, Miner, Worm, Ransomware Tools (bleepingcomputer.com)

• It costs $7 to Rent DCRat Malware to Backdoor Your Network • The Register

• Shopping For Malware: $260 Gets You a Password Stealer... • The Register

• Microsoft: Sysrv Botnet Targets Windows, Linux Servers with New Exploits (bleepingcomputer.com)

• Google Drive Emerges as Top App For Malware Downloads - Help Net Security

• Stealthy Linux Implant BPFdoor Compromised Organizations Globally For Years | CSO Online

• Malware Builder Leverages Discord Webhooks | Threatpost

• Malware Attacks Getting More Regional, Claims Netskope • The Register

• 5-Buck DCRat Malware Foretells a Worrying Cyber Future (darkreading.com)

• Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service | Threatpost

• German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)

Data Breaches/Leaks

• PII Of 21M SuperVPN, GeckoVPN Users Leaked On Telegram - Information Security Buzz

• Victims of Horizon Actuarial Data Breach Exceed 1M (techtarget.com)

Organised Crime & Criminal Actors

• Crypto Robber Who Lured Victims Via Snapchat and Stole £34,000 Jailed (bleepingcomputer.com)

• NCSC Shut Down 2.7 Million Scams in 2021- IT Security Guru

• Crook Jailed for Selling Stolen Credentials On Dark Web • The Register

• UK Government Hackers Destroyed Hundreds of Thousands of Stolen Credit Card Details Held By Criminals | Science & Tech News | Sky News

• US Agrees to International Electronic Cyber Crime Evidence Swap (darkreading.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

• NFT Scams, Toxic ‘Mines’ And Lost Life Savings: The Cryptocurrency Dream Is Fading Fast | David A Banks | The Guardian

• NFTs Emerge as the Next Enterprise Attack Vector (darkreading.com)

• Fake Binance NFT Mystery Box Bots Steal Victim's Crypto Wallets (bleepingcomputer.com)

• Possible $1 Billion Crypto Ponzi Scheme Probed by Tax Investigators - Bloomberg

Insider Risk and Insider Threats

• Angry IT Admin Wipes Employer’s Databases, Gets 7 Years in Prison (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• How Can Your Business Defend Itself Against Fraud-as-a-Service? (darkreading.com)

• Scammers Impersonate Britain’s Top Cyber Crime Chief in Fake £5m Heist (telegraph.co.uk)

• Caramel Credit Card Stealing Service Is Growing in Popularity (bleepingcomputer.com)

• Hackers Are Exploiting WordPress Themes, Plugins to Hawk Scams (gizmodo.com)

• Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites (thehackernews.com)

Insurance

• Multi-Factor Authentication: A Key to Cyber Risk Insurance Coverage (tripwire.com)

• How Cyber Liability Insurance Can Help Protect Your Business Reputation - MSSP Alert

Supply Chain and Third Parties

• Five Eyes Urges Organisations to Secure Supply Chains - IT Security Guru

Denial of Service DoS/DDoS

• Why Are DDoS Attacks So Easy to Launch and So Hard to Defend Against? - Help Net Security

Cloud

• The SaaS-to-SaaS Supply Chain Is a Wild, Wild Mess - Help Net Security

Open Source

• Tech Giants Pledge Multimillion Down Payment to Secure Open Source | Cybersecurity Dive

Travel

• Historic Hotel Stay, Complementary Emotet Exposure included (bleepingcomputer.com)

Parental Controls and Child Safety

• Europe Proposes Tackling Child Abuse by Killing Encryption • The Register

Cyber Bullying and Cyber Stalking

• Another ex-eBay Exec Pleads Guilty to Cyber Stalking Critics • The Register

Regulations, Fines and Legislation

• India’s Battle with Pegasus Tells a Bigger Tale Of Tech Laws • The Register

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Wars Start in Cyberspace Well Before Shots Are Fired • The Register

• #CYBERUK22: Cyber Trends from the Russia-Ukraine War - Infosecurity Magazine

• US Pledges to Help Ukraine Keep the Internet and Lights On (darkreading.com)

• Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers (darkreading.com)

• Chinese CCTV Cameras On Our Streets Have Hidden Microphones That Could Be Spying on You (telegraph.co.uk)

• Spain’s Spy Chief Sacked Over Pegasus Scandal - Infosecurity Magazine

• OpRussia Update: Anonymous Breached Other Organizations - Security Affairs

• Pro-Russian Hacktivists Target Italy Government Websites - Security Affairs

Nation State Actors

Nation State Actors – Russia

• Russian Hackers Targeting Opponents Of Ukraine Invasion, Warns GCHQ Chief | Hacking | The Guardian

• Western Intelligence Blames Russia for Europe-Wide Cyber Attack - Infosecurity Magazine

• State Department Says Russian Cyber War Against Ukraine Began in January | The Independent

• Ukraine War: Don’t Underestimate Russia Cyber-Threat, Warns US - BBC News

Nation State Actors – China

• Experts Uncovered a New Wave Of Attacks Conducted By Mustang Panda - Security Affairs

• China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert

Nation State Actors – Iran

• Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (thehackernews.com)

• Iran-Linked OilRig APT Caught Using New Backdoor | SecurityWeek.Com

• Iran-linked COBALT MIRAGE Group Uses Ransomware in Its Operations - Security Affairs

Vulnerability Management

• US Cyber Boss Wants Software Patches to Be Like Car Recalls • The Register

Vulnerabilities

• Critical F5 BIG-IP Vulnerability Exploited to Wipe Devices (bleepingcomputer.com)

• Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack - Security Affairs

• Adobe Warns of 'Critical' Security Flaws in Enterprise Products | SecurityWeek.Com

• Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning (darkreading.com)

• Intel Emits Raft of Firmware Patches For Security Flaws • The Register

• Actively Exploited Zero-Day Bug Patched by Microsoft | Threatpost

• Hundreds of Thousands of Konica Printers Vulnerable to Hacking via Physical Access | SecurityWeek.Com

• HP Fixes Bug Letting Attackers Overwrite Firmware in Over 200 Models (bleepingcomputer.com)

• Zyxel Fixes Firewall Flaws That Could Lead to Hacked Networks (bleepingcomputer.com)

• Microsoft Releases Fixes for Azure Flaw Allowing RCE Attacks (bleepingcomputer.com)

• Researchers Find Flaws in Word, PDF Script Handling • The Register

• SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices (thehackernews.com)

• Microsoft: May Windows Updates Cause AD Authentication Failures (bleepingcomputer.com)

Sector Specific

Health/Medical/Pharma Sector

• Ransomware Group Strikes Second US Health Care System in The Last Two Months - CyberScoop

• Is That Health App Safe to Use? A New Framework Aims To Provide An Answer - Help Net Security

Manufacturing

• German Automakers Targeted in Year-Long Malware Campaign (bleepingcomputer.com)

• China-Backed Winnti Hackers Attacked Manufacturers Globally, Cybereason Alleges - MSSP Alert

Education and Academia

• A US College Is Shutting Down for Good Following A Ransomware Attack (yahoo.com)

• Fraudulent 'Bot-driven' College Enrolment up 50%, New Study Finds (darkreading.com)

Reports Published in the Last Week

• How Business Executives Perceive Ransomware Threat | Kaspersky official blog

Other News

• An Offensive Mindset Is Crucial for Effective Cyber Defence - Help Net Security

• Zero-Click Attacks Explained, And Why They Are So Dangerous | CSO Online

• Britain Must Upgrade Cyber Defences ‘Or Be Hit By 9/11-Style Attack’ (telegraph.co.uk)

• Everything We Learned From the LAPSUS$ Attacks (thehackernews.com)

• Threat Actors Are Stealing Data Now to Decrypt When Quantum Computing Comes (darkreading.com)

• Prepare for What You Wish For: More CISOs on Boards | SecurityWeek.Com

• Ready, IAM, Fire: How Weak Identity and Access Management (IAM) Makes You a Target (darkreading.com)

• How Privileged Access Management (PAM) Must Evolve - MSSP Alert

• Secure Your CMS-Based Websites Against Pervasive Attacks - Help Net Security

• Threats To Hardware Security Are Growing - Help Net Security

• Government’s “Whole of Society” Cyber Strategy Takes Shape - Infosecurity Magazine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities and cyber related news from the last week.

Top Cyber Stories of the Last Week

Masslogger Swipes Microsoft Outlook, Google Chrome Credentials

Cyber Criminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and Turkey starting in mid-January. When the Masslogger variant launched its infection chain, it disguised its malicious RAR files as Compiled HTML (CHM) files. This is a new move for Masslogger, and helps the malware sidestep potential defensive programs, which would otherwise block the email attachment based on its RAR file extension, said researchers on Wednesday.

https://threatpost.com/masslogger-microsoft-outlook-google-chrome/164011/

Phishers tricking users via fake LinkedIn Private Shared Document

The phishing message is delivered via LinkedIn’s internal messaging system and looks like it has been sent by one of the victim’s contacts. The message urges the recipient to follow a third-party link to view a document. If they fail to find this suspicious, they’ll be redirected to a convincingly spoofed LinkedIn login page, and if they enter their login credentials, their account will probably soon be sending out phishing messages to their contacts.

https://www.helpnetsecurity.com/2021/02/18/linkedin-private-shared-document/

Solarwinds Attack Hit 100 Companies And Took Months Of Planning’; ‘Largest And Most Sophisticated Attack’ Ever Seen According To Microsoft; Hackers Downloaded Some Azure, Exchange, And Intune Source Code

A hacking campaign that used a tech company as a springboard to compromise a raft of US government agencies has been called “the largest and most sophisticated attack the world has ever seen”, according to Microsoft. Nine US governmental agencies were breached along with 100 different private sector companies , many of which were technology companies, including products that could be used to launch additional intrusions. Microsoft said it has formally completed its investigation into the SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers, though it did state that it had discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft's internal network, where they accessed the source code of several internal projects.

https://www.zdnet.com/article/solarwinds-attack-hit-100-companies-and-took-months-of-planning-says-white-house/ https://www.independent.co.uk/news/world/americas/solarwinds-us-russia-hacking-b1802299.html https://www.zdnet.com/article/microsoft-says-solarwinds-hackers-downloaded-some-azure-exchange-and-intune-source-code/

Ransomware gangs are running riot – paying them off doesn’t help

In the past five years, ransomware attacks have evolved from rare misfortunes into common and disruptive threats. Hijacking the IT systems of organisations and forcing them to pay a ransom in order to reclaim them, cyber criminals are freely extorting millions of pounds from companies – and they’re enjoying a remarkably low risk of arrest as they do it.

https://theconversation.com/ransomware-gangs-are-running-riot-paying-them-off-doesnt-help-155254

Most security bugs in the wild are years old

Most vulnerabilities exploited in the wild are years old and some could be remedied easily with a readily available patch. This is one of the findings of a new report, which states that two thirds (65 percent) of CVEs found in 2020 were more than three years old, while a third of those (32 percent) were originally identified in 2015 or earlier.

https://www.itproportal.com/news/most-security-bugs-in-the-wild-are-multiple-years-old/

Hacker Claims to Have Stolen Files Belonging to Prominent Law Firm Jones Day

A hacker claims to have stolen files belonging to the global law firm Jones Day and posted many of them on the dark web. Jones Day has many prominent clients, including former President Donald Trump and major corporations. Jones Day, in a statement, disputed that its network has been breached. The statement said that a file-sharing company that it has used was recently compromised and had information taken. Jones Day said it continues to investigate the breach and will continue to be in discussion with affected clients and appropriate authorities.

https://www.wsj.com/articles/hacker-claims-to-have-stolen-files-belonging-to-prominent-law-firm-jones-day-11613514532?reflink=desktopwebshare_twitter

Former Spy Chief Calls For Military Cyber Attacks On Ransomware Hackers

The state should launch military cyber attacks to shut down ransomware gangs that have extorted millions of pounds from British businesses, a former spy chief has said.

Ciaran Martin, who previously led the UK’s National Cyber Security Centre, said the problem of criminal gangs locking and stealing files has become so serious that Government should now seek to disrupt the operations of prolific criminals.

The plans would mark a major change of tack for the UK authorities, who have long downplayed the idea they could routinely use offensive hacking as well as cyber defence.

https://www.telegraph.co.uk/technology/2021/02/15/former-spy-chief-calls-military-cyber-attacks-ransomware-hackers/

Think your backups will protect you from ransomware? What do you think the malware attacked first?

If you think your backup strategy means you’re protected from the worst that cyber criminals can throw at you, we’ve got some bad news. Ransomware creators know all about backups, too. So, if you are unlucky enough to get a “pay up or else” notice, there’s a very good chance that the attacker in question has already been stealthily working their way through your systems for some time, ensuring your recovery data has already been comprehensively trashed.

https://www.theregister.com/2021/02/17/protect_yourself_from_ransomware_webcast/

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

More than 100 financial services firms across multiple countries were targeted in a wave of ransom distributed denial-of-service (DDoS) attacks conducted by the same threat actor in 2020. The attacks moved in methodical fashion across Europe, North America, Latin America, and Asia, hitting dozens of organizations in the financial sector in each region, the Financial Services Information Sharing and Analysis Center (FS-ISAC) disclosed this week. Among those targeted were banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services.

https://www.darkreading.com/attacks-breaches/100+-financial-services-firms-targeted-in-ransom-ddos-attacks-in-2020/d/d-id/1340165

14 million alleged Amazon and eBay account details sold online

An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.

https://cybernews.com/security/14-million-amazon-and-ebay-accounts-sold-online-in-new-leak/

Threats

Ransomware

• Kia Reportedly Under Ransomware Attack With $20M Demand

• Conti ransomware: Evasive by nature

• Egregor ransomware affiliates arrested by Ukrainian, French police

BEC

• This cyber security threat costs business millions. And it's the one they often forget about

Phishing

• This phishing email promises you a bonus - but actually delivers this Windows trojan malware

• How Hackers use Phishing to Hijack Sites through Hosting Provider

• Hackers abusing the Ngrok platform phishing attacks

Malware

• Windows and Linux servers targeted by new WatchDog botnet for almost two years

• Malware Is Now Targeting Apple’s New M1 Processor

• TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus

Mobile

• Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam

IOT

Vulnerabilities

• The OpenSSL Project addressed three vulnerabilities

• WordPress plugin exploit puts more than one million sites at risk

• Bug in shared SDK can let attackers join calls undetected across multiple apps

• Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

• Apple patches severe macOS Big Sur data loss bug

• Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches

• Telegram privacy feature failed to delete self-destructing video files

Data Breaches

• Scottish Borders Council apologises for data breach

Organised Crime

• Duo Charged with Multimillion-Dollar Dark Web Drugs Scheme

• Cybercrime Joker Retires With A Reported $2.1 Billion In Bitcoin

Insider Threats

• Yandex Data Breach Exposes 4K+ Email Accounts

Supply Chain

• Supply chain attacks are on the rise: Check your software build pipeline security

OT, ICS, IIoT and SCADA

• The Cyber Risks of Transportation’s Connected OT/IoT Systems

Nation-State Actors

• France Ties Russia's Sandworm to a Multiyear Hacking Spree

• Russian state hackers targeted Centreon servers in years-long campaign

• Feds Indict North Korean Hackers for Years of Heists and Scams

• MPs sign up to Clubhouse app despite Chinese security concerns

Privacy

• More bosses are using software to monitor remote workers. Not everyone is happy about it

• 'Spy pixels in emails have become endemic'

Reports Published in the Last Week

• State Of Malware 2021 Report

Other News

• Attacks targeting IT firms stir concern, controversy

• Record year for UK’s £8.9bn cyber security sector

• Most businesses plan to move away from VPNs, adopt a zero-trust access model

• 20 Common Tools & Techniques Used by macOS Threat Actors & Malware

• The biggest cyber attacks in gaming history

• Discord is fast becoming a favourite tool among cyber criminals

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.