Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 24 March 2023

Black Arrow Cyber Threat Briefing 24 March 2023:

-Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

-Controlling Third-Party Data Risk Should Be a Top Cyber Security Priority

-IT Security Spending to Reach Nearly $300 Billion by 2026

-2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

-Board Cyber Shortage: Don’t Get Caught Swimming Naked

-Should Your Organisation Be Worried About Insider Threats?

-UK Ransomware Incident Volumes Surge 17% in 2022

-Financial Industry Hit by Rising Ransomware Attacks and BEC

-55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

-Security Researchers Spot $36m BEC Attack

-New Victims Come Forward After Mass Ransomware Attack

-Ransomware Gangs’ Harassment of Victims is Increasing

-Wartime Hacktivism is Spilling Over Into the Financial Services Industry

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

  • Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

  • IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

  • 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

  • Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

  • Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

  • UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

  • Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

  • 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

  • Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

  • New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

  • Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

  • Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 March 2021

Black Arrow Cyber Threat Briefing 05 March 2021: New Strain Of Ransomware Implements Self-Spreading Capabilities; One In Four People Use Work Passwords For Consumer Websites; Massive Rise In Threats Across Expanding Attack Surfaces; Half of Orgs Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks; Microsoft Patches Four Zero-Day Exchange Server Bugs; A Booming Trade In Bugs Is Undermining Cyber Security; Weaponized Spectre Exploit Discovered; Solarwinds Security Fiasco May Have Started With Simple Password Blunders

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Image by Tumisu from Pixabay

Top Cyber Stories of the Last Week

New Strain Of Ransomware Implements Self-Spreading Capabilities

French experts spotted a new Ryuk ransomware variant that implements self-spreading capabilities to infect other devices on victims’ local networks.

This new version has a new attribute that allows it to self replicate over the local network allowing the malware to propagate itself – machine to machine – within the Windows domain. Once launched, it will spread itself to every Windows machine it can reach.

https://securityaffairs.co/wordpress/115064/reports/ryuk-ransomware-self-spreading-capabilities.html

One In Four People Use Work Passwords For Consumer Websites

The report found that one in four consumers admit to using their work email or passwords to log in to consumer websites and applications such as food delivery apps, online shopping sites and even dating apps. The report found that consumers are neglecting to implement fundamental security safeguards across smart IoT devices at home, which could have serious security ramifications on both the individual and the enterprise amid increased and ongoing remote work spurred by the COVID-19 pandemic.

https://www.helpnetsecurity.com/2021/02/26/use-work-passwords-for-consumer-websites/

Massive Rise In Threats Across Expanding Attack Surfaces

New malware samples nearly doubled: New ransomware samples increased 106% year-over-year. Trojans increased 128%, with threat actors using trojans to exploit lower-severity vulnerabilities. Sophisticated, multi-staged attacks and malware-as-a-service have become the norm. Vulnerabilities hit a new high: 18,341 new vulnerabilities in 2020 have been reported. To stay ahead of attacks, security and risk leaders need sophisticated insights into which vulnerabilities are high-risk and remediation options for all assets, including non-patching options.

https://www.helpnetsecurity.com/2021/02/26/expanding-attack-surfaces/

Half of Organisations Concerned Remote Working Puts Them at Greater Risk of Cyber Attacks

Half of organizations are concerned that the shift to remote work is putting them a greater risk of Cyber Attacks, according to a new study with IDG. A survey of UK CIOs, CTOs and IT decision makers revealed that insecure practices are regularly taking place among remote workers, providing more opportunities for Cyber Criminals to strike.

https://www.infosecurity-magazine.com/news/half-orgs-remote-working-risk/

Microsoft Patches Four Zero-Day Exchange Server Bugs

Microsoft has been forced to release out-of-band patches to fix multiple zero-day vulnerabilities being exploited by Chinese state-backed threat actors. The unusual step was taken to protect customers running on-premises versions of Microsoft Exchange Server.

https://www.infosecurity-magazine.com/news/microsoft-patch-four-zeroday/

A Booming Trade In Bugs Is Undermining Cyber Security

If you discover that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge.

https://www.economist.com/books-and-arts/2021/03/06/a-booming-trade-in-bugs-is-undermining-cyber-security

Is Your Browser Extension A Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition.

https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/

Cyber Attack Shuts Down Online Learning At 15 UK Schools

A threat actor was able to access the trust's central network infrastructure and while an investigation took place, all existing phone, email, and website communication had to be pulled. Students are still learning remotely in England. Schools are set to reopen on March 8, but in the meantime, only a small subset of children are attending school physically, such as the children of key workers.

https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

First Fully Weaponized Spectre Exploit Discovered Online

A fully weaponized exploit for the Spectre CPU vulnerability was uploaded on the malware-scanning website VirusTotal last month, marking the first time a working exploit capable of doing actual damage has entered the public domain. The exploit was discovered and targets Spectre, a major vulnerability that was disclosed in January 2018. According to its website, the Spectre bug is a hardware design flaw in the architectures of Intel, AMD, and ARM processors that allows code running inside bad apps to break the isolation between different applications at the CPU level and then steal sensitive data from other apps running on the same system.

https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

Solarwinds Security Fiasco May Have Started With Simple Password Blunders

We still do not know just how bad the SolarWinds security breach is. We do know over a hundred US government agencies and companies were cracked. "The largest and most sophisticated attack the world has ever seen," with more than a thousand hackers behind it. It may have all started when an intern first set an important password to "'solarwinds123." Then, adding insult to injury, the intern shared the password on GitHub.

https://www.zdnet.com/article/solarwinds-security-fiasco-may-have-started-with-simple-password-blunders/

Threats

Ransomware

Phishing

Malware

Mobile

Vulnerabilities

Data Breaches

Organised Crime

Dark Web

Supply Chain

Nation-State Actors

Privacy

 

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our weekly ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More