Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Small Businesses Hit by Frequent Cyber Attacks, as 90% of CISOs of Larger Firms Faced at least One Attack Last Year

A survey by Payroll provider Sage found that nearly 48% of small and medium sized enterprises (SMEs) have experienced at least one cyber incident in the past year; of note, this is only based on SMEs self-reporting, and requires SMEs to have both the ability to detect an incident and to have actually identified an incident and then self-report it. The survey found that cyber security was a priority with 68% of respondents reporting that they would use a more expensive security control if it demonstrated better security.

In a separate report by Splunk, it was found that 90% of CISOs reported experiencing at least one disruptive attack in the past year. The difference in numbers could be because organisations who have a CISO are more likely to have tools in place to detect an incident.

Regardless, cyber criminals are showing that any size of organisation can be a victim of a cyber incident and in some cases, smaller organisations may not have the necessary budget and controls to prevent an attack.

Sources: [Security Magazine] [Insurance Times] [Infosecurity Magazine]

The Most Effective Cyber Attacks Never Touch Your Organisation’s Firewall, and HR’s Role in Defending the Organisation

In 2022, total spending on cyber security technologies increased to 71.1 billion USD, illustrating just how much effort goes into protecting companies, their data, and their customers. Regardless of all this spending, there remains a popular attack which can bypass this all: social engineering. Attackers know how much technology protection is placed in organisations, so they often try to bypass this and go straight through the employees.

Cyber security will never work if organisations do not go beyond IT; it is a business-wide issue and requires the engagement and input from across the business, including functions like Human Resources. Having effectively trained employees is a crucial part of creating a culture of security within an organisation, and this starts with HR. Employees will often have training as part of their onboarding and then regular training to ensure competencies; as part of HR’s role, this should include commissioning training on cyber security that is delivered by cyber security experts that understand what attackers are doing.

Source: [News Week] [Beta News]

Ransomware Infection Times Fall from 5 Days to 5 Hours

The amount of time it takes an attacker to infect a system with ransomware has fallen drastically over the last 12 months according to a recent report. The median dwell time (the time that an attacker spends in a victim’s network before being detected) was 5.5 days in 2021, reducing to 4.5 days in 2022, and this year it fell to less than 24 hours with, in 10% of cases, the time taken to deploy ransomware being within 5 hours. As threat actors continue to leverage Ransomware as a Service (RaaS) to execute attacks, dwell times will continue to decrease and the number of attacks will increase.

This coincides with a recent survey by Hornetsecurity that revealed that almost 60% of businesses are concerned about ransomware attacks. 92% of businesses are reported to be aware of ransomware’s potential negative impact, but just 54% of respondents say their leadership is actively involved in conversations and decision making to help prevent attacks.

The report highlights that ransomware is still at large, with the first half of 2023 seeing more ransomware victims than in the whole of 2022. Having good cyber security protection and hygiene is the key to ongoing success. Organisations cannot afford to become victims. Ongoing security awareness training and multi-layered ransomware protection are critical to help avoid insurmountable losses.

Sources: [Cision] [PC Mag] [Security Magazine]

80% of Security Leaders See AI as the Biggest Threat to Business

A report has found that a large majority of security leaders (80%) believe Artificial Intelligence (AI) is the biggest cyber threat to their business, and that the risks of AI outweigh the many advantages.

In a separate report, 58% agreed that AI is increasing the number of cyber attacks. The benefits of AI were also recognised however, with 73% reporting AI to be an increasingly important tool for security operations.

With AI finding itself both sides of the coin, it is important for organisations to effectively implement their AI solutions, so that they can improve their security whilst reducing the risk that AI presents to their organisation.

Sources: [Diginomica] [Infosecurity Magazine]

Is Your Board Cyber-Ready?

With the recent US Securities and Exchange Commission (SEC) requirements entering effect, and the impending Digital Operational Resilience Act (DORA) requirements for Europe, there is yet another layer added to the complicated issues of managing cyber security risks. However, it is clear that strong corporate governance equips companies to address them efficiently and accurately.

Governance starts with the board, as it is responsible for the oversight of the organisation’s cyber security programs. For a board to do this effectively, the leadership team must be able to understand cyber security; yet despite this, a study found that only 12% of boards had a cyber expert. Black Arrow supports business leaders in organisations of all sizes to gain a strong practical understanding of the fundamentals of cyber security risk management, and to demonstrate governance in implementing their cyber security strategy by leveraging their existing internal and external resources.

Sources: [Harvard.edu] [JDSupra]

Cyber Security Should Be a Business Priority for CEOs

A recent report found that despite 96% of CEOs saying that cyber security is critical to organisational growth and stability, 74% of CEOs are concerned about their organisation’s ability to avert or minimise damage arising from a cyber attack. The report also highlighted that 60% of CEOs don’t incorporate cyber security into their business strategies, products or services from the beginning. 44% believe that cyber security requires episodic intervention rather than ongoing attention.

Adding to this reactive stance is the incorrect assumption by 54% of CEOs that the cost of implementing cyber security is higher than the cost of suffering a cyber attack, despite history showing otherwise. For instance, the report notes that a global shipping and logistics company breach resulted in a 20% drop in business volume, with losses hitting $300 million. In addition, despite 90% of CEOs saying cyber security is a differentiating factor for their products or services to help them build customer trust, only 15% have dedicated board meetings to discuss cyber security issues. This disconnect might be explained by the fact that 91% of CEOs said cyber security is a technical function that is the responsibility of the CIO or CISO.

Source: [HelpNet Security]

The Looming Threat of a Single Phishing Click to Your Business

A single click could be all it takes to get the ball rolling and allow an attacker entry into your organisation. From there, the possibilities are endless. Phishing impacts any employee within the organisation with an email account, phone number or access to the web.

Organisations can mitigate this risk however, by conducting training and awareness programmes, aimed at improving employees’ abilities to identify, report and avoid falling victim to phishing incidents. Such training should be held regularly to maintain their knowledge as well as adapting to the ever-changing landscape of cyber crime. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CMS-lawnow]

40% of Organisations Leave Ransomware to IT

A report found that 93% of respondents said they believe ransomware protection is “very” to “extremely” important in terms of IT priorities for their organisation, yet only 54% reported that the leadership were actively involved in conversations and decision-making around ransomware attacks, and 40% of total respondents were happy to leave the IT team to deal with ransomware attacks.

By only involving the IT team and excluding the leadership, organisations are at risk of not addressing regulatory requirements, or failing to manage such cyber incidents within a business context. This would also suggest a lack of an effective Incident Response Plan to ensure that considerations such as legal, communications, customers, employees and other stakeholders are not forgotten. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Source: [MSSP Alert]

Auditors’ Growing Concern About Cyber Security

The majority of chief audit executives and information technology audit leaders consider cyber security to be a top risk over the next year. The survey found that found that nearly 75% of respondents, and an even higher percentage (82%) of technology audit leaders, consider cyber security to be a high-risk area over the next 12 months.

Source: [Accounting Today]

Preparing for the Unexpected: A Proactive Approach to Operational Resilience

Recent insights highlight a pressing need: ensuring operational resilience in financial firms. As the financial sector remains a prime target for cyber threats, the increasing interconnectedness presents evolving challenges. While cyber security aims to defend against attacks, operational resilience ensures the continuity of operations even when incidents occur.

Notably, the EU’s Digital Operational Resilience Act (DORA) stresses preparedness, providing a framework for the industry. Although business continuity practices exist, operational resilience offers a more proactive stance, ensuring system reliability that is crucial for global financial trust. Achieving this requires a comprehensive risk assessment, laying the groundwork for a resilient strategy tailored to a firm’s unique position in the financial landscape.

Source: [Dark Reading]

Staggering Losses to Social Media and Social Engineering Since 2021, as Victims Take $2.7 Billion Hit in US Alone

The US Federal Trade Commission (FTC) reports that Americans alone, have lost $2.7 billion to social media and social engineering scams since 2021. The losses were incurred through websites, phone calls and email.

It is important for organisations to consider that such scams could very well find themselves in the corporate environment. Already, there has been a significant rise in attacks on employees through LinkedIn. As such, it is important for organisations to provide education and awareness training to users.

Sources: [Bleeping Computer] [Infosecurity Magazine]

Organisations Grapple with Detection and Response Despite Rising Security Budgets

A study by EY found that only a fifth of cyber security leaders today are confident about their organisation’s cyber security approach, with only half trusting the training they provide in-house. CISO respondents reported an average annual spend of $35 million on cyber security, with the median cost of a breach jumping 12% to $2.5 million. The leaders said they anticipate the cost per breach to reach $4 million by the end of the year.

The report found that the biggest internal challenges to the organisation's cyber security approach were "too many potential attack surfaces" at 52%, and "difficulty balancing security and innovation speed" at 50%. The study also noted big discrepancies between the CISOs and other C-suite leaders when it came to their organisation's cyber security preparedness. While 60% of CISOs were confident about the C-suite integration of cyber security into key business decisions, only over half of other C-suite officers believed they were effective. There was also a significant gap (12%) between their satisfaction with the overall cyber security preparedness.

Source: [CSO Online]

Governance, Risk and Compliance

• Half of CISOs Now Report to CEO as Influence Grows - Infosecurity Magazine (infosecurity-magazine.com)

• Auditors more worried about cyber security than AI risks | Accounting Today

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• CEOs concerned about organisations’ ability to avert cyber attacks, despite understanding their impact: Report - The Hindu

• Cyber Security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber attacks are only getting worse for business, so what are CISOs doing about it? | TechRadar

• Warning as more businesses fall victim to cyber attacks | Insurance Times

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• The Role of HR in Engaging the Workforce for Holistic Cyber Security (newsweek.com)

• 90% firms experienced cyber attacks; 83% opted to pay attackers: Report (business-standard.com)

• The world was already horrifying — technology is making it more so - The Hustle

• State of Cyber Awareness in the Boardroom (harvard.edu)

• What The Board Needs To Know: Cyber Attack Costs - WSJ

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Is Your Board Cyber-Ready? Leadership Steps to Support Corporate Cyber Security | Jackson Lewis P.C. - JDSupra

• Cyber security should be a business priority for CEOs - Help Net Security

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• The undeniable benefits of making cyber resiliency the new standard | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• Cyber insurance costs pressure business budgets - Help Net Security

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Cyber security overtakes cloud as top area of investment - The Recycler - 10/10/2023

• New Wave of Cyber Threats Challenges In-House Legal Departments (bloomberglaw.com)

• Should businesses follow Google’s footsteps in cyber security? | TechRadar

• Cyber security is booming but it comes at a human cost (betanews.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• A Cyber security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Uber's Ex-CISO Appeals Conviction Over 2016 Data Breach (darkreading.com)

• 6 steps to getting the board on board with your cyber security program (welivesecurity.com)

Threats

Ransomware, Extortion and Destructive Attacks

• First half of 2023 sees more ransomware victims than all of 2022 | Security Magazine

• Cyber security Survey: 40% of Orgs “Leave” Ransomware to IT | MSSP Alert

• Cyber criminals can go from click to compromise in less than a day - Help Net Security

• Ransomware Infection Times Fall From 5 Days to 5 Hours (pcmag.com)

• Almost 60% Of Businesses Are 'Very' To 'Extremely' Concerned About Ransomware Attacks - Hornetsecurity Annual Ransomware Survey (Prnewswire.Com)

• Ransomwared health insurer wasn't using anti-virus software • The Register

• Everest searching for corporate insiders amid rare pivot • The Register

• HelloKitty ransomware source code leaked on hacking forum (bleepingcomputer.com)

• How to Prevent Ransomware as a Service (RaaS) Attacks (trendmicro.com)

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Ransomware Attack on Hospitals Highlights Need to Ensure Continuity of Patient Care (fdd.org)

Ransomware Victims

• MGM Suffers $100mn loss following cyber attack, hopes insurance cover will be sufficient (insuranceinsider.com)

• Cyber attack victim Estes making ‘steady progress’ - FreightWaves

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Ransomwared health insurer wasn't using anti-virus software • The Register

• BianLian extortion group claims recent Air Canada breach (bleepingcomputer.com)

• Ransomware group starts leaking data allegedly from NJ cardiology consultants group (databreaches.net)

Phishing & Email Based Attacks

• The looming threat of a single phishing click to your business (cms-lawnow.com)

• Hackers are using AI for phishing | Windows Central

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Phishing, the campaigns that are affecting Italy (securityaffairs.com)

BEC – Business Email Compromise

• What is business email compromise (BEC)? | ITPro

Other Social Engineering; Smishing, Vishing, etc

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Artificial Intelligence

• PwC survey reveals rising concerns over cyber security and generative AI in 2024 - Reinsurance News

• 'Really frightening': IT leaders on cyber security in the age of AI (computing.co.uk)

• Cyber security pros predict rise of malicious AI - Help Net Security

• Downing Street trying to agree statement about AI risks with world leaders | Artificial intelligence (AI) | The Guardian

• Why 80% of CISOs see AI as the biggest threat to their business (diginomica.com)

• C-suite weighs in on generative AI and security (securityintelligence.com)

• Hackers are using AI for phishing | Windows Central

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

• US Space Force Pauses Generative AI Based on Security Concerns (bloomberglaw.com)

• Generative AI Security: Preventing Microsoft Copilot Data Exposure (bleepingcomputer.com)

• How to Guard Your Data from Exposure in ChatGPT (thehackernews.com)

2FA/MFA

• Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication (pcmag.com)

Malware

• Mirai DDoS malware variant expands targets with 13 router exploits (bleepingcomputer.com)

• Microsoft to kill off VBScript in Windows to block malware delivery (bleepingcomputer.com)

• How Keyloggers Have Evolved From the Cold War to Today (darkreading.com)

• Endpoint malware attacks decline as campaigns spread wider - Help Net Security

Mobile

• Beware - GoldDigger malware will drain your bank accounts without you even realizing | TechRadar

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• Operation Behind Predator Mobile Spyware Is 'Industrial Scale' (darkreading.com)

• Hacktivists send fake nuclear attack warning via Israeli Red Alert app (bitdefender.com)

• 5 quick tips to strengthen your Android phone security today | ZDNET

Botnets

• Mirai DDoS malware botnet variant expands targets with 13 router exploits (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks (cloudflare.com)

• Google, Amazon Face Massive Denial-of-Service Attack | MSSP Alert

Internet of Things – IoT

• Connected vehicles can be at risk of hacking, consumer awareness paramount: experts - Victoria Times Colonist

• Automotive cyber security: A decade of progress and challenges - Help Net Security

• Android TV malware case worsens: Tens of millions of devices infected - FlatpanelsHD

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Android devices shipped with backdoored firmware as part of the BADBOX network (securityaffairs.com)

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

• Mirai Variant IZ1H9 Adds 13 Exploits to Arsenal - Security Week

• Exposed security cameras in Israel and Palestine pose significant risks (securityaffairs.com)

Data Breaches/Leaks

• 3.81 billion records compromised by cyber security incidents in September 2023 (itsecuritywire.com)

• US Smashes Annual Data Breach Record With Three Months Left - Infosecurity Magazine (infosecurity-magazine.com)

• 23andMe Cyberbreach Exposes DNA Data, Potential Family Ties (darkreading.com)

• Hackers compile database of people of Jewish descent using stolen 23andMe user data - Washington Times

• DC Board of Elections confirms voter data stolen in site hack (bleepingcomputer.com)

• Lyca Mobile says customer data was stolen during cyber attack | TechCrunch

• Third Flagstar Bank data breach since 2021 affects 800,000 customers (bleepingcomputer.com)

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

• Air Europa customers urged to cancel cards following hack on payment system (therecord.media)

• Dymocks breach happened while changing providers | Information Age | ACS

• 88% of Hospitals And Other Health-Care Organisations Faced Cyber Attacks Last Year (databreaches.net)

• Shadow PC warns of data breach as hacker tries to sell gamers' info (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The cyber villains are getting bolder. Businesses need to up their game - Raconteur

• Minister:  ‘Cyber criminals are often in uncooperative jurisdictions – making international collaboration essential’ – PublicTechnology

• Protecting your business against the cyber criminal enterprise (techuk.org)

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Hackers 'don't break in anymore, they log in,' expert explains (yahoo.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

Insider Risk and Insider Threats

• Everest searching for corporate insiders amid rare pivot • The Register

• Time to safeguard the financial sector? Navigating employee turnover to defend against cyber attacks - Digital Journal

• Former US soldier accused of trying to pass secrets to China • The Register

• The Mind of the Inside Attacker (informationweek.com)

• Understanding the human factor of digital safety | TechRadar

Fraud, Scams & Financial Crime

• Fooled by cyber criminals: The humanitarian CEO scammed by hackers - GZERO Media

• Global job scam to cause $100 mn in losses for over 1,000 companies: Report (odishatv.in)

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• The dark side of solar panels – how crooks are exploiting net zero (telegraph.co.uk)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• UK users of illicit streaming services warned of risk of fraud or police visit | TV streaming | The Guardian

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• ‘I felt powerless’: how a crypto scam cost a finance boss £300,000 | Scams | The Guardian

• Inside FTX’s All-Night Race to Stop a $1 Billion Crypto Heist | WIRED

• What to do if you’ve clicked on a phishing link or talked to scammers | Kaspersky official blog

• Never click on bank-draining words if message pops up, expert warns (ladbible.com)

• Boss of world’s largest cinema chain victim of catfish blackmail plot | Business | The Guardian

Deepfakes

• 68 percent of IT decision makers are worried about the rise of deepfakes (betanews.com)

AML/CFT/Sanctions

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

Insurance

• Cyber insurance costs pressure business budgets - Help Net Security

• Insurance industry faces growing concerns over cyber cat risk: Gallagher Re - Reinsurance News

• Cyber Insurance Lessens the Sting of Corporate Cyber Attacks (bloomberglaw.com)

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Insurance cover ‘sufficient’ for $100mn cyber attack hit: MGM (insuranceinsider.com)

Supply Chain and Third Parties

• 77% of Cyber security Breaches Linked to Third-Party Risks: Navigating the New Threat Landscape (govinfosecurity.com)

• Cyber attack hits electronics firm Volex (cityam.com)

Software Supply Chain

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

Cloud/SaaS

• The Need for Speed: When Cloud Attacks Take Only 10 Minutes (darkreading.com)

• Microsoft and Cabinet Office issue government-wide security guidelines for M365 – PublicTechnology

• Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits (thehackernews.com)

• Securely Moving Financial Services to the Cloud (darkreading.com)

Identity and Access Management

• Why identity infrastructure is the new cyber attack surface (siliconrepublic.com)

Encryption

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

API

• You can't avoid APIs, so you need to secure them (betanews.com)

Open Source and Linux

• New cryptographic protocol aims to bolster open-source software security | ZDNET

• Why open-source software supply chain attacks have tripled in a year | CSO Online

• Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol - Security Week

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• New One-Click Exploit Is a Supply Chain Risk for Linux OSes (darkreading.com)

• US Government Issues Open-Source Security Guidance for Critical Infras - Infosecurity Magazine (infosecurity-magazine.com)

Passwords, Credential Stuffing & Brute Force Attacks

• CISA publishes top 10 most common security misconfigurations • The Register

• Have You Changed the Default Passwords on Your IoT Devices? (makeuseof.com)

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

Social Media

• FTC warns of ‘staggering’ losses to social media scams since 2021 (bleepingcomputer.com)

• Social Dominates as Victims Take $2.7bn Fraud Hit - Infosecurity Magazine (infosecurity-magazine.com)

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

• LinkedIn Smart Links attacks return to target Microsoft accounts (bleepingcomputer.com)

• Brands Beware: X's New Badge System Is a Ripe Cyber-Target (darkreading.com)

• What should you do if your Facebook is hacked? (pocket-lint.com)

Parental Controls and Child Safety

• New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise (thehackernews.com)

Regulations, Fines and Legislation

• SEC Adopts New and Burdensome Cyber Cecurity Disclosure Rules | Kohrman Jackson & Krantz LLP - JDSupra

• SEC Investigating Progress Software Over MOVEit Hack - Security Week

Models, Frameworks and Standards

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

Data Protection

• Caesars Offers Two Years of IDX Services to Compromised Data Victims - GamblingNews

Careers, Working in Cyber and Information Security

• Work-related stress “keeps cyber professionals up at night” | ITPro

• Fifth of UK Cyber Security Pros Work Excessive Hours - Infosecurity Magazine (infosecurity-magazine.com)

• Cyber security is booming but it comes at a human cost (betanews.com)

• eBook: Cyber security career hacks for newcomers - Help Net Security

• Turning military veterans into cyber security experts - Help Net Security

• CISO Pay Increases Are Slowing – a Look Behind the Figures - Security Week

• Skills-based Hiring Can Address Cyber Workforce Shortfalls (fdd.org)

Law Enforcement Action and Take Downs

• European Police Hackathon Hunts Down Traffickers - Infosecurity Magazine (infosecurity-magazine.com)

Misinformation, Disinformation and Propaganda

• Elon Musk’s vision for free speech on X tested by Israel-Hamas war misinformation | Financial Times (ft.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Misc Nation State/Cyber Warfare

• Cyber Attacks Targeting Israel Are on the Rise After Hamas Attack | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

• Hackers For Hire Hit Both Sides in Israel-Hamas Conflict (darkreading.com)

• Beyond the Front Lines: How the Israel-Hamas War Impacts the Cyber security Industry - Security Week

• Israel Cyber Attacks: What MSSPs Need to Know | MSSP Alert

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

• The cyber phases of two wars show signs of intersecting. Developments in cyberespionage and cyber crime. (thecyberwire.com)

• Could Middle Eastern Cyberwarfare Spill Into Health Sector? (inforisktoday.com)

• The Cyberwar Between the East and the West Goes Through Africa (darkreading.com)

• Hamas 'using social engineering attacks' in conflict with Israel (techmonitor.ai)

Russia

• Dark Horse Ukraine Proves Resistant to Onslaught of Russian Cyber Attacks (kyivpost.com)

• Kremlin-Linked Hacker Group Launches Cyber-Attack Against Israel (kyivpost.com)

• Russian hacker group "Killnet" declares cyberwar on Israel | Al Bawaba

• Gaza-linked hackers and Pro-Russia groups are targeting Israel (securityaffairs.com)

• Hacking Groups, Including Some Tied to Russia, Are Attacking Israeli Websites (insurancejournal.com)

• Cyber Metamorphosis: Ukraine Conflict's Impact on the Threat Landscape (govinfosecurity.com)

China

• A Frontline Report of Chinese Threat Actor Tactics and Techniques (darkreading.com)

• Why One Of The Largest Cyber-Attacks Is Still A Mystery (slashgear.com)

• Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike (thehackernews.com)

• Chinese Criminals Backdoor Android Devices for Ad Fraud (govinfosecurity.com)

• China-based Supply Chain Cyber Attacks Hit Thousands of Android Devices | MSSP Alert

• Former US soldier accused of trying to pass secrets to China • The Register

• Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries (thehackernews.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• Researchers Uncover Ongoing Attacks Targeting Asian Governments and Telecom Giants (thehackernews.com)

Iran

• Escalation In Iranian Cyber Operations: A Shift Toward Espionage | Iran International (iranintl.com)

North Korea

• North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime (securityaffairs.com)

• North Korea's State-Sponsored APTs Organise & Align (darkreading.com)

Vulnerability Management

• Developers take as long as one month to patch security flaws, Synopsys finds (axios.com)

• Microsoft Patch Tuesday turns 20 • The Register

• Vulnerability Behind “Largest Attack in Internet History” Found | MSSP Alert

Vulnerabilities

• Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws (securityaffairs.com)

• Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (darkreading.com)

• Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop - Security Week

• Google Chrome 118 is a massive security update - gHacks Tech News

• Security Patch for Two New Flaws in Curl Library Arriving on October 11 (thehackernews.com)

• Adobe Acrobat Reader Vuln Now Under Attack (darkreading.com)

• Ransomware attacks now target unpatched WS_FTP servers (bleepingcomputer.com)

• Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit (informationweek.com)

• WhatsApp exploits commanding multi-million prices (computing.co.uk)

• High-Severity Vulnerabilities Discovered in WebM Project’s Libraries (paloaltonetworks.com)

• Credential Harvesting Campaign Targets Unpatched NetScaler Instances - Security Week

• Over 17,000 WordPress sites hacked in Balada Injector attacks last month (bleepingcomputer.com)

• Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability | Ars Technica

• New WordPress backdoor creates rogue admin to hijack websites (bleepingcomputer.com)

• libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks (thehackernews.com)

• D-Link WiFi range extender vulnerable to command injection attacks (bleepingcomputer.com)

• Maintainers warn of vulnerability affecting foundational open-source tool (therecord.media)

• Apple releases iOS 16.7.1 to plug critical security holes | Macworld

• The SEC is said to be investigating a Twitter security flaw from the pre-Musk era (engadget.com)

• Microsoft: China's Behind Atlassian Confluence Attacks; PoCs Available (darkreading.com)

• 35 Squid proxy bugs still unpatched after 2 years • The Register

• Fortinet Releases Security Updates for Multiple Products | CISA

• High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security (thehackernews.com)

Tools and Controls

• Organisations grapple with detection and response despite rising security budgets | CSO Online

• Preparing for the Unexpected: A Proactive Approach to Operational Resilience (darkreading.com)

• A Primer on Cyber Risk Acceptance and What it Means to Your Business (bleepingcomputer.com)

• What is Risk Appetite? | Definition from TechTarget

• Reassessing the Impacts of Risk Management With NIST Framework 2.0 (darkreading.com)

• 16 Essential Factors To Cover In A Disaster Recovery Plan (forbes.com)

• A Cyber Security Risk Assessment Guide for Leaders (trendmicro.com)

• Addressing a Breach Starts With Getting Everyone on the Same Page (darkreading.com)

• Google, Yahoo Push DMARC, Forcing Companies to Catch Up (darkreading.com)

• You can't avoid APIs, so you need to secure them (betanews.com)

• What is External Attack Surface Management (EASM)? | UpGuard

• Why You Should Phish In Your Own (informationsecuritybuzz.com)

• Why zero trust delivers even more resilience than you think - Help Net Security

• Take an Offensive Approach to Password Security by Continuously Monitoring for Breached Passwords (thehackernews.com)

• Unmasking the limitations of yearly penetration tests - Help Net Security

• Keeping up with the demands of the cyber insurance market - Help Net Security

• Cyber attackers are combining attacks to bypass detection (siliconrepublic.com)

• Keep on keeping your organisation informed to stay cyber secure (techuk.org)

• Why identity infrastructure is the new cyberattack surface (siliconrepublic.com)

Reports Published in the Last Week

• Global Incident Response Threat Report (vmware.com)

Other News

• Cyber security is a mindset, not just a set of tools and technologies. (techuk.org)

• Large law firms experiencing two 'cyber incidents' a month - Legal Futures

• Small businesses growing target for cyber criminals (planetradio.co.uk)

• The world was already horrifying — technology is making it more so - The Hustle

• Legions of Critical Infrastructure Devices Subject to Cyber Targeting (darkreading.com)

• Subsea cable business seeks to plug its security holes (lightreading.com)

• Old-School Attacks Are Still a Danger, Despite Newer Techniques (darkreading.com)

• Protect Critical Infrastructure With Same Rigor as Classified Networks (darkreading.com)

• Drug dealers hijack NHS, police and Crimestoppers websites to sell coke in plain sight - Daily Star

• Proactive not reactive: adjusting the approach to cyber crime in education

• Magecart Campaign Hijacks 404 Pages to Steal Data (darkreading.com)

• As biohacking evolves, how vulnerable are we to cyber threats? - Help Net Security

• Social care and cyber-crime - Social care (blog.gov.uk)

• Electric Power System Cyber Security Vulnerabilities (trendmicro.com)

• Cable Giant Volex Targeted in Cyber Attack - Security Week

• Securing the Food Pipeline from Cyber Attacks (newswise.com)

• US construction giant reports cyber security incident • The Register

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

New Ransomware Victims Surge by 47% as Small Businesses Targeted

Ransomware attackers are shifting away from “big game” targets and towards easier, less defended organisations, a new report from Trend Micro has found. The report observed a 47% increase in the number of new victims of this vector from the second half of 2022, many of which were small organisations with less mature cyber postures. In fact, 57% of victims of the infamous ransomware gang LockBit, were of organisations up to 200 employees.

Small businesses can be attractive targets; they don’t have the budget of a large organisation and therefore they are more likely to have gaps that can be exploited. To combat this, small businesses need to prioritise their security budgets effectively, to allow themselves the most protection that their budget allows.

Source [Infosecurity Magazine]

MGM Resorts Lost Millions of Dollars a Day in What Should be a Wakeup Call for Corporate Boards

The recent ransomware attack on MGM Resorts has resulted in the loss of millions of dollars daily, not accounting for ransomware fees and reputational damage. MGM Resorts are a client of Okta, who noted that Caesars entertainment and three (not named) other organisations have been hit. Although the other victims have not yet been named, it has been revealed that they are in the manufacturing, retail and technology sectors. As a result of the attacks, Beazley and AIG, who provide cyber insurance, are likely to face significant losses.

The attack should act as wakeup call for corporate boards, as it once again highlights how anyone can be a victim, and if the right controls are not in place, an attack won’t be stopped. Cyber incidents are a matter of when, not if, and boards need to ensure they are prepared, and prepared to handle the fallout when an attack happens. 

Sources: [Proactive Investors] [Reuters] [Insurance Insider] [OODA Loop] [Claims Journal]

SMEs Overestimate Their Cyber Security Preparedness

According to a recent report, 57% of small and medium enterprises (SMEs) have experienced a cyber security breach, with 31% facing such an incident in the past year. Despite the increasing threat, 70% are confident in their defences, though 44% solely rely on their antivirus solutions, and a quarter don't regularly train employees on cyber security best practices or never have.

The report also found that many SMEs either underestimate the importance of robust security, believing they’re too small to be targeted, or put too much trust in their current defences. The increasing number of evolving cyber threats poses a significant risk to SMEs. Rising patterns show frequent and sophisticated attacks, highlighting the urgent need for effective security measures. Understandably, not all small business owners have the resources to obtain in-house cyber security experts. Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Helpnet Security] [Security Magazine]

China’s Hacking Power Bigger Than Rest of World Combined

In a recent conference the director of the FBI highlighted the magnitude of China’s cyber power, most notably explaining that China has a bigger hacking program than the competition combined.

This comes as recent attacks have seen malicious USB drives used to spread malware and now, something we’ve not seen much before, financially motivated hacks by Chinese-speaking actors through a piece of malware known as “ValleyRAT”.

Sources: [Reuters] [Infosecurity Magazine] [WIRED] [Inforisk Today] [TechRadar]

Cyber Insurance Claims for Ransomware Reach Record High

A new report from cyber insurance provider Coalition shows a 12% increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware (19%), business email compromise (BEC) attacks (26%) and funds transfer fraud (FTF) (31%). The report found that claims severity also increased 61% from the previous six months and 117% over the last year. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.

The report comes as the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA)  released a joint advisory warning that ransomware gangs are increasingly evolving their tactics while targeting critical infrastructure sectors, including Information Technology, and Food and Agriculture. The advisory strongly discourages organisations from paying ransoms and encourages victims to report ransomware incidents to a local agency’s reporting channel. Similar advisories were released earlier in the year warning of ransomware groups such as Cl0p who exploited the vulnerability in MOVEit earlier this year.

Sources: [NextGov] [BetanNews] [Security Magazine] [CSO Online]

Cyber Security Still Remains the Greatest Concern for Many C-Suite Executives

Almost three-quarters (73%) of nearly 700 board members surveyed in a new study, believe their organisations are at risk of cyber attack, including targeted attacks; a sizable increase from the 65% last year, according to a recently released Proofpoint report. Worryingly, with the high number believing they are at risk from an attack, 53% still believed they would be unprepared for such an attack. When it came to their main concerns, malware was the top concern (40%), followed by insider threat (36%) and cloud account compromise (36%).

C-suite concern has propelled budgets, with a third of businesses increasing cyber security spending by a significant margin. As IT has become less centralised with a move towards cloud-based systems, combined with a shortage of skilled cyber security workers, businesses are having to rely more heavily on third party security according to a recent report.

This investment, along with improved security communications to executives, should enhance IT upskilling and employee awareness of cyber security.

Sources: [MSSP Alert] [Tech Radar]

Bad Torts: Law Firms Feel the Heat from Rising Cyber Threats

Publicly available reports of ransomware attacks on law firms have accelerated this year, with massive amounts of sensitive client data now in the hands of threat actors, highlighting a growing trend of cyber incidents afflicting the legal business.

One of the reasons law firms are increasingly targeted is due to the amount of sensitive data that they hold. This data can be used for extortion, insider training and general ransom purposes. In addition, many law firms utilise third parties to handle their data, increasing their risk of becoming a victim through their supply chain.

Source: [Synack]

Attacker Deepfakes IT Employees’ Voice in Phone Call to Breach Company

A recent cyber attack used AI to deepfake an IT employee’s voice. The attack started off with a phishing mail, which the unsuspecting victim employee clicked. The attacker then hit a challenge: multi-factor authentication (MFA). That was until they decided to use artificial intelligence to clone the voice of an IT employee. The attacker, now speaking as if they were the IT employee, was then able to convince the victim employee to provide the needed MFA code. As a result, the attack was successful.

The attack highlights the increase in AI for attacks, whilst also demonstrating that cyber security is more than just technology: it is people and operations too. Think about voice cloning, how would your organisation prepare for this?

Sources [PC Mag]

Insider Risks are Getting Increasingly Costly as Organisations Fail to Proactively Address Them

With the cost of insider risk the highest it has ever been (£13.25m per incident), organisations need to effectively budget and find ways to proactively address insider risk. A report found that 55% of money spent on insider incident response went toward problems caused by negligence or mistakes, and 25% for those were caused by actively malicious insiders, with the remaining 20% being attacks that out-smarted employees.

The cost and damage is acknowledged by organisations, with a separate report finding 46% of organisations self-reported that they were actively planning to spend more on proactively addressing insider risk in 2024. Budgets are not infinite however, and organisations need to effectively allocate their spending to ensure they are getting the most protection for their spend.

Sources: [Computer Weekly] [CSO Online]

Half of Executives Expect Supply Chain Challenges

With the surge in the number of attacks taking place through the software supply chain, it is no wonder almost half of executives expect supply chain challenges in the year ahead according to a survey by Deloitte. When asked about their experience, 34% of respondents self-reported that their organisation has experienced one or more supply chain cyber security events during the past year.

One of the ways to improve organisations’ supply chain security is to conduct assessments on the third parties they use, yet 21% of respondents did not do this at all. Potentially, one of the reasons for this is not knowing the correct questions to ask. Black Arrow can support you through a structured approach to asking a suite of targeted questions to your third parties, and assessing the responses for indicators of risk to your business.  

Sources [PRnewswire] [SiliconANGLE]

How Social Engineering Takes Advantage of Your Kindness

Last week, MGM Resorts disclosed a massive systems issue that reportedly rendered slot machines, room keys and other critical devices inoperable. What elaborate methods were required to crack a nearly $34 billion casino and hotel empire? According to the hackers themselves, all it took was a ten minute phone call, allowing them to gain access through a simple social engineering attack. Social engineering psychologically manipulates a target into doing what the attacker wants, or giving up information that they shouldn’t. The consequences range from taking down global corporations to devastating the personal finances of unfortunate individual victims.

Extroverted, agreeable, and open individuals are often cyber victims; fear is an attack vector and so is helpfulness. As comfort increases, so too does vulnerability to being hacked. Social engineering attacks target both corporations and individuals. A person’s positive traits can be weaknesses against such threats. Balancing kindness with scepticism is essential.

Source: [Engadget]

Employers Blame Employees as 54% of Firms Face Cyber Attacks Annually

A survey found that despite the percentage of companies that have encountered a cyber security incident in the last 12 months, a worrying 24% of employees have never had any cyber security training. The survey further found that alarmingly 42% of respondents used the same password for both home and work accounts, increasing the risk of exposing their organisational passwords. This risk was furthered by 40% of the total number of respondents keeping their password in an open file or physical notebook.

Organisations, including those already providing training, should look to ensure they implement training from experts that covers such areas; by effectively training employees, organisations will increase their cyber resilience and reduce their risk of suffering a cyber attack. Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes are secure employee engagement and build a cyber security culture to protect the organisation.  

Source: [Information Security Buzz]

Governance, Risk and Compliance

• Cyber security still remains the greatest concern for many executives | TechRadar

• Cyber attacks are constant and test even the best | Newsroom

• Companies Struggling With Cyber security: Big Players In Bad Situations (forbes.com)

• SMEs overestimate their cyber security preparedness - Help Net Security

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Most Global Board Members Unprepared for “Targeted” Cyber attack, Report Finds | MSSP Alert

• Changing Role of the CISO: A Holistic Approach Drives the Future (darkreading.com)

• How to Get Your Board on Board With Cyber security (darkreading.com)

• Security concerns and outages elevate observability from IT niche to business essential - Help Net Security

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• Is Director Liability For Cyber security Failure An Immediate Risk? (forbes.com)

• Over a Third of UK Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• Poor digital experience a blocker for cyber resilience | Computer Weekly

• What is Governance, Risk and Compliance (GRC)? | TechTarget Definition

• How to prevent and prepare for a cyber catastrophe (securityintelligence.com)

• The rise of CISO stress: Recognising and reconciling the threat of litigation for CISOs (securitybrief.co.nz)

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

• The realities of modern cyber security: CrowdStrike CSO weighs in on how businesses must adapt - SiliconANGLE

• Why more security doesn’t mean more effective compliance - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• Digesting the Digits - 2023 ‘record year’ for ransomware attacks - PaymentExpert.com

• New Ransomware Victims Surge by 47% with Gangs Targeting Small Busines - Infosecurity Magazine (infosecurity-magazine.com)

• Attacks on Casino Giants Heralds Resurgence in Ransomware Attacks (claimsjournal.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• LockBit Is Using RMMs to Spread Its Ransomware (darkreading.com)

• ‘Top’ ransomware gangs favour smaller businesses | Computer Weekly

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Ransomware group's evolving tactics pose growing threat - Nextgov/FCW

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• Who is behind the latest wave of UK ransomware attacks? | Cyber crime | The Guardian

• NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware (darkreading.com)

• Scattered Spider, Alphv, and the MGM hack, explained - The Hustle

• Quadruple extortion ransomware maximising monetisation (securitybrief.co.nz)

• What is Extortionware? How is it Different from Ransomware? (techtarget.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

• Cyber insurance claims for ransomware reach record high (betanews.com)

• Ransomware gang targeting defence firms, FBI warns - Defence One

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• BlackCat ransomware hits Azure Storage with Sphynx encryptor (bleepingcomputer.com)

• FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service (darkreading.com)

• Critical Infrastructure Organisations Warned of Snatch Ransomware Attacks - Security Week

• Healthcare's ransomware defences need more preventative action (securitybrief.co.nz)

• Ransomware vs. resources: A higher education dilemma - eCampus News

Ransomware Victims

• Two Vegas casinos fell victim to cyber attacks, shattering the image of impenetrable casino security | AP News

• Hackers who breached casino giants MGM, Caesars also hit 3 other firms, Okta says | Reuters

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)k

• Clorox expects August’s cyber security attack to have a ‘material’ impact on first-quarter results - MarketWatch

• Clorox products in short supply after cyber attack disrupts operations | CNN Business

• Psychiatric hospital near Jerusalem hit by suspected cyber attack | The Times of Israel

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• UMass Medical School Sued Over MOVEit File-Transfer Data Breach (bloomberglaw.com)

• UK IT services provider Agilitas hit by Donut ransomware attack? (techmonitor.ai)

• Cyber attack blamed for outages at hospitals in Illinois, Wisconsin (scrippsnews.com)

• Major trucking software provider confirms ransomware incident (therecord.media)

• Handbag maker Radley London hit by RansomHouse cyber attack? (techmonitor.ai)

Phishing & Email Based Attacks

• Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• HR phishing: self-evaluation questionnaire | Kaspersky official blog

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Cyber criminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads (thehackernews.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

BEC – Business Email Compromise

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

Other Social Engineering; Smishing, Vishing, etc

• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts (engadget.com)

• How social engineering takes advantage of your kindness (engadget.com)

• Las Vegas casinos face ‘social engineering’ threat amid hacks | Las Vegas Review-Journal (reviewjournal.com)

Artificial Intelligence

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

• NSA Report: Deepfakes Threaten National Security | MSSP Alert

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• WormGPT: AI tool designed to help cyber criminals will let hackers develop attacks on large scale, experts warn | Science & Tech News | Sky News

• Artificial Intelligence Making Cyber Crime Harder to Fight (govtech.com)

• Companies still don’t know how to handle generative AI risks - Help Net Security

• 85% of cyber leaders believe AI will outpace cyber defences (electronicspecifier.com)

• McAfee CEO Greg Johnson on the Cyber security Threat From Generative AI (businessinsider.com)

• Companies Rely on Multiple Methods to Secure Generative AI Tools (darkreading.com)

• Poland investigates OpenAI over privacy concerns | Reuters

2FA/MFA

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

Malware

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• Malware distributor Storm-0324 facilitates ransomware access | Microsoft Security Blog

• macOS MetaStealer attacks take aim at business Mac users (appleinsider.com)

• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement (trendmicro.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Bumblebee malware returns in new attacks abusing WebDAV folders (bleepingcomputer.com)

• Fake WinRAR exploit PoC drops VenomRAT malware | SC Media (scmagazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

• ‘Sandman’ hackers backdoor telcos with new LuaDream malware (bleepingcomputer.com)

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

Mobile

• Dangerous permissions detected in top Android health apps (securityaffairs.com)

• Android security updates: Everything you need to know | Android Central

• Google releases an update for compatible Pixel devices; Android 14 no, September security patch yes - PhoneArena

• Hook: New Android Banking Trojan That Expands on ERMAC's Legacy (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

Botnets

• Bot Attack Costs Double to $86m Annually - Infosecurity Magazine (infosecurity-magazine.com)

• P2PInfect botnet activity surges 600x with stealthier malware variants (bleepingcomputer.com)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

Denial of Service/DoS/DDOS

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

Internet of Things – IoT

• DDoS 2.0: IoT Sparks New DDoS Alert (thehackernews.com)

• IoT threats in 2023 | Securelist

• Hikvision Intercoms Allow Snooping on Neighbors (darkreading.com)

• No dedicated hardware security for 66% IoT modules: IoT Analytics (securitybrief.co.nz)

Data Breaches/Leaks

• Pirated Software Likely Cause of Airbus Breach - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (thehackernews.com)

• Police data breach: 20,000 data points 'at risk' (computing.co.uk)

• CardX released a data leak notification impacting their customers in Thailand (securityaffairs.com)

• Pizza Hut Australia hack: data breach exposes customer information and order details | Australia

• Air Canada says unauthorized group breached employee data, hacked internal system (databreaches.net)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• T-Mobile app glitch let users see other people's account info (bleepingcomputer.com)

• T-Mobile Racks Up Third Consumer Data Exposure of 2023 (darkreading.com)Over a Third of UK

• Population Believe Prison is the Most Suitable Punishment for Individuals Responsible for Data Breach - IT Security Guru

• TransUnion says dump of customer data came from third party • The Register

• US govt IT worker accused of leaking top secrets • The Register

Organised Crime & Criminal Actors

• Europol lifts the lid on cyber crime tactics (malwarebytes.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• India's biggest tech centres named as cyber crime hotspots • The Register

• Scattered Spider snares 100+ victims, moves into ransomware • The Register

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Phishing victim sends eye-watering $4.5M in USDT to scammer (cointelegraph.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

Insider Risk and Insider Threats

• Organisations failing to proactively address insider cyber risk | Computer Weekly

• HR’s role in cyber security and insider threat mitigation - Hindustan Times

• Insider risks are getting increasingly costly | CSO Online

• Can Users Be Trusted to Skirt Hackers’ Lures? | MSSP Alert

Fraud, Scams & Financial Crime

• Brits Lose $9.3bn to Scams in a Year - Infosecurity Magazine (infosecurity-magazine.com)

• cyber criminals: Scams, phishing made up over 75% of digital threats in first half of 2023: Report - The Economic Times (indiatimes.com)

• Another $40m Dispersed to Western Union Fraud Victims - Infosecurity Magazine (infosecurity-magazine.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

• Mark Cuban loses $870k to a crypto scam: ‘They must have been watching’ – DL News

• How Sam Bankman-Fried's parents enabled his criminal empire | Fortune Crypto

• Illegal Betting Ring Used Satellite Tech to Get Scoop on Results - Infosecurity Magazine (infosecurity-magazine.com)

• Payment Card-Skimming Campaign Now Targeting Websites in North America (darkreading.com)

• Court sentences pair for India-based robocall scam • The Register

• Shift from UK Analogue to Digital Phone Lines Breeds New SCAMs - ISPreview UK

• Singapore to detail fraud liability split for bank & victim • The Register

Deepfakes

• Hacker Deepfakes Employee's Voice in Phone Call to Breach IT Company | PCMag

Insurance

• Cyber insurance claims for ransomware reach record high (betanews.com)

• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks | CSO Online

• Beazley and AIG likely to face cyber attack losses on casinos (insuranceinsider.com)

• Ransomware cyber insurance claims rose by 27% | Security Magazine

Dark Web

• Brits Are in the Dark About the Dark Web - IT Security Guru

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Supply Chain and Third Parties

• Almost Half of Executives Expect Supply Chain Security Challenges in Year Ahead (prnewswire.com)

• Okta Agent Involved in MGM Resorts Breach, Attackers Claim (darkreading.com)

• OODA Loop - The MGM Cyber attack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?

• Greater Manchester Police Hack Follows Third-Party Supplier Fumble (darkreading.com)

• High-stakes digital heists: Enterprise software supply chains become new battleground for cyber criminals - SiliconANGLE

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Evaluating New Partners and Vendors from an Identity Security Perspective (darkreading.com)

• HWL Ebsworth hack: 65 Australian government agencies affected by cyber attack | Crime - Australia | The Guardian

• How cyber attacks on Taiwan are hurting global business - Raconteur

Software Supply Chain

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

Cloud/SaaS

• Cloud to Blame for Almost all Security Vulnerabilities - Infosecurity Magazine (infosecurity-magazine.com)

• Why Shared Fate is a Better Way to Manage Cloud Risk (darkreading.com)

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• IBM X-Force: Use of compromised credentials darkens cloud security picture | Network World

• Retool blames breach on Google Authenticator MFA cloud sync feature (bleepingcomputer.com)

• Mastering Defence-In-Depth and Data Security in the Cloud Era (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• The Rise of the Malicious App (thehackernews.com)

Hybrid/Remote Working

• Future Cyber security: Hybrid Threats Require Balanced Preparation | Center for Internet and Society (stanford.edu)

• Spies working from home despite fears they could be hacked by foreign states (telegraph.co.uk)

Shadow IT

• Shadow IT: Security policies may be a problem - Help Net Security

Identity and Access Management

• CISA Releases New Identity and Access Management Guidance - Security Week

Encryption

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (thehackernews.com)

Open Source

• Kaspersky uncovers 3-year old supply chain attack campaign (securitybrief.co.nz)

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• New SprySOCKS Linux malware used in cyber espionage attacks (bleepingcomputer.com)

• Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack (thehackernews.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Are your end-users' passwords compromised? Here's how to check. (bleepingcomputer.com)

• Why employee login credentials are 'the weakest link in security' (siliconrepublic.com)

Social Media

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• Donald Trump Jr.'s X Account Appears To Have Been Hacked (dailydot.com)

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams (bleepingcomputer.com)

Malvertising

• Probe reveals secret Israeli spyware that infects via ads • The Register

Training, Education and Awareness

• Survey Reveals: 50% Of Respondents Face Cyber attacks Yearly — Employers Blame Employees (informationsecuritybuzz.com)

Parental Controls and Child Safety

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

Regulations, Fines and Legislation

• UK Minister Warns Meta Over End-to-End Encryption - Security Week

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

• TikTok Is Hit With $368 Million Fine Under Europe's Strict Data Privacy Rules - Security Week

• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents (darkreading.com)

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• Why Cyber security Compliance Standards Still Have A Long Way To Go (forbes.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

Models, Frameworks and Standards

• How to Interpret the 2023 MITRE ATT&CK Evaluation Results (darkreading.com)

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• UK-US Confirm Agreement for Personal Data Transfers - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Digital Deficit: 93% of UK Employers Identify An IT Skills Gap Within The UK Job Market - IT Security Guru

• Expert: Three Skills Cyber security Professionals Should Have in 2024 (newswise.com)

• 83% of IT Security Professionals Say Burnout Causes Data Breaches (prnewswire.com)

• IT pros told to accept burnout as normal part of their job - Help Net Security

• Wanted: another 3mn cyber professionals | Financial Times (ft.com)

Law Enforcement Action and Take Downs

• How the FBI Fights Back Against Worldwide Cyber attacks (securityintelligence.com)

• Court sentences pair for India-based robocall scam • The Register

• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace (thehackernews.com)

Privacy, Surveillance and Mass Monitoring

• California Settles With Google Over Location Privacy Practices for $93 Million - Security Week

• TikTok fined 345m euro by watchdog over how it processed children’s data | The Independent

• Researchers used Wi-Fi signals to see through walls. Game-changing breakthrough? Or privacy nightmare waiting to happen? | TechRadar

• Today The UK Parliament Undermined The Privacy, Security, And Freedom Of All Internet Users (pogowasright.org)

• EU's quest to fix the internet could become a privacy nightmare | TechRadar

Misinformation, Disinformation and Propaganda

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• International Criminal Court hacked amid Russia probe • The Register

• Portuguese company detects 961 pro-Russian cyber attacks in Western Europe – EURACTIV.com

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• One of the FBI’s most wanted hackers is trolling the US government | TechCrunch

• Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions (securityaffairs.com)

• Senators want clarity from Pentagon on Ukraine Starlink access fiasco | SC Media (scmagazine.com)

• Russian allegedly smuggled US weapons electronics to Moscow • The Register

China

• Chinese Cyber Power Bigger Than the Rest of the World Combined - Infosecurity Magazine (infosecurity-magazine.com)

• China, Russia ‘Prepared’ to Use Cyber If War Breaks Out, US Warns (thedefencepost.com)

• FBI chief says China has bigger hacking program than the competition combined | Reuters

• EU warns China on Ukraine disinformation and cyber attacks  – POLITICO

• Chinese Spies Infected Dozens of Networks With Thumb Drive Malware | WIRED

• Chinese hackers have unleashed a never-before-seen Linux backdoor | Ars Technica

• Trouble brews after embassy worker finds spy bug in China teapot (thetimes.co.uk)

• Vast majority of bot attacks emanate from China and Russia | SC Media (scmagazine.com)

• A mysterious new Chinese malware strain is targeting large firms across the globe | TechRadar

• Financially Motivated Hacks by Chinese-Speaking Actors Surge (inforisktoday.com)

• Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT (thehackernews.com)

• Growing Chinese Tech Influence in Africa Spurs 'Soft Power' Concerns (darkreading.com)

• How cyber attacks on Taiwan are hurting global business - Raconteur

• Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities | Recorded Future

• DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage (darkreading.com)

Iran

• Microsoft: 'Peach Sandstorm' Cyber attacks Target Defence, Pharmaceutical Orgs (darkreading.com)

• Iranian state-backed hackers target global satellite, defence, and pharma companies (databreaches.net)

• Pro-Iranian Attackers Target Israeli Railroad Network (darkreading.com)

North Korea

• Multiple crypto raids net Lazarus Group $290M in 15 weeks | SC Media (scmagazine.com)

• Russian and North Korea artillery deal paves the way for dangerous cyberwar alliance (theconversation.com)

• How a North Korean cyber group impersonated a Washington D.C. analyst (cnbc.com)

Misc Nation State/Cyber Warfare

• New Research Finds Cyber attacks Against Critical Infrastructure on the Rise, State-affiliated Groups Responsible for Nearly 60% | Business Wire

• Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign (thehackernews.com)

• APT36 state hackers infect Android devices using YouTube app clones (bleepingcomputer.com)

• OODA Loop - Is Future Escalation in Cyber Conflict a Foregone Conclusion?

Vulnerability Management

• KEV Catalog Reaches 1000, What Does That Mean and What Have We Learned  | CISA

• Vulnerability management, its impact and threat modeling methodologies (securityintelligence.com)

• How SBOMs Help Uncover Vulnerabilities In Enterprise Applications (forbes.com)

Vulnerabilities

• Fortinet Releases Security Updates for Multiple Products | CISA

• Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) - Help Net Security

• iOS 17.0.1 re-patches 3 actively exploited security flaws - 9to5Mac

• Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability (thehackernews.com)

• If you're still using WinRAR, watch out for this dangerous exploit - and please stop | TechRadar

• GitLab Releases Urgent Security Patches for Critical Vulnerability (thehackernews.com)

• Microsoft releases firmware update for all Surface devices | TechSpot

Tools and Controls

• Expensive Investigations Drive Surging Data Breach Costs (bleepingcomputer.com)

• Enterprise networks are evolving; your security architecture needs to evolve, too (betanews.com)

• Think Your MFA and PAM Solutions Protect You? Think Again (thehackernews.com)

• Do You Really Trust Your Web Application Supply Chain? (thehackernews.com)

• Regulatory activity forces compliance leaders to spend more on GRC tools - Help Net Security

• Going Up! How to Handle Rising Cyber security Costs (securityintelligence.com)

• Shadow IT: Security policies may be a problem - Help Net Security

• Balancing budget and system security: Approaches to risk tolerance - Help Net Security

• How NIST Cyber security Framework 2.0 Tackles Risk Management (securityintelligence.com)

• How Choosing Authentication Is a Business-Critical Decision (darkreading.com)

• Understanding the Differences Between On-Premises and Cloud Cyber security (darkreading.com)

• Adapting to new rule changes in cyber risk management: How the SEC changed the game - SiliconANGLE

• What is DNS over HTTPS (DoH)? (techtarget.com)

Reports Published in the Last Week

• QBE Mid-sized Business Risk Report | QBE US

• 2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster (informationweek.com)

Other News

• Why automakers are worried your car is the next target for cyber attacks - CityAM

• Consumers are being bombarded with billions of threats every year | TechRadar

• Bad torts: Law firms feel the heat from rising cyber threats (synack.com)

• 8 new threats to Mac security in 2023 - TechFruit

• SME Cyber Security – Time for a New Approach? - IT Security Guru

• Time to Demand IT Security by Design and Default - Infosecurity Magazine (infosecurity-magazine.com)

• Australia’s new cyber security strategy: Build “cyber shields” around the country | CSO Online

• Home Office sets up cyber security for Emergency Services Network | UKAuthority

• Cyber security Tops Business Risks Challenging European Auditors (bloomberglaw.com)

• Energy Is the Most-Targeted Sector for Cyber attacks: Here’s What to Do (powermag.com)

• Cyber on the battlefield is about more than IT - Nextgov/FCW

• From national threats to click-happy employees: Decoding the multifaceted cyber security landscape - SiliconANGLE

• Hidden dangers loom for subsea cables, the invisible infrastructure of the internet - Help Net Security

• Every Network Is Now an OT Network. Can Your Security Keep Up? - Security Week

• Pentagon's 2023 Cyber Strategy Focuses on Helping Allies - Security Week

• Singapore's retail banks take steps to enhance cyber security (finextra.com)

• Cyber pros warn Congress that government shutdown will create open season for cyber attacks - Washington Times

• Experts fret over fate of CISA cyber programs as shutdown clouds loom | SC Media (scmagazine.com)

• Strong compliance management is crucial for fintech-bank partnerships - Help Net Security

• Rail Travel Free in Estonia as Cyber Attack Disrupts Ticketing (eturbonews.com)

• Five easy wins in cyber security | Financial Times (ft.com)

• Dairy industry teams with cyber security group to beef up defences | Food Dive

• Securing Eurovision’s online voting system against cyber attacks (computerweekly.com)

• GCHQ chief takes job in private security company | The Independent

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

More Than Half of UK Organisations Know They Aren’t Well Protected

According to a recent report, just 49% of business leaders report their organisation is well or very well protected. Cyber security featured as the third highest-rated business priority, with increasing revenues and reducing costs forming the top two. One of the ways an organisation can reduce cost is to outsource, and 63% of respondents agreed, reporting that they wanted to work with an external cyber security partner to improve their security.

Even if you’re in the 49% of organisations that believes it is well protected, this can be a dangerous self-assessment based on a lack of experience and impartiality. Business leaders need independent assurance to ensure their security controls are appropriate and in line with the organisation’s risk appetite. It is essential to dispel assumptions, by investigating your security before an attacker does.

Black Arrow Cyber Consulting offers a free, no-obligation, introductory consultation to help you gain an unbiased perspective on how your current security approach could withstand an attacker. We help our clients to know the questions to ask of their external or internal IT provider, and how to leverage other security controls from existing resources.

Sources: [IT Security Guru][Beta News]

Generative AI Considered a Security Risk by 60% of Board Members. How Organisations Can Prepare

A recent report conducted by Proofpoint found that 60% of board members consider generative AI a security risk.

The rapid development and adoption of AI is double-edged in nature. Whilst it can yield positive benefits if used safely and responsibility within organisations, AI is also being used to great effect by malicious actors with AI abuse growing beyond phishing to increasing the efficacy of multistage attacks, being used to generated malware, and carrying out different types of social engineering attacks.

For this reason Boards and senior leaders are right to be concerned and should ensure appropriate measures are being taken.

Sources: [TheNationalNews] [SCMagazine] [CyberSecurityNews]

Further reading: [BusinessCloud.co.uk] [WIRED UK] [Help Net Security]

Businesses Ignore Incident Response at Their Peril

According to a UK Government report, a quarter of businesses don’t regard cyber incident response skills as essential and almost half said they weren’t confident they could put together an incident response plan. This led to 41% saying they were not very or not at all confident that they would be able to deal with a cyber security breach or attack.

Unfortunately, this leaves many organisations in a situation where they will have to learn the hard way about the implications of not having an incident response plan. A separate government report found that 37% of those hit by a cyber attack said it impacted operations and a quarter experienced negative consequences such as loss of money or data.

One of the ways organisations can circumnavigate their lack of confidence in their ability to construct an incident response plan is to use cyber security experts to construct it. 

Source: [Infosecurity Magazine]

Blame Culture: An Organisation’s Ticking Time Bomb

An organisation’s attitude and responses to cyber security are almost as important as the actions taken to prevent cyber attacks. “Lessons learnt” are a common feature within mature and cyber resilient organisations. Incidents are a matter of when not if, and it is important that organisations know how to react.

Taking the example of a phishing attack, it is easy to blame the employee who opened it, potentially firing them. With phishing simulations, it is equally easy to discipline an employee who fell for it. The problem is, neither of these focus on what can be learned, such as why the employee fell for it in the first place. Additionally, there is the potential that employees become reserved or reticent about reporting potential events, due to the fear of being disciplined. This can be the difference between an organisation having an early detection of an incident and being able to invoke incident response plans sooner, or leaving the attacker in the system doing damage for longer before being reported.

Source: [ IT Security Guru]

Spend to Save: CFOs and Cyber Security Investment

For chief financial officers (CFOs), the increasing impact of data breaches creates a paradox. While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending is all about return on investment.

When looking at spending, CFOs need to keep in mind that the total cost of a breach is more than the initial currency loss: there is the knock-on effect of reputation and losses in customers. But it is not a case of spending more to protect more; spending must be tailored to the organisation and prioritise in terms of business needs.

Source: [Security Intelligence]

Cyber Security Tools Are New Targets for Attackers, Including Nation-State Actors

An increasing number of attacks by nation-state attackers are targeting cyber security tools in their campaigns. This includes the recent attacks on US officials which attacked and gained access through the firewalls of the victim. Security vendors, just like anyone, will have flaws in their software: there will be vulnerabilities. As such, organisations need to be aware of these vulnerabilities and when support runs out for their cyber security tools, to better protect themselves.

Source: [News Week]

Attackers Access UK Military Data Through Third Party Supplier as Relentless Russian Cyber Attacks Raise Spectre of WW3

Top secret military data from the UK’s Ministry of Defence was stolen and then sold by the ransomware gang LockBit. How, you might ask? Through a rogue Windows 7 PC that belonged to their fencing supplier, Zaun. The LockBit Ransom group conducted the attack on the supplier’s network, and Zaun admitted the group may have exfiltrated 10GB of data.

Many attackers have realised that if you cannot directly attack an organisation, then the supplier can present a way in. Organisations need to be sure of their suppliers’ security, and conduct third party security assessments to identify the risk the supplier may present to the organisation itself.

Black Arrow have helped many clients carry out third party risk assessments on a large number of suppliers and this can be done as a standalone offering or as part of a fractional CISO engagement.

Source: [The Register] [Tech Monitor]

Common Tactics Used by Threat Actors to Weaponise PDFs

PDFs are often seen as safe, something that cannot be used by an attacker, but that’s wrong. Actors are using this trustworthiness, as well as the difficulty in detection and ubiquity of PDFs, to weaponise them. Common tactics involve malicious hyperlinks within PDFs and macros that run when a PDF is opened, and in some cases attackers are disguising a malicious Word document as a PDF to evade detection.

Source: [Cyber Security News]

Years-old Microsoft Security Holes Still Hot Targets for Cyber Criminals

A recent report has found that Microsoft vulnerabilities as old as 6 years are still being exploited, with one recorded as being exploited as recently as 31 August. In fact, since this particular vulnerability was fixed, it has been used to deploy 467 different malware types. This is not the number of attacks, but the number of different types of malware used in attacks.

The concept isn’t just for Microsoft. Many organisations do not employ effective patching strategies, and as such leave the doors open to attackers. Sometimes, these doors are open for years.

Source: [The Register]

Popular ‘As-a-Service’ Operations Have Earned Cyber Criminals over $64m

As-a-service operations allow attackers to employ sophisticated attacks without the need for extensive knowledge; they simply just purchase the ability.  Take phishing-as-a-service (PhaaS), where an attacker with very limited cyber knowledge simply needs to purchase a phishing kit and they are then well-equipped to target organisations. This availability in tools creates a significant surge in the number of cyber criminals, with one scheme alone raking in $64.5 billion in illegal gains.

Source: [IT Security Guru]

71% of Organisations are Impacted by Cyber Security Skills Shortage

Most organisations (71%) report that they’ve been impacted by the cyber security skills shortage, leading to an increased workload for the cyber security team (61%), unfilled open job requisitions (49%) and high burnout among staff (43%). Further, 95% respondents state the cyber security skills shortage and its associated impacts have not improved over the past few years and 54% (up 10% from 2021) say it has got worse.

Organisations need to continue maintaining and improving their security while their cyber security positions remain unfilled. Black Arrow supports firms to achieve this by providing expert resources on a flexible basis for technical, governance and transformational positions.

Source: [Security Magazine] [Digital Journal]

Multiple Schools Hit by Cyber Attacks Before Term Begins

Ahead of the new school term, a number of schools have become the victim of serious cyber attacks. The education sector isn’t a new target, with previous ransomware reports finding the education sector to account for 16% of victims.

The education sector remains a target due to the valuable data they hold, large attack surfaces and frequently a lack of resources and budgets, something many small and medium-sized business may share.

Source: [Infosecurity Magazine]

Governance, Risk and Compliance

• The importance of CISOs is not recognised by senior leadership - IT Security Guru

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Blame Culture: An Organisation's Ticking Time Bomb - IT Security Guru

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• More than half of UK organisations know they aren’t well protected against cyber threats - IT Security Guru

• Boards show confidence in their cyber security but still think they're at risk of attack (betanews.com)

• SEC tells companies to “show their work” on cyber security - Red Canary

• Cyber security: a life cycle, not a destination | Hydrocarbon Engineering

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Compliance budgets under strain as inflation and workload grow - Help Net Security

• Cyber Security pros battle discontent amid skills shortage - Help Net Security

• CISOs weigh in on building security-focused culture | Healthcare IT News

• How Do Some Companies Get Compromised Again and Again? (securityintelligence.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Threats

Ransomware, Extortion and Destructive Attacks

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Attackers access military data through fencing supplier • The Register

• Yes, Ransomware is Still a Huge Problem | CSO Online

• Ransomware attackers are targeting exposed Microsoft SQL databases, report says (therecord.media)

• Ransomware and Data Breaches: Impacts Continue to Grow Louder (govtech.com)

• Ransomware attacks go beyond just data - Help Net Security

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Killware vs. Ransomware: What's the Difference? (makeuseof.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• To Pay or Not to Pay? The Ransomware Dilemma (informationweek.com)

• Snake Ransomware Endangers Your Data: How Can You Stop It? (makeuseof.com)

• How to Prevent Ransomware: 6 Key Steps to Safeguard Assets (techtarget.com)

Ransomware Victims

• LockBit Leaks Documents Filched From UK Defence Contractor (darkreading.com)

• Ministry of Defence documents leaked in cyber attack (civilserviceworld.com)

• Maidstone: Secondary school hit by cyber attack - BBC News

• Debenham High School IT system hit by cyber attack - BBC News

• Highgate Wood School delays term by 6 days after cyber attack | This Is Local London

• Cyber attack hits Suffolk school (computing.co.uk)

• Cyber attack hits Wokingham's Maiden Erlegh School | Reading Chronicle

• Russian ransomware gang AlphV targets pathology company, law firms in latest string of attacks - ABC News

• LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) (securityaffairs.com)

• Ransomware gang claims credit for Sabre data breach | TechCrunch

• Hackers claim to publish prominent Israeli hospital’s patient data (therecord.media)

Phishing & Email Based Attacks

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Google is enabling Chrome real-time phishing protection for everyone (bleepingcomputer.com)New phishing tool hijacked thousands of Microsoft business email accounts (therecord.media)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• Spam is up, QR codes emerge as a significant threat vector - Help Net Security

• From unsuspecting click to data compromise - Help Net Security

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

• Getting off the hook: 10 steps to take after clicking on a phishing link (welivesecurity.com)

• What Is Spear Phishing? A Comprehensive Guide - Sapphire

Other Social Engineering; Smishing, Vishing, etc

• Emerging threat: AI-powered social engineering - Help Net Security

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges (thehackernews.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Artificial Intelligence

• Generative AI considered a security risk by 60% of board members, survey finds (thenationalnews.com)

• AI ‘triggers DeepTech anxiety for senior leaders’ (businesscloud.co.uk)

• Emerging threat: AI-powered social engineering - Help Net Security

• AI abuse grows beyond phishing to multistage cyber attacks | SC Media (scmagazine.com)

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UK tech tsar warns of AI cyber threat to NHS | Financial Times (ft.com)

• It's the summer of adversarial chatbots. Here's how to defend against them - SiliconANGLE

• Will the AI Arms Race Lead to the Pollution of the Internet? (darkreading.com)

• Cyber Security Concerns In AI: NCSC Flags Vulnerabilities In Chatbots And Language Models (informationsecuritybuzz.com)

• UK cyber chief urges ‘Security by Design’ in AI development (ukdefencejournal.org.uk)

• Generative AI’s Biggest Security Flaw Is Not Easy to Fix | WIRED UK

• Developers have security, other generative AI concerns but use it anyway - ARN (arnnet.com.au)

• How Companies Can Cope With the Risks of Generative AI Tools (darkreading.com)

• 3 ways to strike the right balance with generative AI - Help Net Security

• Peril vs. Promise: Companies, Developers Worry Over Generative AI Risk (darkreading.com)

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Malware

• Common Tactics Used by Threat Actors to Weaponise PDFs (cybersecuritynews.com)

• Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus (thehackernews.com)

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

• Hackers Using ChatGPT to Generate Malware & Social Engineering Threats (cybersecuritynews.com)

• UNRAVELING EternalBlue: inside the WannaCry’s enabler (securityaffairs.com)

• Malware Report: The Evolution of BumbleBee - Understanding the Emerging New Threat (govinfosecurity.com)

• Malware configurations How to find and use them? (govinfosecurity.com)

• Beware of New Fileless Malware that Propagates Via Spam Mail (cybersecuritynews.com)

• New Python Variant of Chaes Malware Targets Banking and Logistics Industries (thehackernews.com)

• New BLISTER Malware Update Fuelling Stealthy Network Infiltration (thehackernews.com)

• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant (thehackernews.com)

Mobile

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• Hacker exploits security flaw to target iPhone users with 'notification attack' | Macworld

Botnets

• It might be too soon to claim victory against Qakbot | Computer Weekly

Denial of Service/DoS/DDOS

• DDoS attack took down the site of German financial agency BaFin (securityaffairs.com)

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack | CISA

BYOD

• Many businesses still aren't using BYOD protection | TechRadar

Internet of Things – IoT

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• Tech Company Says Cars Collect 25 Gigabits of Data per Hour, Making Them Targets for Hacking | The Epoch Times

• Connected cars and cyber crime: A primer - Help Net Security

• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups | TechCrunch

• Mirai variant infects low-cost Android TV boxes for DDoS attacks (bleepingcomputer.com)

• Why consumer drones represent a special cyber security risk (securityintelligence.com)

• Like privacy? Then smart devices are a dumb idea • The Register

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

Data Breaches/Leaks

• Electoral Commission failed basic security test before hack - BBC News

• Insurer fined $3M for exposing data of 650k clients for two years (bleepingcomputer.com)

• Golf gear giant Callaway data breach exposes info of 1.1 million (bleepingcomputer.com)

• Freecycle confirms massive data breach impacting 7 million users (bleepingcomputer.com)

• Pizza Hut Australia leaks one million customers' details, claims ShinyHunters hacking group (bitdefender.com)

• Thousands of Popular Websites Leaking Secrets - SecurityWeek

• Johnson & Johnson discloses IBM data breach impacting patients (bleepingcomputer.com)

• Northern Ireland police chief quits in wake of data breach • The Register

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Organised Crime & Criminal Actors

• Popular 'As-a-Service' Operations Have Earned Cyber Criminals over $64m - IT Security Guru

• Cyber Crime Tremors: Experts Forecast Qakbot Resurgence (govinfosecurity.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cyber crime to cost Germany 206 billion euros in 2023, survey finds | Reuters

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• YouTuber Loses $60K Worth of Crypto After Showing Seed Phrases on Stream - Decrypt

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Is this the next target for international ransomware attacks? | World Economic Forum (weforum.org)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

• Cyber criminals target graphic designers with GPU miners (talosintelligence.com)

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

Insider Risk and Insider Threats

• Lawsuit blames Tesla for data breach it sued ex-staff over • The Register

Fraud, Scams & Financial Crime

• Popular 'As-a-Service' Operations Have Earned Cyber criminals over $64m - IT Security Guru

• Smishing Triad: China-Based Fraud Network Exposed - Infosecurity Magazine (infosecurity-magazine.com)

• Fake YouPorn extortion scam threatens to leak your sex tape (bleepingcomputer.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Global roaming fraud losses to surpass $8 billion by 2028 - Help Net Security

• Three men arrested for stealing thousands of dollars by hacking into ATMs with a Raspberry Pi device | PC Gamer

• Airlines Battle Surge in Loyalty Program Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• District of Massachusetts | Russian Businessman Sentenced to Nine Years in Prison in $93 Million Hack-to-Trade Conspiracy | United States Department of Justice

• Hundreds of Scam Pages Uncovered in Major Investment Fraud Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack - SecurityWeek

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Impersonation Attacks

• 'Smishing Triad' Targeted USPS and US Citizens for Data Theft (securityaffairs.com)

• How cyber criminals use look-alike domains to impersonate brands - Help Net Security

Deepfakes

• Emerging threat: AI-powered social engineering - Help Net Security

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

AML/CFT/Sanctions

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• How We Track Crypto Money Laundering for Off-Chain Crime (chainalysis.com)

• Four Convicted in $18m Investment Fraud Scheme - Infosecurity Magazine (infosecurity-magazine.com)

• Bitcoin exchange exec admits he ignored anti-laundering laws • The Register

Insurance

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Beazley expects to sponsor more cyber catastrophe bonds in 2024 - Artemis.bm

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

Dark Web

• Anonymity and illicit activities: Cyber security expert warns of risks and dangers associated with the dark web (newswise.com)

• The Initial Access Broker Economy: A Deep Dive into Dark Web Hacking Forums (bleepingcomputer.com)

Supply Chain and Third Parties

• Attackers access military data through fencing supplier • The Register

• Ministry of Defence documents leaked by LockBit (techmonitor.ai)

• Supply chain related security risks, and how to protect against them (malwarebytes.com)

• 5 ways to improve your supply chain security posture | IT Reseller Magazine (itrportal.com)

• University of Sydney suffered a security breach caused by a third-party service provider (securityaffairs.com)

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• Creating a more cyber secure supply chain requires group effort - FreightWaves

• Facing Third-Party Threats With Non-Employee Risk Management (darkreading.com)

• Cyber attacks attempt to crash 6 media sites globally using US. company RayoByte - Committee to Protect Journalists (cpj.org)

Software Supply Chain

• Software Supply Chain Strategies to Parry Dependency Confusion Attacks (darkreading.com)

Cloud/SaaS

• Step Up Your Defence Against Cloud-loving Cyber Criminals (informationsecuritybuzz.com)

• IAM, cloud security to drive new cyber security spending | CSO Online

Hybrid/Remote Working

• Beware: Deepfake Scams Could Target Your Next Zoom Meeting | Entrepreneur

Attack Surface Management

• What OSINT is, and why it’s dangerous | Kaspersky official blog

• Armis report sheds light on top 10 targeted assets by cyber attackers - SiliconANGLE

• Top 10 riskiest assets threatening global business - IT Security Guru

Encryption

• Government denies U-turn on encrypted messaging row - BBC News

• UK lawmakers back down on encryption-busting 'spy clause' | CyberScoop

API

• API Vulnerabilities: 74% of Organisations Report Multiple Breaches - Infosecurity Magazine (infosecurity-magazine.com)

Open Source

• Software industry urged to assume risk on open source security | CIO Dive

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• It's a Zero-day? It's Malware? No! It's Username and Password (thehackernews.com)

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Hacker gains admin control of Sourcegraph and gives free access to the masses | Ars Technica

• Passwords From The November 2022 LastPass Breach Being Cracked? - PC Perspective

• LastPass under fire again as users report stolen crypto keys and losses | Cybernews

• Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed | TechCrunch

• 75% of education sector attacks linked to compromised accounts - Help Net Security

Social Media

• Twitter accused of helping Saudi Arabia commit human rights abuses | Saudi Arabia | The Guardian

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

Malvertising

• 'Atomic macOS Stealer' Malware Delivered via Malvertising Campaign - SecurityWeek

Parental Controls and Child Safety

• Children's snack recalled after its website caught serving porn (bleepingcomputer.com)

• Cyber criminals coercing children in their own bedrooms | The Canberra Times | Canberra, ACT

Regulations, Fines and Legislation

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• SEC tells companies to “show their work” on cyber security - Red Canary

• Verizon to pay feds $4M over cyber security lapse | Light Reading

• Government denies U-turn on encrypted messaging row - BBC News

• UK drops 'spy clause' for scanning encrypted messages • The Register

Models, Frameworks and Standards

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• CIS Benchmarks Communities: Where configurations meet consensus - Help Net Security

• Explaining The New NIST Cyber Security Framework to the C-Suite

Backup and Recovery

• Best practices for implementing a proper backup strategy - Help Net Security

Careers, Working in Cyber and Information Security

• 71% of organisations are impacted by cyber security skills shortage | Security Magazine

• Cyber Security Skills Gap set to cost UK £120 billion by 2023 - Essex-TV

• 6 free resources for getting started in cyber security - Help Net Security

• Cyber professionals say industry urgently needs to confront mental health crisis | CyberScoop

• Cyber security pros battle discontent amid skills shortage - Help Net Security

Law Enforcement Action and Take Downs

• FBI Qakbot Takedown: Unanswered Questions (trendmicro.com)

• It might be too soon to claim victory against Qakbot | Computer Weekly

• Cops drill into chat apps to thwart coke-smuggling ring • The Register

Privacy, Surveillance and Mass Monitoring

• Revealed: Home Office secretly lobbied for facial recognition ‘spy’ company | Facial recognition | The Guardian

• Like privacy? Then smart devices are a dumb idea • The Register

• Streetlights as Spyware (techpolicy.press)

Misinformation, Disinformation and Propaganda

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• Russia-linked attackers hit UK Ministry of Defence, leak stolen data | CSO Online

• NCSC Report Reveals Persistent Threat and Russia’s Ongoing Cyber Operations in Ukraine | Defense Express (defence-ua.com)

• An inside look at Ukraine's cyber war with Russia : NPR

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Ukraine's CERT Thwarts APT28's Cyber Attack on Critical Energy Infrastructure (thehackernews.com)

• Attackers access military data through fencing supplier • The Register

• Russia-linked hack on Trident base sparks 'World War Three' warning from expert (yahoo.com)

• UK and US Sanction 11 Russians Tied to Conti/TrickBot Ransomware - Infosecurity Magazine (infosecurity-magazine.com)

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Russian Malware Targets Crypto Wallet: US and UK Intelligence Agencies Issue Joint Warning (cryptopotato.com)

• Elon Musk's Father Fears Possible Assassination Attempt on His Son (businessinsider.com)

• Big Tech failed to police Russian disinformation: EU study • The Register

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

China

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

• Experts Probe AI Risks Around Malicious Use, China Influence (govinfosecurity.com)

• How Microsoft's highly secure environment was breached (malwarebytes.com)

• Chinese-Speaking Cyber Criminals Launch Large-Scale iMessage Smishing Campaign in US. (thehackernews.com)

• Securing The IoT From The Threat China Poses To US Infrastructure (forbes.com)

• China and Russia are pushing the boundaries of cyber attacks to harm other states - CityAM

• Russia, China behind majority of cyber attacks targeting German businesses (aa.com.tr)

• German companies report more cyber attacks from Russia, China | Meta.mk

• Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia (thehackernews.com)

• Microsoft reveals hackers compromised engineer account to gain access to government accounts - SiliconANGLE

• Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica

• South Korean Cyber Security Concerns Over Chinese-Made Cranes, Meteorological Gear | The Epoch Times

• Huawei hits back in Portugal over 5G 'ban' with lawsuit - DCD (datacenterdynamics.com)

Iran

• Hackers push anti-Iranian government messages to millions via breached app | CyberScoop

• Iranian hackers breach US aviation org via Zoho, Fortinet bugs (bleepingcomputer.com)

North Korea

• Lazarus hackers deploy fake VMware PyPI packages in VMConnect attacks (bleepingcomputer.com)

• Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster (thehackernews.com)

• Meet the man leading the front-line effort in Ukraine's cyber war with Russia : NPR

• North Korean hackers target security researchers with new zero-day (therecord.media)

• North Korea hackers going after Russian targets, Microsoft says, World News - AsiaOne

• Who Pulled Off a $41M Online Casino Heist? North Korea, FBI Says (vice.com)

Misc Nation State/Cyber Warfare

• Nation-state 'hot zones' offer view of the future of cyber war – report - CIR Magazine

• Global cyber weapon market set for substantial growth | Insurance Business America (insurancebusinessmag.com)

• Policy, Guns and Money: Cyber conflict, competition and cooperation | The Strategist (aspistrategist.org.au)

• Lloyd’s categorises cyber war wordings in aggregation clarity push (insuranceinsider.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

Vulnerability Management

• Years-old Microsoft bugs are still hot targets for criminals • The Register

• Old vulnerabilities are still a big problem - Help Net Security

• Overcoming Open Source Vulnerabilities in the Software Supply Chain (darkreading.com)

• How China gets free intel on tech companies’ vulnerabilities | Ars Technica

Vulnerabilities

• How to detect and patch a Log4J vulnerability  - IBM Blog

• Apple discloses 2 actively exploited zero-days in iPhones, Macs (securityaffairs.com)

• Google patches 4 high-rated security issues in latest Chrome 116 update - gHacks Tech News

• High-Severity Vulnerability Discovered in Popular CMS - Infosecurity Magazine (infosecurity-magazine.com)

• Two flaws in Apache SuperSet allow to remotely hack servers (securityaffairs.com)

• Cisco Patches Critical Vulnerability in BroadWorks Platform - SecurityWeek

• Adobe ColdFusion Critical Vulnerabilities Exploited Despite Patches - Infosecurity Magazine (infosecurity-magazine.com)

• Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code (cybersecuritynews.com)

• Hackers exploit MinIO storage system to breach corporate networks (bleepingcomputer.com)

• ASUS routers vulnerable to critical remote code execution flaws (bleepingcomputer.com)

• September Android updates fix zero-day exploited in attacks (bleepingcomputer.com)

• CISA Adds One Known Vulnerability to Catalog | CISA

• Cisco SSO authentication bug patched - Security - Networking - iTnews

• Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication (talosintelligence.com)

• Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 | CISA

• Security or performance? Zenbleed forces you to choose | Digital Trends

Tools and Controls

• Many businesses still aren't using BYOD protection | TechRadar

• Why Businesses Ignore Incident Response at Their Peril - Infosecurity Magazine (infosecurity-magazine.com)

• Insights Into the Changing Landscape of Cyber Insurance - Frost Brown Todd | Full-Service Law Firm

• Spend to save: The CFO’s guide to cyber security investment (securityintelligence.com)

• An Overview of ENISA’s Risk Management Standards Report | UpGuard

• IOCs vs Artifacts How to Filter Out the Noise (govinfosecurity.com)

• Time and effort to obtain cyber insurance increasing for US businesses | CSO Online

• Chrome extensions can steal plaintext passwords from websites (bleepingcomputer.com)

• Dangling DNS Used to Hijack Subdomains of Major Organisations  - SecurityWeek

• Why DNS Security Can Be Your Most Problematic Blind Spot (hyas.com)

• Cyber Security Tools Are New Targets For Nation-State Hackers (newsweek.com)

• Rising Physical Incidents Should Drive C-Level Investment & Action (forbes.com)

• Why Cyber Security Risk Assessment Matters in the Banking Industry (securityintelligence.com)

• Cut through cyber security vendor hype with these 6 tips | TechTarget

• IAM, cloud security to drive new cyber security spending | CSO Online

• Best practices for implementing a proper backup strategy - Help Net Security

Other News

• Education Sector Heavily Targeted as the School Year Begins (databreaches.net)

• Schools warned of cyberattack threat as new year begins | Science & Tech News | Sky News

• Ways to protect WordPress sites and blogs from hacking | Kaspersky official blog

• New Nozomi Networks Study Finds EU Critical Infrastructure Companies Are Not Ready for NIS2 Compliance - IT Security Guru

• Insecure by design: What you need to know about defending critical infrastructure | CSO Online

• Half of Switzerland's large companies have been the victim of a cyber attack | Euronews

• Dangling DNS Used to Hijack Subdomains of Major Organizations  - SecurityWeek

• Securing the future: Safeguarding cyber-physical systems | CSO Online

• The tangible threat of cyber-kinetic attacks | CSO Online

• 25 Major Car Brands Get Failing Marks From Mozilla for Security and Privacy  - SecurityWeek

• Cyber security In Focus Ahead Of Berlin NATO Conference | OilPrice.com

• Trustwave SpiderLabs Report Highlights Hospitality Industry Cybersecurity Threats (hotelnewsresource.com)

• 10 old-school security principles that (still) rule | CSO Online

• Surge in Hospital Hacks Endangers Patients, Cyber Official Says - WSJ

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

66 Percent of Businesses Don't Understand Their Cyber Risks

A survey has found that 67% of organisations have experienced a breach requiring attention within the last two years, despite having traditional security measures in place. Worryingly, 66% self-reported having limited visibility and insight into their cyber risk profiles.

83% of organisations agreed that a comprehensive cyber risk reduction strategy would yield a reduction in the likelihood of a significant cyber incident occurring, yet a number of organisations are finding it difficult to implement this and as a result are looking for outside assistance too. The report found that 93 percent of organisations plan to offload specific segments of cyber risk reduction workstreams or projects to security service providers within the next two years.

Source: [Beta News]

Massive Supplier Cyber Breach Puts London’s Metropolitan Police on Red Alert After Officer and Staff Details Hacked

All 47,000 personnel working for the Met Police were warned of the risk their photos, names and ranks having been stolen when cyber crooks penetrated the IT systems of a contractor printing warrant cards and staff passes. The supplier had access to names, ranks, photos, vetting levels and pay numbers of officers and staff, but did not hold information such as addresses, phone numbers or financial details.

The attack shows the importance of understanding the supply chain, and what access your supplier has access to. Without knowing who has your data, and what data, you will be left clueless if a breach on a supplier occurs.

Sources [Data Breaches] [UKAuthority]

Pay our Ransom Instead of a GDPR Fine, Cyber Crime Gang Tells Targets, as Attacks Against Small Businesses Ramp Up

Ransomware actors are always evolving their tactics, with gangs now telling victims if they don’t pay, then they will face fines under data protection laws. Additionally, small businesses are on the radar, partially due to them being easier targets for actors; some gangs have shifted from asking for millions from a large organisation, to requesting small ransoms from multiple small businesses.

As a result in both the number and sophistication of ransomware attacks, 80% of organisations expect their spending to increase. Not every organisation has an unlimited budget and so it is important that organisations are able to prioritise and allocate their budget effectively, to give them the most protection that their budget allows, especially small to medium-sized businesses.

Sources [Dark Reading] [The Record] [Security Magazine]

Survey Finds In-house Counsel Cyber Anxiety Skyrocketing

In a recent report, only 25% of legal professionals said they felt fully prepared to deal with a cyber attack, with 78% ranking the task of shielding their organisation from cyber attacks as the greatest regulatory concern over the next 12 months; previously, this figure was only 30% in 2021.

There has been a growing number of attacks, due to the sensitive data that is held and the number of attacks will continue to rise. With regulatory concerns adding to this, in-house counsel should be looking to have their concerns heard and drive the organisation to bolster their defences, and this may include outsourcing expert advice to make sure it is done correctly.

Source: [Law.com]

58% of Malicious Emails Contained Spoofed Content

According to a recent report, 58% of malicious emails contained spoof content and spam emails had increased by 30% from Q1 to Q2 2023. The report identified a surge in the number of uses of QR codes as a primary attack method, showing that attack methods are evolving, and in some cases, choosing not to use traditional methods.

The report reinforces the need for constant user education training, to reduce the risk of an employee falling for a phishing email. With this training, new evolving techniques such as that with QR codes, should also be addressed.

Source: [Security Magazine]

Cyber Attacks Remain a Top Concern for Organisations Across All Industries

Cyber attacks remain a top threat to organisations’ ability to do business across all industries. When asked in a recent report, 18% of respondents reported that cyber attacks threatened or disrupted their business.

With cyber attacks being a huge concern, many organisations have an incident response plan in place; yet despite this, nearly one quarter (23%) of companies surveyed have either never conducted tests or are unsure if their teams have tested. Cyber incidents are a matter of when, not if, and a strong incident response plan is always needed and can prevent a bad situation from being made worse by doing the wrong things in the immediate aftermath of an attack.

Source: [Business Wire]

BYOD Security Gap: Survey Finds 49% of European Firms Unprotected

A recent survey found that a concerning 49% of European businesses are operating without having a formal bring-your-own-device (BYOD) policy, highlighting a lack of visibility and control over such devices. The report found that organisations are concerned about compliance-based issues, with 43% noting increased worries.

The benefits of BYOD are clear, allowing organisations to save money and eliminate the need for multiple devices. But without a formal BYOD policy, organisations are risking having employees bring in devices that are effectively invisible to IT. This means that the vulnerabilities that come with it, and the risks it can bring, also go unnoticed. To mitigate the risk, a formalised BYOD policy is required.

Source: [Infosecurity Magazine]

13% of Employees Admit to Falling for Phishing Attacks Working at Home, 9% Would Wait to Report After the Weekend

In a recent report, it was found that 13% of employees admitted they had fallen for a phishing attack whilst working from home. Rather worryingly, 21% said they would continue working business as usual in the event of falling victim to a phishing attack whilst working remotely on a Friday, with 9% indicating they’d wait until after the weekend to report it, effectively, giving the attacker a 48 hour period in which they go unnoticed, if the employee even remembers to report it on the Monday.

It is important that users are educated, both on spotting phishing attacks and the reporting process, so that organisations can be best protected. By providing regular and effective user training, employees will be at less risk of falling victim to a phishing attack, even from home. Additionally, by understanding the reporting process and why there is a need to report as soon as possible, organisations will shorten their detection time.

Source: [Security Magazine]

Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report

In their most recent quarterly report, BlackBerry focused on a 90-day window, identifying over 1.5 million malware-based attacks, over 200,000 unique attacks, 17,000 attacks per day and 12 per minute to name a few. The report found that financial institutions were amongst the most targeted.

Source: [The Hacker News]

Kroll’s Breach Highlights SIM-Swapping Risk

A recent supply chain breach at Kroll, the risk and financial advisory firm, affected downstream customers and exposed personal information on hundreds of claimants in bankruptcy proceedings. The breach occurred when a threat actor had transferred an employee’s phone number to a device in the attackers possession, which was then subsequently used to access sensitive information.

In this attack, the actor had convinced T-Mobile to port the employee’s number over, allowing the actor to access files containing bankruptcy details. A mitigation recommended for this is to ask your network provider if they offer port freeze or number lock, to protect it from unauthorised transfer.

Source [Dark Reading]

Reducing The Risk of AI, What Can You Do?

Threat actors' use of generative AI has fuelled a significant rise in attacks worldwide during the last 12 months according to a recent report. Yet despite this, AI is still seen as a positive thing for organisations, with the power of generative AI quickly realised.

Certainly, AI can be used in the organisation to increase efficiency and automate tasks, but it must be used with vigilance. Organisations implementing AI should have governance over the usage of AI to eliminate the chance of data leaking. This governance may include policies, procedures and approved AI software.

Sources: [CSO Online] [UKTech News]

Debunking Popular Cyber Security Myths

At a time when cyber security is a constant feature in the news and our daily lives, it is important to debunk a few myths surrounding it. One of the biggest, is the assumption that cyber defence is all about the technical controls; in fact, 89% of cyber attacks involved social engineering. The prevalence of social engineering further shows that strong passwords, firewalls and antivirus are not enough; what’s the use in having a password that takes years to crack if you hand it over to someone?

When we think cyber security, we often think of external threat actors, but insider risk is a real threat: whether by malicious actions, negligence or misunderstanding, those inside your organisation can be a real risk to your organisation.

So what’s the take home? Cyber is more than just technology, and it is not just an outside attacker. Organisations’ cyber efforts should focus on more than just the technical requirements; by having things such as user education training, organisations can mitigate their cyber risk.

Sources: [Forbes] [Trend Micro]

3 Malware Loaders Responsible for 80% of Intrusions

Three malware loaders, QBot, SocGholish, and Raspberry Robin, are responsible for 80 percent of observed attacks on computers and networks so far this year. The malware are all distributed differently; Qbot is typically deployed through a phishing email, SocGholish is downloaded without user interaction, and Raspberry Robin is through USB devices.

Sources: [The Register] [Infosecurity Magazine]

MOVEit Hack Shows Attackers Still Use Old Tricks

SQL injection has been around for a quarter of a century, yet it still features amongst the top 10 list of security vulnerabilities. In fact, SQL injection was the method of attack for the infamous MOVEit hacks, which has impacted over 700 organisations, with the number still growing.

The MOVEit attack highlights just how easily old, over-looked vulnerabilities can be used to target an organisation. Consider your organisation now: are there any legacy systems or software in place?

Source: [Dark Reading]

Barracuda Thought it Drove 0-day Hackers out of Customers’ Networks. It was Wrong.

In late May, security vendor Barracuda had released a patch for their email security gateway (ESG), which was being actively exploited. Having already accounted for this, the threat actors utilised a new attack, which meant infected devices would reinfect themselves, effectively negating Barracuda’s patch. Unfortunately, this meant that for a while, Barracuda thought it was in the clear, when it was still under attack.

Upon realising this, Barracuda’s security advisory changed from recommending a patch to requiring an immediate replacement of compromised ESG appliances, regardless of the patch level. This shows the need for organisations to keep up to date with the latest threat intelligence, as missing the second update could mean infected devices are still in the wild, with organisations under the false perception that they were safe.

Source: [Ars Technica]

Governance, Risk and Compliance

• Cyber Attacks and Other Threats Remain a Top Concern for Organisations Across All Industries, Finds InformationWeek’s State of Cyber Risk and Resiliency Report | Business Wire

• 66 percent of businesses don't understand their cyber risks (betanews.com)

• Survey of In-House Counsel Finds Cyber Anxiety Skyrocketing | Law.com

• Numbers Don't Lie: Exposing the Harsh Truths of Cyber Attacks in New Report (thehackernews.com)

• SEC Probe Targets SolarWinds Executives - DevX

• Cyber Security Enters Conversation About Executive Pay - WSJ

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• How international cyber security frameworks can help CISOs | CSO Online

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• SEC cyber attack regulations prompt 10 questions for CISOs | TechTarget

• Should Senior IT Professionals Be Accountable for Professional Decisions? (darkreading.com)

Threats

Ransomware, Extortion and Destructive Attacks

• 80% of organisations expect ransomware spending to increase | Security Magazine

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• MOVEit Was a SQL Injection Accident Waiting to Happen (darkreading.com)

• Nearly 1,000 Organisations, 60 Million Individuals Impacted by MOVEit Hack - SecurityWeek

• Ransomware With an Identity Crisis Targets Small Businesses, Individuals (darkreading.com)

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

• LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants (thehackernews.com)

• Deconstructing ransomware, cyber criminals and their modus operandi | TechRadar

• Ransomware Evolution: Smaller Actors, Bigger Impact (govinfosecurity.com)

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Making Sense of Ransomware Attack Statistics in 2023 | ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Should Companies Pay After Ransomware Attacks? Is It Illegal? (techtarget.com)

• How Ransomware Groups Respond to External Pressure (inforisktoday.com)

• Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat (trellix.com)

• Rackspace Faces Massive Cleanup Costs After Ransomware Attack (darkreading.com)

• EDITORIAL | Time to Cut Off North Korea from Funding Sources for its Missiles | JAPAN Forward (japan-forward.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

• 8 Types of Ransomware: Examples of Past and Current Attacks (techtarget.com)

• Black Basta Besting Your Network? (securityintelligence.com)

Ransomware Victims

• Financial Firms Breached in MOVEit Cyber Attacks Now Face Lawsuits (darkreading.com)

• Ransomware Attack Cleanup Costs: $11M So Far for Rackspace (govinfosecurity.com)

• St Helens Council still dealing with suspected cyber-attack - BBC News

• Rhysida claims ransomware attack on Prospect Medical, threatens to sell data (bleepingcomputer.com)

• University of Michigan shuts down network after cyber attack (bleepingcomputer.com)

• Social Security Numbers leaked in ransomware attack on Ohio History Connection (malwarebytes.com)

Phishing & Email Based Attacks

• Phishing as a service continues to plague business users - SiliconANGLE

• 58% of malicious emails contained spoof content | Security Magazine

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

• Top 5 most abused brands by hackers

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks (thehackernews.com)

• Spain warns of LockBit Locker ransomware phishing attacks (bleepingcomputer.com)

• US govt email servers hacked in Barracuda zero-day attacks (bleepingcomputer.com)

• QR Code' Surge in Popularity Brings Along a Rise in QR-Linked Phishing Scams | Metaverse Post (mpost.io)

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• How to Spot Phishing Emails & Tips to Avoid Them | Proofpoint US

Other Social Engineering; Smishing, Vishing, etc

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• New phishing attacks target FTX users following Kroll data breach – Cryptopolitan

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - SecurityWeek

Artificial Intelligence

• Cyber security agency gives AI chatbot warning (uktech.news)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• IT leaders alarmed by generative AI's SaaS security implications - Help Net Security

• Is Bias in AI Algorithms a Threat to Cloud Security? (darkreading.com)

• Shifting Cyber Security: The Impact and Implications of LLMs (inforisktoday.com)

• Vendors Training AI With Customer Data is an Enterprise Risk (darkreading.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge | CSO Online

• Building cyber resilience in an age of AI (betanews.com)

• How to minimize data risk for generative AI and LLMs in the enterprise | VentureBeat

• Google launches tool to identify AI-generated images - Help Net Security

2FA/MFA

• Akira Ransomware gang targets Cisco ASA without Multi-Factor Auth (securityaffairs.com)

AITM/MITM

• Microsoft Warns of Adversary-in-the-Middle Uptick on Phishing Platform - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• These 3 loaders were behind 80% of intrusions this year • The Register

• 20+ Malware Statistics You Need to Know in 2023 (techreport.com)

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• 'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds (darkreading.com)

• Infamous Raccoon Stealer Malware Returns - DevX

• Top 3 Malware Threatening Businesses in Q2 2023 (cybersecuritynews.com)

• Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Research (darkreading.com)

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• Japan's JPCERT warns of new 'MalDoc in PDF' attack technique (securityaffairs.com)

• Advanced Malware: Why AI Can't Help All Hackers (inforisktoday.com)

• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates (thehackernews.com)

• Hackers are now hiding malicious Word documents in PDFs — how to stay safe | Tom's Guide (tomsguide.com)

• DreamBus malware exploits RocketMQ flaw to infect servers (bleepingcomputer.com)

• Kaspersky malware report for Q2 2023 | Securelist

• Microsoft is using malware-like pop-ups in Windows 11 to get people to ditch Google - The Verge

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

• SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations (thehackernews.com)

• Battling malware in the industrial supply chain

Mobile

• Kroll's Crypto Breach Highlights SIM-Swapping Risk (darkreading.com)

• This new Android malware can unlock your phone and drain your bank accounts | Tom's Guide (tomsguide.com)

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Is Mobile Hacking Still a Big Threat in 2023? (makeuseof.com)

• New Android MMRat malware uses Protobuf protocol to steal your data (bleepingcomputer.com)

• What Are Overlay Attacks? How Do You Protect Against Them? (makeuseof.com)

• New Android Banking Trojan Targets Southeast Asia Region (inforisktoday.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

• 8 Ways To Boost Your Android Phone's Security (slashgear.com)

Botnets

• Online exclusive: Rise of the botnets (securitymiddleeastmag.com)

Denial of Service/DoS/DDOS

• DDoS attacks rise 40% in Q2 2023, affecting banks, gaming & e-commerce | Security Magazine

BYOD

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

Internet of Things – IoT

• KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities (thehackernews.com)

• The power of passive OS fingerprinting for accurate IoT device identification - Help Net Security

Data Breaches/Leaks

• Metropolitan Police reports supplier cyber breach | UKAuthority

• UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach (databreaches.net)

• Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack (thehackernews.com)

• American Express admits APAC employees' data leak, blames a third-party payroll service

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Leaseweb is restoring ‘critical’ systems after security breach (bleepingcomputer.com)

• French employment agency Pôle emploi data breach impacted 10M peopleSecurity Affairs

• Mom’s Meals discloses data breach impacting 1.2 million people (bleepingcomputer.com)

• 3 Cryptocurrency Firms Suffer Data Breach After Kroll SIM Swapping Attack - Security Week

• Paramount discloses data breach following security incident (bleepingcomputer.com)

• Another data breach at Forever 21 leaks details of 500,000 current and former employees (bitdefender.com)

• Cost of a data breach 2023: Financial industry impacts (securityintelligence.com)

Organised Crime & Criminal Actors

• Moscow helping cyber criminals operate with 'near impunity': report | The Province

• Hacking gangs launch cyber crime syndicate the Five Families (techmonitor.ai)

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• ‘Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (thedailybeast.com)

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: UN treaty creates 'ideal conditions' for cyber crime (telecomstechnews.com)

• Cyber Criminals use research contests to create new attack methods - Help Net Security

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Kroll data breach exposes info of FTX, BlockFi, Genesis creditors (bleepingcomputer.com)

• International ransomware gangs are evolving their techniques. The next generation of hackers will target weaknesses in cryptocurrencies (theconversation.com)

Fraud, Scams & Financial Crime

• New Research Exposes Airbnb as Breeding Ground For Cyber Crime - Infosecurity Magazine (infosecurity-magazine.com)

• Classiscam Spreads: $64.5M Scheme Targets 79 Countries - Infosecurity Magazine (infosecurity-magazine.com)

Impersonation Attacks

• Top 5 most abused brands by hackers

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Deepfakes

• 4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught (darkreading.com)

Insurance

• Insurers End Tussle Over Ransomware Attack Coverage - Law360 UK

• Delinea Research Reveals a Cyber Insurance Gap (darkreading.com)

• Understand the fine print of your cyber insurance policies - Help Net Security

Supply Chain and Third Parties

• American Express admits APAC employees' data leak, blames a third-party payroll service

• Met should thoroughly investigate cyber security practices, say experts | Evening Standard

Cloud/SaaS

• CrowdStrike CTO: 'Rookie mistakes' are hurting cloud security | TechTarget

• Better SaaS Security Goes Beyond Procurement (darkreading.com)

• How to secure your cloud-based business without cloud-security expertise - Partner Content - Security - iTnews

• Experts Uncover How Cyber Criminals Could Exploit Microsoft Entra ID for Elevated Privilege (thehackernews.com)

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

Hybrid/Remote Working

• 13% of employees admit to falling for phishing attacks working at home | Security Magazine

Identity and Access Management

• The Rising Tide of Identity-Based Attacks - GovInfoSecurity

Encryption

• Quantum threats loom in Gartner's 2023 Hype Cycle for data security | VentureBeat

• How Quantum Computing Will Impact Cyber Security - Security Week

Passwords, Credential Stuffing & Brute Force Attacks

• National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organisation (securityaffairs.com)

• Four common password mistakes hackers love to exploit (bleepingcomputer.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• LogicMonitor customers who didn’t change default passwords were hit by hackers (databreaches.net)

Biometrics

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Elon Musk's X to collect biometric data, work and school history - The Japan Times

• Home Office and MoD seeking new facial-recognition tech | Computer Weekly

Social Media

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• How the EU Digital Services Act affects Facebook, Google and others | Technology sector | The Guardian

• Rising Phishing Scams Impact Small Businesses Relying on Social Media (smallbiztrends.com)

• X Plans to Collect Biometric Data, Job and School History (1) (bloomberglaw.com)

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Hackers Are Selling Hacked Police Emails to Try to Grab Personal Data From TikTok, Facebook (404media.co)

Training, Education and Awareness

• Can You Spot Phishing Emails? Test Your Awareness With These Quizzes (makeuseof.com)

• Cyber awareness education is a change-management initiative | CSO Online

Cyber Bullying, Cyber Stalking and Sextortion

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• Pay our ransom instead of a GDPR fine, cyber crime gang tells its targets (therecord.media)

• SEC Probe Targets SolarWinds Executives - DevX

• New law could turn UK into a hacker's playground | Computerworld

• Changes to UK Surveillance Regime May Violate International Law (justsecurity.org)

• EU safety laws start to bite for TikTok, Instagram and others - BBC News

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

• SEC’s New Cyber Security Rule—Including Key Disclosure Requirements | Smith Gambrell Russell - JDSupra

• Balancing risk and compliance: implications of the SEC’s new cyber security regulations | CSO Online

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

Models, Frameworks and Standards

• What are the Cyber Security Standards of Basel III? | UpGuard

• Best practices for MITRE ATT&CK(R) mapping. (thecyberwire.com)

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• How international cyber security frameworks can help CISOs | CSO Online

Data Protection

• ICO calls social media firms to protect people's data from scraping (bleepingcomputer.com)

• Are you properly protecting your employees' personal information? | Burr & Forman - JDSupra

• Data Protection: One of These Incidents Is Not Like the Other | Troutman Pepper - JDSupra

• Draft Cyber Security Audit and Risk Assessment Regulations Issued by CPPA | Mintz - JDSupra

Careers, Working in Cyber and Information Security

• Addressing Cyber Security's Talent Shortage & Its Impact on CISOs (darkreading.com)

• Unfilled Cyber Security Positions Threaten the Future of Businesses Everywhere | Inc.com

• How the Talent Shortage Impacts Cyber Security Leadership (securityintelligence.com)

Law Enforcement Action and Take Downs

• Two Men Arrested Following Poland Railway Hacking - Security Week

Privacy, Surveillance and Mass Monitoring

• Police Scotland digital strategy seeks real-time biometrics within 5 years | Biometric Update

• Privacy Regulator Warns of Surging Number of “Text Pest” Cases - Infosecurity Magazine (infosecurity-magazine.com)

• Expert shares stark safety warning over Twitter updates | Tech News | Metro News

Misinformation, Disinformation and Propaganda

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

• 'Five Eyes' nations release technical details of Sandworm malware 'Infamous Chisel' | CyberScoop

• New York Times Spoofed to Hide Russian Disinformation Campaign (darkreading.com)

• NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve | ITPro

• Czech banks hit by Russian cyber attacks – EURACTIV.com

• Cyber security experts lament west’s failure to learn lessons from Ukraine | Financial Times (ft.com)

• Russian 'hybrid' war threatens NATO's eastern flank, Poles warn - Washington Times

• Microsoft weighs in on Russian-led UN cyber crime treaty • The Register

• Five Eyes Report: New Russian Malware Targeting Ukrainian Military Android Devices - Security Week

• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink - BBC News

• Russian APT Intensifies Cyber Espionage Activities - Infosecurity Magazine (infosecurity-magazine.com)

• CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware | CISA

China

• Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors | Ars Technica

• China-Based APT Flies Under Radar in Espionage Attacks | Decipher (duo.com)

• China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors (thehackernews.com)

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Almost a third of compromised Barracuda ESGs were govt owned • The Register

• James Cleverly's China cyber security talks unlikely to spur change (techmonitor.ai)

• Japan’s cyber security agency suffers months-long breach | Financial Times (ft.com)

• China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users (thehackernews.com)

• APT Attacks From 'Earth Estries' Hit Gov't, Tech With Custom Malware (darkreading.com)

• Chinese APT Uses Fake Messenger Apps to Spy on Android Users (inforisktoday.com)

North Korea

• Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses (techrepublic.com)

• North Korea’s Lazarus Group hits organisations with two new RATs | CSO Online

• Lazarus Group Debuts Tiny Trojan for Espionage Attacks (databreachtoday.co.uk)

• Cyber Scams Keep North Korean Missiles Flying – Analysis – Eurasia Review

• North Korea’s Lazarus hackers behind recent crypto heists: FBI (therecord.media)

• North Korean hackers behind malicious VMConnect PyPI campaign (bleepingcomputer.com)

Vulnerability Management

• New law could turn UK into a hacker's playground | Computerworld

• 40% of Log4j Downloads Still Vulnerable (securityintelligence.com)

• How did Clop get its hands on the MOVEit zero day? (therecord.media)

Vulnerabilities

• Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software (securityaffairs.com)

• Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability (thehackernews.com)

• Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks (thehackernews.com)

• Microsoft Teams attack exposes collab platform security gaps | TechTarget

• Barracuda flaw: FBI warns customers over ineffective patch | ITPro

• Barracuda thought it drove 0-day hackers out of customers’ networks. It was wrong. | Ars Technica

• CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

• Exploit released for Juniper firewall bugs allowing RCE attacks (bleepingcomputer.com)

• Google Chrome 116's second point update addresses a security issue - gHacks Tech News

• Forminator WordPress Plugin Vulnerability Affects Up To 400,000+ Websites (searchenginejournal.com)

• Threat actors started exploiting Juniper flaws shortly after PoC release (securityaffairs.com)

• Hackers Launch Brute-Force Attack Cisco ASA SSL VPNs (cybersecuritynews.com)

• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence - Security Week

• This WordPress plugin with 5 million users could have a serious security flaw | TechRadar

• Cyber Attackers Swarm OpenFire Cloud Servers With Takeover Barrage (darkreading.com)

Tools and Controls

• BYOD Security Gap: Survey Finds 49% of European Firms Unprotected - Infosecurity Magazine (infosecurity-magazine.com)

• Why generative AI is a double-edged sword for the cyber security sector | VentureBeat

• Cyber defence makes up majority of cyber security budgets | Security Magazine

• Ransomware hackers dwell time drops to 5 days, RDP still widely used (bleepingcomputer.com)

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Considerations for Reducing Risk When Migrating to the Cloud (darkreading.com)

• Enterprise dark web monitoring: Why it's worth the investment | TechTarget

• Phishing Simulations Boost Cyber Awareness and Defences | Mimecast

• Is the new OWASP API Top 10 helpful to defenders? - Help Net Security

• Here's What Your Breach Response Plan Might Be Missing (darkreading.com)

• The Middleware Threats to Microsoft's Monopoly | HackerNoon

• Why Traditional Firewalls Are Not Adequate for Your Network Security (makeuseof.com)

• Combining EPP and EDR tools can boost your endpoint security (securityintelligence.com)

• Automated Threat Hunting: AI Helps Spot Shady Network Activity (readwrite.com)

• Detecting the Undetected: The Risk to Your Info (securityintelligence.com)

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Other News

• Cyber attacks reveal threat to democracy (ukdefencejournal.org.uk)

• Hackers Use $30 Gear To Bring Poland's Railways To A Grinding Halt

• When lives rely on equipment, cyber security is essential | Healthcare IT News

• Think twice before accepting notifications on Chrome: threats on the rise | Cybernews

• Rising cyber incidents challenge healthcare organisations - Help Net Security

• Updated Best Practice Playbook for Healthcare Cyber Threats (inforisktoday.com)

• Navigating Legacy Infrastructure: A CISO's Actionable Strategy for Success (thehackernews.com)

• Legal Liability for Insecure Software Might Work, but It's Dangerous (darkreading.com)

• 3 out of 4 cyber attacks in the education sector are associated with a compromised on premises user or admin account - IT Security Guru

• 69% of educational organisations suffered cyber attack in the past year - Netwrix survey

• Claroty's 2023 Global Healthcare Cyber Security Study Exposes Widespread Vulnerabilities And Impact (informationsecuritybuzz.com)

• Out-Of-Office: How To Ensure Cyber Security During Vulnerable Periods (forbes.com)

• Debunking The Top Five Cyber Security Myths (forbes.com)

• Manufacturing firms hit by the worst encryption rate in three years (manufacturing-today.com)

• Cyber Attacks Targeting E-commerce Applications (thehackernews.com)

• Industrial networks need better security as attacks gain scale | ZDNET

• National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (telegraph.co.uk)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

• The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

• Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

• Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

• Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

• Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

• Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

• EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

• Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

• How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

• Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

• 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

• Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

• US, UK slap sanctions on Russians linked to Conti and more • The Register

• Threat Analysis: VMware ESXi Attacks Soared in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (bleepingcomputer.com)

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• December ransomware attack leads to massive data breach from California health network - The Record from Recorded Future News

• Over 500 ESXiArgs Ransomware infections in one day in Europe-Security Affairs

• New ESXi ransomware strain spreads, foils decryption tools | TechTarget

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• North Korea Using Healthcare Ransomware To Fund More Hacking (informationsecuritybuzz.com)

• DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure-Security Affairs

• US Warns Critical Sectors Against North Korean Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Cisco Talos spots new MortalKombat ransomware attacks | TechTarget

• Ion: after the hack, the clean-up - Risk.net

• Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin - I24NEWS

• City of Oakland systems offline after ransomware attack (bleepingcomputer.com)

• MTU cyber breach: Probe after ransomware attacks 'like a murder investigation' (irishexaminer.com)

• MTU data appears on dark web after cyber attack – The Irish Times

• Oakland City Services Struggle to Recover From Ransomware Attack (darkreading.com)

• LockBit spree hits three large companies (techmonitor.ai)

• Ransomware gang uses new zero-day to steal data on 1 million patients | TechCrunch

• City of Oakland issued state of emergency after ransomware attack-Security Affairs

• Glasgow Arnold Clark customers at risk after major cyber attack | HeraldScotland

• LockBit and Royal Mail Ransomware Negotiation Leaked - Infosecurity Magazine (infosecurity-magazine.com)

• No relief in sight for ransomware attacks on hospitals | TechTarget

• Burton Snowboards cancels online orders after 'cyber incident' (bleepingcomputer.com)

• Dallas Central Appraisal District paid $170,000 to ransomware attackers (bitdefender.com)

Phishing & Email Based Attacks

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• NameCheap's email hacked to send Metamask, DHL phishing emails (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security GuruCyber

• Venmo Phishing Abusing LinkedIn "slink"

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

BEC – Business Email Compromise

• BEC Groups Target Firms With Multilingual Impersonation Attacks - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Malware

• Experts Warn of Surge in Multipurpose Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Malicious Npm Package Uses Typosquatting, Downloads Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft OneNote Abuse for Malware Delivery Surges - Security Week

• New TA886 group targets companies with Screenshotter malware-Security Affairs

• Novel phishing campaign takes screenshots ahead of payload delivery | SC Media (scmagazine.com)

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Devs targeted by W4SP Stealer malware in malicious PyPi packages (bleepingcomputer.com)

• Cyber criminals target fans of The Last of Us with recent malware and phishing scams - IT Security Guru

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Pepsi distributor blames info-stealing malware for breach • The Register

• Malware that can do anything and everything is on the rise - Help Net Security

• Lokibot, AgentTesla Grow in January 2023's Most Wanted Malware List - Infosecurity Magazine (infosecurity-magazine.com)

• New stealthy 'Beep' malware focuses heavily on evading detection (bleepingcomputer.com)

• Thousands of WordPress sites have been infected by a mystery malware | TechRadar

• Beep: New Evasive Malware That Can Escape Under The Radar (informationsecuritybuzz.com)

• Hackers start using Havoc post-exploitation framework in attacks (bleepingcomputer.com)

• Hackers Targeting US and German Firms Monitor Victims' Desktops with Screenshotter (thehackernews.com)

• Malware authors leverage more attack techniques that enable lateral movement | CSO Online

Mobile

• RedEyes hackers use new malware to steal data from Windows, phones (bleepingcomputer.com)

Botnets

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

Denial of Service/DoS/DDOS

• Cloudflare blocks record-breaking 71 million RPS DDoS attack (bleepingcomputer.com)

• 87% of largest DDoS attacks in Q4 targeted telecoms: Lumen (fiercetelecom.com)

• The Tor network hit by wave of DDoS attacks for at least 7 months-Security Affairs

Internet of Things – IoT

• Digital burglaries: The threat from your smart home devices | Fox News

• Mirai V3G4 botnet exploits 13 flaws to target IoT devices-Security Affairs

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Data Breaches

• MP’s laptop and iPad stolen from pub in 'worrying' security breach | Metro News

• Reddit was hit with a phishing attack. How it responded is a lesson for everyone | ZDNET

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

• 4 misconceptions about data exfiltration | VentureBeat

• Highmark data breach affecting about 300,000 members exposed personal information to hackers – WPXI

• Gulp! Pepsi hack sees personal information stolen by data-stealing malware (bitdefender.com)

• Nearly 50 million Americans impacted by health data breaches in 2022 (chiefhealthcareexecutive.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

• After apparent hack, data from Australian tech giant Atlassian dumped online | CyberScoop

• Atlassian: Leaked Data Stolen via Third-Party App (darkreading.com)

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

• Scandinavian Airlines says cyber attack caused passenger data leak (bleepingcomputer.com)

Organised Crime & Criminal Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Cyber crime as a Service: A Subscription-based Model in The Wrong Hands | Splunk

• A Hacker’s Mind — how the elites exploit the system | Financial Times (ft.com)

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

• Russian hacker convicted of $90 million hack-to-trade charges (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users (thehackernews.com)

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• 451 PyPI packages install Chrome extensions to steal crypto (bleepingcomputer.com)

• DeFi exploits and access control hacks cost crypto investors billions in 2022: Report (cointelegraph.com)

• Using the blockchain to prevent data breaches | VentureBeat

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Quarter of Crypto Tokens in 2022 Linked to Pump-and-Dump - Infosecurity Magazine (infosecurity-magazine.com)

Insider Risk and Insider Threats

• A former Credit Suisse employee leaked employees' historic bonus data (efinancialcareers.com)

Fraud, Scams & Financial Crime

• Russian IT biz owner made $90M from stolen financial info • The Register

• Refund and Invoice Scams Surge in Q4 - Infosecurity Magazine (infosecurity-magazine.com)

• MoneyGram Fraud Victims Get $115m in Compensation - Infosecurity Magazine (infosecurity-magazine.com)

• 'Pig butchering' scams on the rise, luring victims with promises of relationships and riches | CyberScoop

• Cyber security Experts Warn Against Valentine's Day Romance Scams - Infosecurity Magazine (infosecurity-magazine.com)

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Romance scam targets security researcher, hilarity ensues • The Register

• 10 signs that scammers have you in their sights | WeLiveSecurity

• Hackers Leverage PayPal to Send Malicious Invoices - Infosecurity Magazine (infosecurity-magazine.com)

AML/CFT/Sanctions

• US, UK slap sanctions on Russians linked to Conti and more • The Register

Insurance

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

Dark Web

• Dark Web Revenue Down Dramatically After Hydra's Demise (darkreading.com)

Supply Chain and Third Parties

• How to manage third-party cyber security risks that are too costly to ignore | TechCrunch

• 5 biggest risks of using third-party services providers | CSO Online

Cloud/SaaS

• Reimagining zero trust for modern SaaS - Help Net Security

• Cloud security: Where do CSP and client responsibilities begin and end? | VentureBeat

• Application and cloud security is a shared responsibility - Help Net Security

Attack Surface Management

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLine

Open Source

• Researchers Uncover 700+ Malicious Open Source Packages - Infosecurity Magazine (infosecurity-magazine.com)

• Configuration Issues in SaltStack IT Tool Put Enterprises at Risk (darkreading.com)

• Solving open-source security — from Alpha to Omega | SC Media (scmagazine.com)

• New Mirai malware variant infects Linux devices to build DDoS botnet (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Eek! You Can Steal Passwords From This Password Manager Using the Notepad App | PCMag

• Eurostar forces 'password resets' — then fails and locks users out (bleepingcomputer.com)

• My Password Manager was Hacked! How to Prevent a Catastrophe (bleepingcomputer.com)

Social Media

• Metaverse Adds New Dimensions to Web 3.0 Cyber security | TechRepublic

• Hard drugs actively sold on Twitter in plain sight. Twitter says it doesn’t breach its safety policies • Graham Cluley

• Elon Musk Seems to Think His Own Employees Are Shadowbanning Him (gizmodo.com)

• Venmo Phishing Abusing LinkedIn "slink"

Malvertising

• AdSense fraud campaign relies on 10,890 sites that were infected since September 2022-Security Affairs

Training, Education and Awareness

• High-risk users may be few, but the threat they pose is huge - Help Net Security

• Reddit Hack Shows Limits of MFA, Strengths of Security Training (darkreading.com)

Regulations, Fines and Legislation

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• The Online Safety Bill: An attack on encryption (element.io)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

Governance, Risk and Compliance

• Security buyers lack insight into threats, attackers, report finds | Computer Weekly

• Cyber attacks Worldwide Increased to an All-Time High, Check Point Research Reveals - MSSP Alert

• The cost of cyber security insurance is soaring–and state-backed attacks will be harder to cover. It’s time for companies to take threats more seriously | Fortune

• Are C-Suite Executives Fluent in IT Security Speak? Five Reasons Why the Communication Gap is Wider Than You Think - MSSP Alert

• Actionable intelligence is the key to better security outcomes - Help Net Security

• To thwart cyber attacks, enterprises must have visibility of their assets: Sophos CEO - The Hindu BusinessLineT

• Majority of Firms Make Cyber security Decisions Without Attacker Insight - Infosecurity Magazine (infosecurity-magazine.com)

• 5 Ways Security and Compliance Can Break Down Silos to Save Money and Meet Increased Regulations - MSSP Alert

• Build Cyber Resiliency With These Security Threat-Mitigation Considerations (darkreading.com)

• 5th State of CCPA, CPRA, and GDPR Compliance Report Shows More Than 90% of Companies Are Not Compliant (darkreading.com)

• Evolving cyber attacks, alert fatigue creating DFIR burnout, regulatory risk | CSO Online

• Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)Simplify to Survive: How Organisations Can Navigate Cyber-Risk (darkreading.com)

• As regulations skyrocket, is compliance even possible anymore? - Help Net Security

• Storage security for compliance and cyberwar in 2023 • The Register

Backup and Recovery

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

Careers, Working in Cyber and Information Security

• Get hired in cyber security: Expert tips for job seekers - Help Net Security

• 3 Ways CISOs Can Lead Effectively and Avoid Burnout (darkreading.com)

• Cyber security Jobs Remain Secure Despite Recession Fears (darkreading.com)

Law Enforcement Action and Take Downs

• Members of Russian cyber crime network unmasked by US and UK authorities - The Verge

• Spain, US dismantle phishing gang that stole $5 million in a year (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• The FBI’s most controversial surveillance tool is under threat | Ars Technica

Artificial Intelligence

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• Cyber criminals Bypass ChatGPT Restrictions to Generate Malicious Content - Check Point Software

• Great, hackers are now using ChatGPT to generate malware | Digital Trends

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• A.I. in the military could be a game changer in warfare | Fortune US issues declaration on responsible use of AI in the military | Reuters

Misinformation, Disinformation and Propaganda

• Revealed: the hacking and disinformation team meddling in elections | Technology | The Guardian

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | Cyber scoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• US shoots down ‘high-altitude object’ above Alaska | Financial Times (ft.com)

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - security Week

• SpaceX curbed Ukraine's use of Starlink terminals - Militarnyi

• US shoots down ‘octagonal’ flying object near military sites in Michigan | US news | The Guardian

• Six companies join US entity list after Chinese spy balloon • The Register

• How Alan Turing still casts his genius in the age of cyberwar | Metro News

• US warns its citizens in Russia to get out immediately over security fears | Euronews

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• ‘Significant’ debris from China spy balloon retrieved, says US military | US national security | The Guardian

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Eric Schmidt Is Building the Perfect AI War-Fighting Machine | WIRED

• Albanian gangs set up hundreds of spy cameras to keep ahead of police | Financial Times (ft.com)

• A.I. in the military could be a game changer in warfare | Fortune

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• The Lessons From Cyberwar, Cyber-in-War and Ukraine  - security Week

• Storage security for compliance and cyberwar in 2023 • The Register

Nation State Actors

• Russian Government evaluates the immunity to hackers acting in the interests of Russia-Security Affairs

• Russian spear phishing campaign escalates efforts toward critical UK, US and European targets | Computer Weekly

• EU countries told to step up defence against state hackers | Reuters

• Britain must ‘wake up’ to China security challenges, ex-MI6 head says | The Independent

• Hacks, leaks and wipers: Google analyses a year of Russian cyber attacks on Ukraine | CyberScoop

• Google: Russia continues to set cyber sights on NATO nations | TechTarget

• Military Organizations in Pakistan Targeted With Sophisticated Espionage Tool - Security Week

• MagicWeb Mystery Highlights Nobelium Attacker's Sophistication (darkreading.com)

• Russian hackers are trying to break into ChatGPT, says Check Point | ZDNET

• North Korean Hackers Are Attacking US Hospitals | WIRED

• Six companies join US entity list after Chinese spy balloon • The Register

• Lazarus hackers use new mixer to hide $100 million in stolen crypto (bleepingcomputer.com)

• Unidentified airborne objects: A trio of new intrusions leaves America's leaders grasping for explanations | CNN Politics

• Russian Hackers Disrupt NATO Earthquake Relief Operations (darkreading.com)

• Group-IB Blocks Attack By Chinese Tonto Team Hackers - Infosecurity Magazine (infosecurity-magazine.com)

• Chinese ship accused of using ‘military-grade laser’ against Philippine vessel | Philippines | The Guardian

• Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad (thehackernews.com)

• Use of Chinese cameras by College of Policing is risk to national security, says commissioner (telegraph.co.uk)

• Ukraine’s use of SpaceX satellites risks starting World War Three, says Elon Musk (telegraph.co.uk)

• Chinese cameras leave British police vulnerable to spying, says watchdog | Espionage | The Guardian

• China-based cyber espionage actor seen targeting South America | CSO Online

• What Happened to #OpRussia? (darkreading.com)

• UK Policing Riddled with Chinese CCTV Cameras - Infosecurity Magazine (infosecurity-magazine.com)

• A new operating system has been released in Russia! (gizchina.com)

• SideWinder APT Spotted Stealing Crypto (darkreading.com)

• Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries (thehackernews.com)

• SideWinder APT Attacks Regional Targets in New Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Vulnerability Management

• Ransomware attackers finding new ways to weaponize old vulnerabilities | VentureBeat

Vulnerabilities

• Microsoft Patch Tuesday: 36 RCE bugs, 3 zero-days, 75 CVEs – Naked Security (sophos.com)

• Citrix Patches High-Severity Vulnerabilities in Windows, Linux Apps - Security Week

• Adobe Plugs Critical Security Holes in Illustrator, After Effects Software - Security Week

• Apple releases new fix for iPhone zero-day exploited by hackers | TechCrunch

• Intel issues patches for SGX vulnerabilities • The Register

• Firefox Updates Patch 10 High-Severity Vulnerabilities - Security Week

• Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (thehackernews.com)

• CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws (thehackernews.com)

• Microsoft says Intel driver bug crashes apps on Windows PCs (bleepingcomputer.com)

• Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug – Naked Security (sophos.com)

• Splunk Enterprise Updates Patch High-Severity Vulnerabilities - Security Week

• Dozens of Vulnerabilities Patched in Intel Products - Security Week

• High-severity DLP flaw impacts Trellix for Windows | SC Media (scmagazine.com)

• Critical Vulnerability Patched in Cisco Security Products - Security Week

• Health info for 1 million patients stolen using critical GoAnywhere vulnerability | Ars Technica

Tools and Controls

• A CISOs Practical Guide to Storage and Backup Ransomware Resiliency (thehackernews.com)

• SOAR vs. SIEM: What's the difference? | TechTarget

• PAM is failing - IT Security Guru

• Combining identity and security strategies to mitigate risks - Help Net Security

• Defending against attacks on Azure AD: Goodbye firewall, hello identity protection | CSO Online

• Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps (thehackernews.com)

• Attack surface management (ASM) is not limited to the surface - Help Net Security

• How to filter Security log events for signs of trouble | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief

The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.

Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn. 

But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.” 

Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.

https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d

Your Business Should Compensate for Modern Ransomware Capabilities Right Now

The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?

Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.

The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).

While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.

https://venturebeat.com/security/your-business-should-compensate-for-modern-ransomware-capabilities-right-now/

• Reported Phishing Attacks Have Quintupled

In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.

Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.

Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.

In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.

Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.

https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/

• Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group

Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.

According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.

Key takeaways from the study:

• Ransomware attacks rose by 41% in November.

• Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.

• Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.

• Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)

• DDoS attacks continue to increase.

Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.

Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.

https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/

• Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.

But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.

Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.

However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.

Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.

The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.

https://www.darkreading.com/application-security/videoconferencing-worries-grow-with-smbs-in-cyberattack-crosshairs

• Will the Crypto Crash Impact Cyber Security in 2023? Maybe.

With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?

Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.

Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.

Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.

The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.

Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.

https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe

• The Worst Hacks of 2022

The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.

With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.

Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.

Russia Hacking Ukraine

For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.

Twilio and the 0ktapus Phishing Spree

Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.

Ransomware Still Hitting the Most Vulnerable Targets

In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.

The Lapsus$ Rampage Continues

The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.

LastPass

The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.

Vanuatu

At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.

Honourable Mention: Twitter-Related Bedlam

Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.

https://www.wired.com/story/worst-hacks-2022/

• Geopolitical Tensions Expected to Further Impact Cyber Security in 2023

Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.

The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.

Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”

NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”

We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.

https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/

• Fraudsters’ Working Patterns Have Changed in Recent Years

Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.

It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.

Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.

In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.

“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”

https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/

• Hacktivism is Back and Messier Than Ever

Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.

During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.

The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.

Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.

https://www.wired.com/story/hacktivism-russia-ukraine-ddos/

Threats

Ransomware, Extortion and Destructive Attacks

• Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne

• Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey

• Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)

• Global counter-ransomware task force to become active in January - CyberScoop

• Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)

• Rackspace criticized for PR response to ransomware attack (expressnews.com)

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

• Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

• Your business should compensate for modern ransomware capabilities right now | VentureBeat

• Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News

• Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics

• Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)

• The mounting death toll of hospital cyber attacks - POLITICO

• Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)

• Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

• Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)

• Queensland University hit by cyber attack | PerthNow

• Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record

• Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)

Phishing & Email Based Attacks

• Reported phishing attacks have quintupled - Help Net Security

• 6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)

Other Social Engineering; Smishing, Vishing, etc

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

Malware

• GuLoader implements new evasion techniques - Security Affairs

• PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)

• 2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

• New information-stealing malware is being spread by fake pirate sites | TechSpot

Mobile

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer | SecurityWeek.Com

Denial of Service/DoS/DDOS

• Cyber criminals create new methods to evade legacy DDoS defences - Help Net Security

Internet of Things – IoT

• Anker admits Eufy camera security issues | TechRadar

• Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

Data Breaches/Leaks

• BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all… – Naked Security (sophos.com)

• Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law

• Data of 400 Million Twitter users up for sale - Security Affairs

• Ten significant data breaches from 2022 (smartermsp.com)

• It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Organised Crime & Criminal Actors

• 'Cyber crime has surpassed drug trafficking' - Rediff.com India News

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times

• BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)

• Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)

• Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News

• Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs

• Case for blockchain in financial services dented by failures | Financial Times (ft.com)

• Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

Fraud, Scams & Financial Crime

• Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)

• Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)

• Labour attacks delays to online safety bill as it highlights Christmas scams | Cyber crime | The Guardian

• Fraudsters’ working patterns have changed in recent years - Help Net Security

• Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)

Insurance

• Zurich chief warned that cyber attacks will become uninsurable - Security Affairs

Supply Chain and Third Parties

• 2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023 - MSSP Alert

Software Supply Chain

• Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)

• Improving Software Supply Chain Cyber security (trendmicro.com)

Cloud/SaaS

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Identity and Access Management

• Enterprises waste money on identity tools they don't use - Help Net Security

• Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)

Encryption

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

API

• Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)

• Google: With Cloud Comes APIs & Security Headaches (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Extracting Encrypted Credentials From Common Tools (darkreading.com)

Biometrics

• Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica

Social Media

• TikTok User Data Has Been Compromised (giantfreakinrobot.com)

• Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian

• Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)

• TikTok parent company ByteDance revealed the use of TikTok data to track journalists - Security Affairs

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• TikTok bans haven't really banned much of anything - The Washington Post

• Twitter restores suicide prevention feature | Twitter | The Guardian

• Data of 400 Million Twitter users up for sale - Security Affairs

• Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)

• Piers Morgan’s Twitter account abuses queen and Ed Sheeran in apparent hack | Piers Morgan | The Guardian

• US House boots TikTok from government phones • The Register

Malvertising

• Hackers abuse Google Ads to spread malware in legit software (bleepingcomputer.com)

• Cyber criminals using search engine ads to direct users to sites with malware, FBI warns | SC Media (scmagazine.com)

Privacy

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

Regulations, Fines and Legislation

• FTX collapse shows crypto is 'too dangerous' not to regulate, Bank of England deputy governor says | Business News | Sky News

• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not? – Naked Security (sophos.com)

Governance, Risk and Compliance

• IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)

• Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security

• 3 important changes in how data will be used and treated - Help Net Security

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

Secure Disposal

• For Sale on eBay: A Military Database of Fingerprints and Iris Scans - The New York Times (nytimes.com)

Careers, Working in Cyber and Information Security

• How to Get Your First Job in InfoSec (freecodecamp.org)

• IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)

• ‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune

Law Enforcement Action and Take Downs

• Ukraine shuts down fraudulent call centre claiming 18,000 victims (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)

• Meta settles Cambridge Analytica scandal case for $725m - BBC News

• 78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)

• Germany: Police surveillance software a legal headache – DW – 12/22/2022

Artificial Intelligence

• Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• 2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)

• Ukraine marks a turning point for cyberwarfare – POLITICO

• Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED

• Hacktivism Is Back and Messier Than Ever | WIRED

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

• German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)

Nation State Actors

Nation State Actors – Russia

• Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU

• Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com

Nation State Actors – China

• US House boots TikTok from government phones • The Register

• Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian

• Chinese-backed company instructs US law firm after UK blocked microchip factory takeover (telegraph.co.uk)

Nation State Actors – North Korea

• BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)

• North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com

• North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)

• North Korean hackers targeted nearly 1,000 South Korean foreign policy experts

Nation State Actors – Iran

• An Iranian group hacked Israeli CCTV cameras, defence was aware but didn’t block it - Security Affairs

Nation State Actors – Misc

• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)

Vulnerability Management

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• After ransomware hits Colombian energy firm, Moody’s says low patch rate suggests inadequacies in cyber practices | SC Media (scmagazine.com)

Vulnerabilities

• Patch now: Serious Linux kernel security hole uncovered | ZDNET

• Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com

• Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs

• Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)

• Log4Shell remains a big threat and a common cause for security breaches | CSO Online

• Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)

• Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)

• CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)

• Several DoS, Code Execution Vulnerabilities Found in Rockwell Automation Controllers | SecurityWeek.Com

Tools and Controls

• Understanding current XDR elements and options | TechTarget

Other News

• Cyber crime Top 10 Rankings: China is No. 1 While US Records Highest Rate of Security Breaches - MSSP Alert

• AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews

• Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)

• Modern technology and cyber recovery will intersect in the next generation of attacks - Help Net Security

• New information-stealing malware is being spread by fake pirate sites | TechSpot

•  Ten significant data breaches from 2022 (smartermsp.com)

• Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert

• After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)

• Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)

• The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Executives Take More Cyber Security Risks Than Office Workers

IT software company Ivanti worked with cyber security experts and surveyed 6,500 executive leaders, cybersecurity professionals, and office workers to understand the perception of today’s cybersecurity threats and to find out how companies are preparing for yet-unknown future threats.

The report revealed that despite 97% of leaders and security professionals reporting their organisation is as prepared, or more prepared, to defend against cybersecurity attacks than they were a year ago, one in five wouldn’t bet a chocolate bar that they could prevent a damaging breach.

In fact, the study finds that organisations are racing to fortify against cyber attacks, but the industry still struggles with a reactive, checklist mentality. This is most pronounced in how security teams are prioritising patches. While 92% of security professionals reported they have a method to prioritise patches, they also indicated that all types of patches rank high – meaning none do.

“Patching is not nearly as simple as it sounds,” said Ivanti. “Even well-staffed, well-funded IT and security teams experience prioritisation challenges amidst other pressing demands. To reduce risk without increasing workload, organisations must implement a risk-based patch management solution and leverage automation to identify, prioritise, and even address vulnerabilities without excess manual intervention”.

Cyber security insiders view phishing, ransomware, and software vulnerabilities as top industry-level threats for 2023. Approximately half of respondents indicated they are “very prepared” to meet the growing threat landscape including ransomware, poor encryption, and malicious employees, but the expected safeguards such as deprovisioning credentials is ignored a third of a time and nearly half of those surveyed say they suspect a former employee or contractor still has active access to company systems and files.

The report also revealed that leaders engage in more dangerous behaviour and are four times more likely to be victims of phishing compared to office workers.

Additionally:

• More than 1 in 3 leaders have clicked on a phishing link

• Nearly 1 in 4 use easy-to-remember birthdays as part of their password

• They are much more likely to hang on to passwords for years

• And they are 5x more likely to share their password with people outside the company.

One survey taker shared, “We’ve experienced a few advanced phishing attempts and the employees were totally unaware they were being targeted. These types of attacks have become so much more sophisticated over the last two years – even our most experienced staff are falling prey to it.”

To cope with a rapidly expanding threat landscape, organisations must move beyond a reactive, rules-based approach.

https://www.helpnetsecurity.com/2022/12/16/executives-take-more-cybersecurity-risks-than-office-workers/

• CISO Role is Diversifying from Technology to Leadership & Communication Skills

The role of chief information security officer (CISO), a relatively new executive position, is undergoing some significant changes and an archetype has yet to emerge, a new global report from Marlin Hawk, an executive recruiting and leadership consultant, said.

CISOs are still more likely to serve on advisory boards or industry bodies than on the board of directors. Only 13% of the global CISOs analysed are women; approximately 20% are non-white. Each diversity dimension analysed is down one percentage point year-on-year.

According to James Larkin, managing partner at Marlin Hawk, “Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the chief information officer (CIO), which is to act as the primary gateway from the tech department into the wider business and the outside marketplace. This widening scope requires CISOs to be adept communicators to the board, the broader business, as well as the marketplace of shareholders and customers. By thriving in the ‘softer’ skill sets of communication, leadership, and strategy, CISOs are now setting the new industry standards of today and, I predict, will be progressing into the board directors of tomorrow.”

The job does not come without its downsides. For one, according to the search firm, many CISOs change roles and leave their jobs. Their skillset may not be adequate or new leaders get appointed to the job, they lack the necessary internal support, or their company may not have the required commitment to cyber security to make the job effective.

Key findings from the report include:

• 45% of global CISOs have been in their current role for two years or less, down from 53% in 2021, with 18% turnover year-on-year. While there is still a lot of movement in the CISO seat, there is potentially some stabilisation emerging.

• Approximately 62% of global CISOs were hired from another company, indicating a slight increase in the number of CISOs hired internally (38% were hired internally compared to 36% in 2021) but a large gap remains in appropriate successors.

• 36% of CISOs analysed with a graduate degree received a higher degree in business administration or management. This is down 10% from last year (46% in 2021). Conversely, there has been an increase to 61% of CISOs receiving a higher degree in STEM subjects (up from 46% in 2021).

https://www.msspalert.com/cybersecurity-research/ciso-role-is-diversifying-from-technology-to-leadership-communication-skills/

• How Emerging AIs, Like ChatGPT, Can Turn Anyone into a Ransomware and Malware Threat Actor

Ever since OpenAI launched ChatGPT at the end of November, commentators on all sides have been concerned about the impact AI-driven content-creation will have, particularly in the realm of cybersecurity. In fact, many researchers are concerned that generative AI solutions will democratise cyber crime.

With ChatGPT, any user can enter a query and generate malicious code and convincing phishing emails without any technical expertise or coding knowledge.

While security teams can also leverage ChatGPT for defensive purposes such as testing code, by lowering the barrier for entry for cyber attacks, the solution has complicated the threat landscape significantly. From a cyber security perspective, the central challenge created by OpenAI’s creation is that anyone, regardless of technical expertise, can create code to generate malware and ransomware on-demand.

Whilst it can be used for good to assist developers in writing code for good, it can (and already has) been used for malicious purposes. Examples including asking the bot to create convincing phishing emails or assist in reverse engineering code to find zero-day exploits that could be used maliciously instead of reporting them to a vendor.

ChatGPT does have inbuilt guardrails designed to prevent the solution from being used for criminal activity. For instance, it will decline to create shell code or provide specific instructions on how to create shellcode or establish a reverse shell and flag malicious keywords like phishing to block the requests.

The problem with these protections is that they’re reliant on the AI recognising that the user is attempting to write malicious code (which users can obfuscate by rephrasing queries), while there’s no immediate consequences for violating OpenAI’s content policy.

https://venturebeat.com/security/chatgpt-ransomware-malware/

• Cyber Security Drives Improvements in Business Goals

Cyber threats should no longer be viewed as just an IT problem, but also a business problem, Deloitte said in its latest Future of Cyber study. Operational disruption, loss of revenue, and loss of customer trust are the top three significant impacts of cyber incidents. More than half, or 56%, of respondents told Deloitte they suffered related consequences to a moderate or large extent.

In 2021, the top three negative consequences from cyber incidents and breaches were operational disruption, which includes supply chain and the partner ecosystem, intellectual property theft, and a drop in share price. While operational disruption remained the top concern in 2022, loss of revenue and loss of customer trust and negative brand impact moved up in importance. Intellectual property theft and drop in share price dropped to eighth and ninth (out of ten) in ranking. Losing funding for a strategic initiative, loss of confidence in the integrity of the technology, and impact on employee recruitment and retention moved up in ranking in 2022. Respondents were also asked to mark two consequences they felt would be most important in 2023: Operational disruption and loss of revenue topped the list.

"Today, cyber means business, and it is difficult to overstate the importance of cyber as a foundational and integral business imperative," Deloitte noted in its report. "It [cyber] should be included in every functional area, as an essential ingredient for success—to drive continuous business value, not simply mitigate risks to IT."

Deloitte categorised organisations' cyber security maturity based on their adoption of cyber planning, risk management, and board engagement. Risk management included activities such as industry benchmarking, incident response, scenario planning, and qualitative and quantitative risk assessment.

Whether or not the organisation adopted any of these three practices hinged on stakeholders recognising the importance of cyber responsibility and engagement across the whole organisation, Deloitte said in its report. Examples included having a governing body that comprises IT and senior business leaders to oversee the cyber program, conducting incident-response scenario planning and simulation at the organisational and/or board level, regularly providing cyber updates to the board to secure funding, and conducting regular cyber awareness training for all employees.

https://www.darkreading.com/edge-threat-monitor/cybersecurity-drives-improvements-in-business-goals

• Incoming FCA Chair Says Crypto Firms Facilitate Money Laundering

The man who will lead UK efforts to regulate cryptocurrency firms issued a stark condemnation of the sector on Wednesday, telling MPs that in his experience crypto platforms were “deliberately evasive”, facilitated money laundering at scale and created “massively untoward risk”.

The comments from Ashley Alder, the incoming chair of the Financial Conduct Authority, suggest that crypto firms hoping to build businesses in the UK will face an uphill battle when the FCA assumes new powers to regulate broad swaths of the sector.

They also put Alder, who will become FCA chair in February, on a potential collision course with the government’s aspiration to create a high quality crypto hub that fosters innovation, a vision ministers have remained loyal to even as the global crypto market lurches from crisis to crisis, epitomised by the collapse of FTX. The FCA declined to comment on whether their incoming chair’s views were at odds with those of the government.

Alder comments came during a sometimes terse appointment hearing with the cross-party Treasury select committee, where he faced sustained criticism for appearing virtually from Hong Kong and for his lack of familiarity with some parts of the UK market place and its accountability structures.

https://www.ft.com/content/7bf0a760-5fb5-4146-b757-1acc5fc1dee5

• Managing Cyber Risk in 2023: The People Element

2022 has had many challenges from cyber war between Russia and Ukraine, continuing ransomware attacks, and a number of high-profile vulnerabilities and zero day attacks.  With the attack surface constantly expanding, CISOs and security leaders are acutely aware of the need to minimise risk across people, processes, and technology.

Top infrastructure risk: people

It’s common knowledge that it’s not if, but when, your organisation will be the target of a cyber attack. CISOs and security leaders seem to share the same opinion—according to Trend Micro’s latest Cyber Risk Index (CRI) (1H’2022), 85% of 4,100 respondents across four global regions said its somewhat to very likely they will experience a cyber attack in the next 12 months.  More concerning was 90% of respondents had at least one successful cyber attack in the past 12 months.

The CRI (1H’2022) also found that CISOs, IT practitioners, and managers identified that most organisations’ IT security objectives are not aligned with the business objectives, which could cause challenges when trying to implement a sound cyber security strategy.

It’s important to note that while ideal, avoiding a cyber attack isn’t the main goal—companies need to address critical challenges across their growing digital attack surface to enable faster detection and response, therefore minimising cyber risk.

While it's commonly assumed that security efforts should be largely focused on protecting critical servers and infrastructure, the human attack vector shouldn’t be so quickly forgotten.

https://www.trendmicro.com/en_us/ciso/22/e/managing-cyber-risk.html

• What We Can't See Can Hurt Us

In speaking with security and fraud professionals, visibility remains a top priority. This is no surprise, since visibility into the network, application, and user layers is one of the fundamental building blocks of both successful security programs and successful fraud programs. This visibility is required across all environments — whether on-premises, private cloud, public cloud, multicloud, hybrid, or otherwise.

Given this, it is perhaps a bit surprising that visibility in the cloud has lagged behind the move to those environments. This occurred partially because few options for decent visibility were available to businesses as they moved to the cloud. But it also partially happened because higher priority was placed on deploying to the cloud than on protecting those deployments from security and fraud threats.

This is unfortunate, since what we can't see can hurt us. That being said, cloud visibility is becoming a top priority for many businesses. There are a few areas where many businesses are looking for visibility to play a key role, including Compliance, Monitoring, Investigation, Response, API Discovery, Application Breaches, and Malicious User Detection.

Organisation have been a bit behind in terms of ensuring the requisite visibility into cloud environments. Whilst time has been lost, it does seem that gaining visibility into the network, application, and user layers is now a priority for many businesses. This is a positive development, as it enables those businesses to better mitigate the risks that operating blindly creates.

https://www.darkreading.com/edge-articles/what-we-can-t-see-can-hurt-us

• Uber Suffers New Data Breach After Attack on Vendor, Info Leaked Online

Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cyber security incident.

On Saturday last week, a threat actor named 'UberLeaks' began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches. The leaked data includes numerous archives claiming to be source code associated with mobile device management platforms (MDM) used by Uber and Uber Eats and third-party vendor services.

The threat actor created four separate topics, allegedly for Uber MDM at uberhub.uberinternal.com and Uber Eats MDM, and the third-party Teqtivity MDM and TripActions MDM platforms. Each post refers to a member of the Lapsus$ hacking group who is believed to be responsible for numerous high-profile attacks, including a September cyber attack on Uber where threat actors gained access to the internal network and the company's Slack server.

News outlet BleepingComputer has been told that the newly leaked data consists of source code, IT asset management reports, data destruction reports, Windows domain login names and email addresses, and other corporate information. One of the documents seen by BleepingComputer includes email addresses and Windows Active Directory information for over 77,000 Uber employees.

While BleepingComputer initially thought this data was stolen during the September attack, Uber told BleepingComputer it believes it is related to a security breach on a third-party vendor.

https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/

• When Companies Compensate the Hackers, We All Foot the Bill

Companies are always absorbing costs that are seen as par for the course of budget planning: maintenance, upgrades, office supplies, wastage, shrinkage, etc. These costs ratchet up the price of a company's products and are then passed on to the consumer. Breaches in cyber security and paying out ransoms to hackers should be outside of this remit, and yet more than half of all companies admit to transferring the costs of data breaches on to consumers. Careless or ill-informed employees and other weaknesses in a company's protections lead to catastrophic losses to businesses of around $1,797,945 per minute — and the consumers are paying it off.

If a company estimates the recovery costs from a ransomware attack to exceed the requested payment from the hacker, then it feels like a no-brainer — they're better off just cutting their losses and giving in to the cyber criminal's demands. The issue is that this creates an unvirtuous circle of paying the hacker, which enforces nefarious behaviour and empowers hackers to increase the number and volume of ransoms.

When it comes to ransomware, 32% of companies pay off hackers, and, of that percentage, the average company only retrieves about 65% of its data. Giving in to hackers is counterintuitive. On an even more disturbing note, one study found that 80% of companies that paid a ransom were targeted a second time, with about 40% paying again and a majority of that 40% paying a higher ransom the second time round. This is ludicrous. With 33% of companies suspending operations following an attack, and nearly 40% resorting to laying off staff, it comes as no surprise that the downstream costs are picked up to some extent by the consumer.

As for smaller companies, about 50% of US small businesses don't have a cyber security plan in place, despite the fact that small businesses are three times more likely to be targeted by cyber criminals than larger companies. An average breach costs these companies around $200,000 and has put many out of business. It isn't simply the cost passed on to consumers, it's also the intangible assets, such as brand reputation.

When data is leaked and a site goes down, customers become rightly anxious when their information is sold to the highest bidder on the Dark Web. To safeguard against this, companies of all sizes should exploit automated solutions while training every single member of staff to recognise and report online threats. Paying a ransom does not guarantee the return of data, and for a smaller business, losing valuable customer information could cause long-term damage way beyond the initial attack.

Cyber security professionals, governments, and law enforcement agencies all advise companies to avoid paying the hackers' ransoms. This strategy is affirmed by the success businesses have had in retrieving the stolen data and turning the lights back on — 78% of organisations who say they did not pay a ransom were able to fully restore systems and data without the decryption key. This evidently is not enough to reassure companies who, at the click of a dangerous email being opened, have lost sensitive information and access to their systems and are desperate to get back online. There are many preventative techniques businesses can take advantage of before it even gets to that stage.

https://www.darkreading.com/attacks-breaches/when-companies-compensate-the-hackers-we-all-foot-the-bill

• HSE Cyber-Attack Costs Ireland $83m So Far

The cost of the cyber-attack that hit the Irish Health Service Executive (HSE) last year has officially reached €80m ($83.75m).

The figures come from a letter from HSE’s chief information officer, seen by The Irish Times. This comes months after the Department of Health suggested in February the attack could end up costing up to €100m ($104m). The letter confirmed that the costs reached €42m ($43.97m) in 2021 and almost €39m ($40.83m) until October of this year.

Ireland has a very capable national cyber security centre and a well-oiled CSIRT team that engages the public/private sector. If the cost does continue to escalate to €100m, that is the equivalent to everyone in the Republic of Ireland having been defrauded by €20. According to The Irish Times, the costs were said to be “enormous,” and the government has been asked to complete a comprehensive assessment of the impact caused by the breach.

The cyber-attack, believed to have been conducted by Russia-based state actors, was reportedly caused by a malicious Microsoft Excel file delivered via a phishing email. According to a December 2021 report, the file was opened at an HSE workstation in March 2021. The malware would have been latent for two months before the breach, which was reportedly discovered in May, two months later. A total of roughly 100,000 people had their personal data stolen during the cyber-attack.

Healthcare continues to be a target of attacks given their enormous attack surface across critical applications, cloud environments and IoT devices.

https://www.infosecurity-magazine.com/news/hse-cyber-attack-ireland-dollar83m/

Threats

Ransomware, Extortion and Destructive Attacks

• HSE Cyber-Attack Costs Ireland $83m So Far - Infosecurity Magazine (infosecurity-magazine.com)

• Ransomware-hit Rackspace email outage enters 12th day • The Register

• The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets (bleepingcomputer.com)

• Rash of New Ransomware Variants Springs Up in the Wild (darkreading.com)

• Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com

• Preventing a ransomware attack with intelligence: Strategies for CISOs - Help Net Security

• Agenda Ransomware Switches to Rust to Attack Critical Infrastructure - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware crew claims attack on California Department of Finance - CyberScoop

• When Companies Compensate the Hackers, We All Foot the Bill (darkreading.com)

• Clop ransomware uses TrueBot malware for access to networks (bleepingcomputer.com)

• TrueBot infections were observed in Clop ransomware attacks - Security Affairs

• Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research

• Play ransomware claims attack on Belgium city of Antwerp (bleepingcomputer.com)

• Brooklyn hospital network victim of cyber hack crash (msn.com)

• Ransomware Group Threatens to Publish Data Stolen From California Department of Finance | SecurityWeek.Com

• Cyber security Experts Uncover Inner Workings of Destructive Azov Ransomware (thehackernews.com)

• Cybereason warns of rapid increase in Royal ransomware | TechTarget

• New Royal ransomware group evades detection with partial encryption | CSO Online

• How ChatGPT can turn anyone into a ransomware and malware threat actor   | VentureBeat

• Check Point classifies Azov as wiper, not ransomware | TechTarget

• The Future of Ransomware - Security News (trendmicro.com)

• Hive ransomware gang claims responsibility for attack on Intersport that left cash registers disabled (bitdefender.com)

Phishing & Email Based Attacks

• Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)

• Phishing attack uses Facebook posts to evade email security (bleepingcomputer.com)

BEC – Business Email Compromise

• US Food Companies Warned of BEC Attacks Stealing Food Product Shipments | SecurityWeek.Com

Other Social Engineering; Smishing, Vishing, etc

• North Korean Hackers Use Impersonation to Steal Intel - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Microsoft digital certificates have once again been abused to sign malware | Ars Technica

• Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)

• Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert

• This Linux-targeting malware just got more powerful | ZDNET

• Crooks use HTML smuggling to spread QBot malware via SVG files - Security Affairs

• A clever trick turns antivirus software into unstoppable data wiping scourges | TechSpot

• How ChatGPT can turn anyone into a ransomware and malware threat actor   | VentureBeat

Mobile

• Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (thehackernews.com)

• Why You Should Enable Apple’s New iOS 16.2 Security Feature | Reviews by Wirecutter (nytimes.com)

• NSA Slices Up 5G Mobile Security Risks (darkreading.com)

• Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch

Internet of Things – IoT

• Critical Infrastructure Attacks: Convergence of IoT and OT Gives Hackers a Huge Attack Surface - SSP Alert

• 3.5m IP cameras exposed, with US in the lead - Security Affairs

• Are robots too insecure for lethal use by law enforcement? | CSO Online

• 10 Ways Doorbell Cameras Pose a Threat to Privacy and Security - Listverse

Data Breaches/Leaks

• Uber suffers new data breach after attack on vendor, info leaked online (bleepingcomputer.com)

• Twitter confirms recent user data leak is from 2021 breach (bleepingcomputer.com)

• HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch

• Parsing LastPass’ data breach notice | TechCrunch

• Social Blade discloses security breach - Security Affairs

• Australia's Telstra suffers privacy breach, 132,000 customers impacted | Reuters

• Unauthorised server access caused AirAsia data leak: Fahmi | Malaysia | The Vibes

• FBI's InfraGard Cyber security Program Breached by Hackers (gizmodo.com)

• Database of the FBI's InfraGard US Critical Infrastructure Intelligence portal available for sale - Security Affairs

• Aussie Data Breaches Surge 489% in Q4 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Uber staff information leaks after IT supply chain attack • The Register

• TPG reveals emails of 15,000 iiNet and Westnet customers exposed in hack | Telecommunications industry | The Guardian

• TPG Telecom joins list of hacked Australian companies, shares slide | Reuters

• How companies can avoid costly data breaches - Help Net Security

• Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)

Organised Crime & Criminal Actors

• ‘Booter’ sites taken down in global cyber crime bust (gbnews.uk)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Incoming FCA chair says crypto firms facilitate money laundering | Financial Times (ft.com)

• Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times

• Bitcoin miners took on billions in debt to ‘pump their stock’—leading to a crypto catastrophe | Fortune

• Chaos RAT Used to Enhance Linux Cryptomining Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• DOJ divided over charging Binance for alleged crypto crimes, report says | Ars Technica

• Crypto was meant to solve financial corruption. The FTX scandal shows it’s got worse | David A Banks | The Guardian

• Facebook Asks Lawmakers Not to Regulate Crypto Too Harshly Just Because of All the Fraud (vice.com)

• The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman

• Hackers leak personal info allegedly stolen from 5.7M Gemini users (bleepingcomputer.com)

Insider Risk and Insider Threats

• Executives take more cyber security risks than office workers - Help Net Security

• Managing Cyber Risk in 2023: The People Element (trendmicro.com)

Fraud, Scams & Financial Crime

• Loan Fee Fraud Surges by a Fifth as Christmas Approaches - Infosecurity Magazine (infosecurity-magazine.com)

• Fraudsters Flooding Retail Markets with Bad Bots, Preying on Unsuspecting Retailers, Consumers - MSSP Alert

• Britons lose life savings to ‘Ali Baba and the cryptocurrency scammers’ | News | The Times

• Australians have lost at least $7.2 million to the 'Hi Mum' scam. How does it work and why is it so lucrative for cyber criminals? - ABC News

• Restaurant closes after fraudsters posing as officials steal thousands | News | The Times

• Woman gets 66 months in prison for role in $3.3 million ID fraud op (bleepingcomputer.com)

• Patrick Giblin conned women all over the US. Now he's going to prison for 5 years | CNN

• UK arrests five for selling dodgy point of sale software • The Register

• The amateur sleuths who helped to bring down Sam Bankman-Fried - New Statesman

• Scammers are pretending to be striking paramedics to trick people into giving donations, ambulance service warns | UK News | Sky News

• 8 charged with conspiracy to commit securities fraud • The Register

AML/CFT/Sanctions

• Incoming FCA chair says crypto firms facilitate money laundering | Financial Times (ft.com)

Insurance

• Most startups have cyber insurance but are uncertain about how much risk is covered - Help Net Security

• Cyber Insurer Cowbell Launches Cyber security Advisory Board - MSSP Alert

Dark Web

• The Dark Web is Getting Darker - Ransomware Thrives on Illegal Markets (bleepingcomputer.com)

Supply Chain and Third Parties

• Uber staff information leaks after IT supply chain attack • The Register

• Report highlights serious cyber security issues with US defence contractors | CSO Online

Software Supply Chain

• How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)

• Microsoft digital certificates have once again been abused to sign malware | Ars Technica

Denial of Service DoS/DDoS

• FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)

• Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica

• teiss - Cyber Threats - DDoS attacks on the rise

• How My Startup Survived a DDoS Attack - Bannerbear

• DDoS is not back; it never went away; and PAM is on hand to fight the ‘unstoppable’ menace (techxmedia.com)

• ‘Booter’ sites taken down in global cyber crime bust (gbnews.uk)

• Microsoft discovers Windows/Linux botnet used in DDoS attacks | Ars Technica

Cloud/SaaS

• Top 4 SaaS Security Threats for 2023 (thehackernews.com)

• Microsoft launches EU 'data boundary' from next year • The Register

• What We Can't See Can Hurt Us (darkreading.com)

• HR platform Sequoia says hackers accessed customer SSNs and COVID-19 data | TechCrunch

• Parsing LastPass’ data breach notice | TechCrunch

• Lego fixes dangerous API vulnerability in BrickLink service | TechTarget (computerweekly.com)

• Data Destruction Policies in the Age of Cloud Computing (darkreading.com)

Hybrid/Remote Working

• Remote Work Cyber security Requires a Change in Mindset (informationsecuritybuzz.com)

Encryption

• Zscaler: Nearly 90% of Cyber attacks Now Use Encrypted Channels, Malware Tops - MSSP Alert

• The FBI Says Apple’s New Encryption Is “Deeply Concerning” (futurism.com)

• NIST Retires SHA-1 Cryptographic Algorithm | NIST

• Over 85% of Attacks Hide in Encrypted Channels - Infosecurity Magazine (infosecurity-magazine.com)

• WhatsApp is getting closer to a total UK shutdown | indy100

• Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)

API

• Lego fixes dangerous API vulnerability in BrickLink service | TechTarget (computerweekly.com)

Open Source

• This Linux-targeting malware just got more powerful | ZDNET

• Chaos RAT Used to Enhance Linux Cryptomining Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Google Launches OSV-Scanner Tool to Identify Open Source Vulnerabilities (thehackernews.com)

• Open-source repositories flooded by 144,000 phishing packages (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• New GoTrim botnet brute forces WordPress site admin accounts (bleepingcomputer.com)

Social Media

• Fleeing Twitter users face uncertain privacy, security features on alternative platforms - CyberScoop

• Elon Musk's Twitter dissolves Trust and Safety Council - just days after its members speak out | Science & Tech News | Sky News

• TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business

• Meta warns spyware still being used to target people on social media | Meta | The Guardian

• Elon Musk Bans Journalists From Twitter After Reinstating Nazis (gizmodo.com)

• Russian disinformation rampant on far-right social media platforms - CyberScoop

• HowTo: Fight Cyber-Threats in the Metaverse - Infosecurity Magazine

• US politicians propose TikTok ban over China security concerns (telegraph.co.uk)

• Social Blade discloses security breach - Security Affairs

• Twitter suspends Mastodon’s official account | The Hill

Training, Education and Awareness

• Keep Your Grinch at Bay: Here's How to Stay Safe Online this Holiday Season (thehackernews.com)

• Remote Work Cyber security Requires a Change in Mindset (informationsecuritybuzz.com)

Parental Controls and Child Safety

• Most apps used in US classrooms share students' personal data with advertisers, researchers find - CyberScoop

• TikTok may push potentially harmful content to teens within minutes, study finds | CNN Business

• Microsoft Teams is a vector for child sexual abuse material • The Register

Cyber Bullying, Cyber Stalking and Sextortion

• Xnspy stalkerware spied on thousands of iPhones and Android devices | TechCrunch

• Proposed law offers support to tech-enabled abuse survivors • The Register

Regulations, Fines and Legislation

• Privacy concerns are limiting data usage abilities - Help Net Security

• European Commission takes step toward approving EU-US data privacy pact | Computerworld

Governance, Risk and Compliance

• Managing Cyber Risk in 2023: The People Element (trendmicro.com)

• Executives take more cyber security risks than office workers - Help Net Security

• Cyber security Drives Improvements in Business Goals (darkreading.com)

• Compliance Is Not Enough: How to Manage Your Customer Data (darkreading.com)

• 5 tips for building a culture of cyber security accountability - Help Net Security

• How acceptable is your acceptable use policy? | CSO Online

• Data Destruction Policies in the Age of Cloud Computing (darkreading.com)

• What CISOs consider when building up security resilience - Help Net Security

• CISO Role is Diversifying From Technology to Leadership & Communication Skills - MSSP Alert

Models, Frameworks and Standards

• Why PCI DSS 4.0 Should Be on Your Radar in 2023 (thehackernews.com)

• PCI Secure Software Standard version 1.2 sets out new payment security requirements | CSO Online

Backup and Recovery

• Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert

• CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com

Data Protection

• OECD Signs "Landmark" Privacy Agreement - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023 (analyticsinsight.net)

• The Cyber security Industry Doesn't Have a Stress Problem — It Has a Leadership Problem (darkreading.com)

• Two-Thirds of Security Pros Have Burnt Out in Past Year - Infosecurity Magazine (infosecurity-magazine.com)

Law Enforcement Action and Take Downs

• FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms (thehackernews.com)

• Prosecutors charge 6 people for allegedly waging massive DDoS attacks | Ars Technica

• 8 charged with conspiracy to commit securities fraud • The Register

Privacy, Surveillance and Mass Monitoring

• Privacy advocates are aghast at UK’s anti-encryption plans (thenextweb.com)

• WhatsApp is getting closer to a total UK shutdown | indy100

• Most apps used in US classrooms share students' personal data with advertisers, researchers find - CyberScoop

• Apple should pay €6m for tracking users – French official • The Register

• European Commission takes step toward approving EU-US data privacy pact | Computerworld

• Privacy concerns are limiting data usage abilities - Help Net Security

Artificial Intelligence

• Are robots too insecure for lethal use by law enforcement? | CSO Online

• How ChatGPT can turn anyone into a ransomware and malware threat actor   | VentureBeat

Misinformation, Disinformation and Propaganda

• Russian disinformation rampant on far-right social media platforms - Cyberscoop

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government | Mandiant

• Meta takes down surveillance-for-hire firms, calls for government action against the industry - CyberScoop

• Reassessing cyberwarfare. Lessons learned in 2022 | Securelist

• As Wiretap Claims Rattle Government, Greece Bans Spyware | SecurityWeek.Com

• Ex-Twitter Worker Gets Prison Time in Saudi 'Spy' Case | SecurityWeek.Com

• Reassessing cyberwarfare. Lessons learned in 2022 | Securelist

Nation State Actors

Nation State Actors – Russia

• Seven accused of smuggling out US military tech for Moscow • The Register

• Neo-Nazi Russian militia appeals for intelligence on Nato member states | Ukraine | The Guardian

• GPS Signals Are Being Disrupted in Russian Cities | WIRED

• NSA cyber director warns of Russian digital assaults on global energy sector - CyberScoop

• Russian disinformation rampant on far-right social media platforms - CyberScoop

Nation State Actors – China

• NSA Outs Chinese Hackers Exploiting Citrix Zero-Day | SecurityWeek.Com

• US politicians propose TikTok ban over China security concerns (telegraph.co.uk)

• Hackers target Japanese politicians with new MirrorStealer malware (bleepingcomputer.com)

• US to add Chinese chipmaker to trade blacklist | Financial Times (ft.com)

• AIIMS cyber attack suspected to have originated in China, Hong Kong - Rediff.com India News

• Spies and Lies by Alex Joske — inside China’s intelligence operation | Financial Times (ft.com)

Nation State Actors – North Korea

• North Korean cyber spies deploy new tactic: tricking foreign experts into writing research for them | Reuters

• North Korean Hackers Use Impersonation to Steal Intel - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors – Iran

• MuddyWater APT group is back with updated TTPs - Security Affairs

• Iran-Backed Charming Kitten APT Eyes Kinetic Ops, Kidnapping (darkreading.com)

• Not-so-Charming Kitten targets orgs for espionage and worse • The Register

Vulnerability Management

• Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• 24% of technology applications contain high-risk security flaws - Help Net Security

Vulnerabilities

• Hackers exploit critical Citrix ADC and Gateway zero day, patch now (bleepingcomputer.com)

• CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com

• Adobe Patches 38 Flaws in Enterprise Software Products | SecurityWeek.Com

• VMware fixed critical VM Escape bug demonstrated at Geekpwn hacking contest - Security Affairs

• Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities (thehackernews.com)

• Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks (bleepingcomputer.com)

• Transitive Dependencies Account for 95% of Bugs - Infosecurity Magazine (infosecurity-magazine.com)

• Citrix Releases Security Updates for Citrix ADC, Citrix Gateway | CISA

• Security Flaw in Atlassian Products Affecting Multiple Companies (darkreading.com)

• Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability (thehackernews.com)

• Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware – Naked Security (sophos.com)

• Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks | SecurityWeek.Com

• New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (thehackernews.com)

• Apple patches everything, finally reveals mystery of iOS 16.1.2 – Naked Security (sophos.com)

• Apple fixed the tenth actively exploited zero-day this year - Security Affairs

• High-Severity Memory Safety Bugs Patched With Latest Chrome 108 Update | SecurityWeek.Com

• Top 5 Web App Vulnerabilities and How to Find Them (thehackernews.com)

• Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical' (thehackernews.com)

• Severe vulnerabilities found in most industrial controllers - The Washington Post

• Akamai WAF bypassed via Spring Boot to trigger RCE | The Daily Swig (portswigger.net)

Tools and Controls

• CISA Warns Veeam Backup & Replication Vulnerabilities Exploited in Attacks | SecurityWeek.Com

• Why Your MSSP Should Offer Backup-as-a-Service (BaaS) - MSSP Alert

• How My Startup Survived a DDoS Attack - Bannerbear

• Data Destruction Policies in the Age of Cloud Computing (darkreading.com)

• 8 Firewall Best Practices | Enterprise Networking Planet

• Zero Trust Shouldn’t Be The New Normal (darkreading.com)

Other News

• Cyber Threats Loom as 5B People Prepare to Watch World Cup Final (darkreading.com)

• Tech companies must start sharing intelligence to avert global conflicts | Financial Times (ft.com)

• Japan, Australia, to bolster cyber-defences • The Register

• Microsoft Defender, Avast, AVG turned against Windows to permanently delete files - Neowin

• Analysis Shows Attackers Favour PowerShell, File Obfuscation (darkreading.com)

• Automated Cyber campaign Creates Masses of Bogus Software Building Blocks (darkreading.com)

• 12 types of wireless network attacks and how to prevent them | TechTarget

• Windows: Still insecure after all these years | ZDNET

• FuboTV says World Cup streaming outage caused by a cyber attack (bleepingcomputer.com)

• MTTR “not a viable metric” for complex software system reliability and security | CSO Online

• Low-code/no-code security risks climb as tools gain traction | TechTarget

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Economic Uncertainty Will Greatly Impact the Spread of Cyber Crime

Norton released its top cyber trends to watch in 2023, emphasising that the economy will have the greatest impact on the spread of cyber crime next year. Experts predict the pressures associated with economic uncertainty and rising costs will create the perfect environment for scammers to take advantage of people when they are more vulnerable.

It’s expected that cyber criminals will trick victims into surrendering personal information, emptying their bank accounts, or spending money for products, services or “lottery winnings” that never arrive. “We anticipate scammers will continue to prey on the vulnerability of people as economic pressures rise in 2023,” said Norton.

“Cyber criminals love to exploit seasonal opportunities, and consumers are facing a perfect storm of rising prices in the middle of the busiest shopping season of the year when scammers are particularly active. Scams are always harder to detect during the holiday season because consumers expect deep discounts and may believe prices that would normally seem too good to be true. This year, inflation and other unfavourable macroeconomic factors are likely to make people particularly eager to find good deals and they may therefore be at greater risk than in previous years. Taking a few proactive steps today could help you to be safer all year long.”

https://www.helpnetsecurity.com/2022/12/06/economic-uncertainty-cybercrime/

• Cyber Security Resilience Emerges as Top Priority, as 62% of Companies Say Security Incidents Impacted Business Operations

Cyber security resilience is a top priority for companies as they look to defend against a rapidly evolving threat landscape, according to the latest edition of Cisco's annual Security Outcomes Report.

Resilience has emerged as a top priority as a staggering 62 percent of organisations surveyed said they had experienced a security event that impacted business in the past two years. The leading types of incidents were network or data breaches (51.5 percent), network or system outages (51.1 percent), ransomware events (46.7 percent) and distributed denial of service attacks (46.4 percent).

These incidents resulted in severe repercussions for the companies that experienced them, along with the ecosystem of organisations they do business with. The leading impacts cited include IT and communications interruption (62.6 percent), supply chain disruption (43 percent), impaired internal operations (41.4 percent) and lasting brand damage (39.7 percent).

With stakes this high, it is no surprise that 96 percent of executives surveyed for the report said that security resilience is high priority for them. The findings further highlight that the main objectives of security resilience for security leaders and their teams are to prevent incidents, and mitigate losses when they occur.

Technology is transforming businesses at a scale and speed never seen before. While this is creating new opportunities, it also brings with it challenges, especially on the security front. To be able to tackle these effectively, companies need the ability to anticipate, identify, and withstand cyber threats, and if breached be able to rapidly recover from one. That is what building resilience is all about.

Security, after all, is a risk business. As companies don't secure everything, everywhere, security resilience allows them to focus their security resources on the pieces of the business that add the most value to an organisation, and ensure that value is protected.

https://www.darkreading.com/vulnerabilities-threats/cybersecurity-resilience-emerges-as-top-priority-as-62-of-companies-say-security-incidents-impacted-business-operations

• Cyber Security Should Focus on Managing Risk

Preventing all data breaches is an unrealistic goal. Instead, focus on finding and minimising the greatest risks.

There is a common misconception that all problems have clear, straightforward solutions — as long as you look hard enough. While this is a bold and ambitious goal, it's misguided when applied to cyber security. Organisations cannot prevent data breaches or cyberattacks altogether, and avoiding a breach or cyber incident is nearly impossible in the modern era. Organisations can, however, take steps to reduce an attack's negative impacts.

Eradicating risk is an impractical goal because you cannot "solve" something that constantly changes. To understand the risks you need to think like an attacker.

Threat actors are, first and foremost, opportunistic. They will always look for the easiest targets to maximise their financial gain. So intimately understanding an organisation's level of risk is the first step to managing and reducing it — and making yourself less of a target.

In line with Verizon’s "Data Breach Investigations Report" (DBIR) the four critical ways that threat actors most frequently use to compromise organisations large and small are credential compromise, phishing, vulnerability exploitation, and botnets, and these are the areas organisations should look reduce risks.

https://www.darkreading.com/edge-articles/cybersecurity-should-focus-on-managing-risk

• Fear of Cyber Attacks Drives SMBs to Spend More on Software

Despite fears of a looming recession, small and medium sized businesses (SMBs) are spending more on software in 2023, according to Capterra’s 2023 SMB Software Buying Trends Survey. 75% of US SMBs estimate they’ll spend more on software in 2023 compared to 2022.

Alongside increased software budgets, Capterra’s survey of over 500 SMBs reveals four other major trends in software buying behaviours and challenges that will impact businesses in 2023:

• Fearful of cyber attacks, US businesses rate security as a top motivator for software purchases

• Implementation concerns are SMBs’ biggest purchase barrier

• Most SMB software purchases are solely handled by IT, disregarding other important stakeholders

• Customer reviews sway purchase decisions, and verified reviews are critical

Despite the expected increase in software investments, many US SMBs regret their technology purchases. 61% of US SMBs say they have buyer’s remorse over a technology purchase in the past 12-18 months. Inadequate support services (39%) and higher-than-anticipated costs (34%) are the top reasons behind such regrets.

https://www.helpnetsecurity.com/2022/12/07/smbs-software-spending-2023/

• Business Email Compromise (BEC) Fraud Attacks Expand Beyond Email and Toward Mobile Devices

Business email compromise (BEC) scams have been increasingly targeting mobile devices, particularly with SMS-focused attacks. According to a new advisory by cyber security specialists at Trustwave, the trend indicates a broader shift towards phishing scams via text messages.

“Phishing scams are prevalent in the SMS threat landscape, and now, BEC attacks are also going mobile,” reads the report. Trustwave further added that scammers typically obtain mobile numbers from data breaches, social media and data brokers, among other methods. After that, attackers ask victims for a wire transfer, send a copy of an aging report or change a payroll account, luring them into paying for something that should be reimbursed later (but never will).

BEC attacks will always be here so long as they remain profitable. Their continued profitability proves that employee cyber security behaviour is neglected and mismanaged by the compliance-based approach to security awareness.

Security culture needs a reformation that begins with transforming the human layer into an asset which, when empowered by the right training and platform, augments the protect-detect-respond pillars of the [National Institute of Standards and Technology] NIST framework.

Trustwave’s findings were also confirmed in SlashNext’s State of Phishing 2022 report, which recently highlighted a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads. The document also suggested 83% of organisations reported that mobile device threats had been growing more quickly than other device threats.

https://www.infosecurity-magazine.com/news/bec-attacks-expand-toward-mobile/

• Ransomware Professionalisation Grows as Ransomware-as-a-Service (RaaS) Takes Hold

Ransomware groups are getting their acts together, growing in sophistication and business acumen while monetising ransomware beyond encryption, including double and triple extortion, as the market for ransomware-as-a-service (RaaS) matures.

In first half of 2022, LockBit, Conti, Alphv, Black Basta, and Vice Society were among the most prolific ransomware gangs, focusing their attack on US-based organisations, according to a LookingGlass report on the topic.

The report confirmed and attributed 1,133 ransomware attacks in the first six months of the year and attributed 207 data leaks across all active threat actor groups throughout the same period. Of the more than 1,300 incidents, the bulk came from the top 15 most active ransomware groups, led by LockBit, Conti, and Alphv.

Ransomware gangs have primarily targeted two sectors during the analysis period: manufacturing and industrial products, followed by engineering and construction and healthcare and life sciences, with the consumer and retail industry rounding out the top five.

The report highlighted the rise of sophisticated software and networks as a principal contributor to the professionalisation of ransomware, with malicious actors now offering RaaS, bug bounties, sales teams, and even customer support.

“This new, more professional ransomware structure can only mean that the problem will continue to grow in the months ahead," the report noted. "We anticipate the adoption of more traditional business practices as the underground economy continues to remain robust”.

https://www.darkreading.com/threat-intelligence/ransomware-professionalization-grows-as-raas-takes-hold

• Automated Dark Web Markets Sell Corporate Email Accounts For $2

Cyber crime marketplaces are increasingly selling stolen corporate email addresses for as low as $2 to fill a growing demand by hackers who use them for business email compromise and phishing attacks or initial access to networks.

Analysts at Israeli cyber-intelligence firm KELA have closely followed this trend, reporting at least 225,000 email accounts for sale on underground markets.

The largest webmail shops are Xleet and Lufix, claiming to offer access to over 100k breached corporate email accounts, with prices ranging between $2 and $30, if not more, for highly-desirable organisations.

Typically, these accounts were stolen via password cracking (brute-forcing) or credential stuffing, had their credentials stolen through phishing, or were bought from other cyber criminals.

Hackers use their access to corporate email accounts in targeted attacks like business email compromise (BEC), social engineering, spear-phishing, and deeper network infiltration.

https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

• Cloud Hosting Provider Rackspace Warns of Phishing Risks Following Ransomware Attack

Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.

While the company is still investigating the incident and is working on bringing affected systems back online, it says that cyber criminals might also take advantage and exploit this incident for their own purposes.

"If you do receive a message from an individual you do not recognise, do not reply. Please login to your control panel and create a ticket, including details about the message you received," Rackspace said. "We understand that contact such as this may be alarming, but we currently have no evidence to suggest that you are at increased risk as a result of this direct contact."

Rackspace added that customers could easily spot scammers attempting to steal their sensitive information since:

• Emails from Rackspace will be sent from @rackspace.com emails (although attackers might still use a spoofed email address and redirect their targets to a landing phishing page)

• Rackspace support will not ask for login credentials or personal information (e.g., social security number, driver's license) during phone calls

Even though the company is yet to reveal if it has any evidence that the attackers have stolen data from its systems during the breach, customers were advised to remain vigilant and monitor their credit reports and banking account statements for suspicious activity.

Some customers are also reporting an increase in phishing emails impersonating Rackspace since the ransomware attack. Those affected by the Rackspace ransomware attack and outage should not open any suspicious email attachments or click any suspicious links.

https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

• Security Concerns Scupper Deals for Two-Thirds of Firms

Two-thirds (67%) of global organisations have admitted to losing out on acquiring potential customers due to concerns about their security posture, according to LogRhythm.

The security vendor polled 1175 security professionals and executives across five continents to compile its latest report, The State of the Security Team 2022. It found that security due diligence among customers and partners is increasingly rigorous.

Some 91% of respondents said that their security strategy must now align with customers’ security policies and standards, while 85% claimed their company must provide proof that they meet partners’ security requirements.

There was more worrying news from the report: 70% of respondents reported an increase in workplace stress for security teams, with nearly a third (30%) citing a “significant” increase. Among the key stress factors highlighted in the study were growing attack sophistication, greater responsibilities and increasing attack frequency.

Two-fifths (41%) claimed that better integrated solutions would help to relieve these pressures, while a similar number (42%) pointed to the need for more experienced security professionals. The latter would seem unlikely, given the coming recession’s likely impact on budgets, and persistent industry skills shortages. The gap is now 3.4 million globally, including 56,800 in the UK, a massive 73% year-on-year increase, according to ISC2.

https://www.infosecurity-magazine.com/news/security-concerns-scupper-deals/

• Microsoft Encourages 'Strong Cyber Hygiene' in Light of Increasing Russian Cyber Attacks

Microsoft is gearing up for a slew of Russian cyber attacks this winter, and warns others to stay vigilant. Between missiles, drones, and cyber attacks the onslaught against Ukraine has been a brutal one, and reportedly only set to get worse in the coming months.

"Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support," says Microsoft in a recent blog post. "Recent attacks in Poland suggest that Russian state-sponsored cyber attacks may increasingly be used outside Ukraine in an effort to undermine foreign-based supply chains."

In late October, Russian forces were pushed from formerly occupied territory, retaliating with missile, drone, and cyber strikes that left much of Kyiv in need of simple running water.

The Russian group known to Microsoft as IRIDIUM (aka Sandworm) is thought to be working with the Russian intelligence service, the GRU, in coordinated efforts to inflict suffering on the people of Ukraine. The group has been at large for almost a decade, as Microsoft notes, "Following Russia’s annexation of Crimea in 2014, IRIDIUM launched a series of wintertime operations against Ukrainian electricity providers, cutting power to hundreds of thousands of citizens in 2015 and 2016."

https://www.pcgamer.com/microsoft-encourages-strong-cyber-hygiene-in-light-of-increasing-russian-cyberattacks/

Threats

Ransomware, Extortion and Destructive Attacks

• Rackspace customers rage following ransomware attack, as class-action lawsuits filed (bitdefender.com)

• Ransomware Professionalization Grows as RaaS Takes Hold (darkreading.com)

• Rackspace Admits Security Incident, Helps Customers Migrate to Microsoft 365 Accounts - Infosecurity Magazine (infosecurity-magazine.com)

• Medibank share price slumps ahead of major shutdown and cyber security overhaul (fool.com.au)

• Rackspace confirms ransomware behind days-long email outage • The Register

• Vice Society: Profiling a Persistent Threat to the Education Sector (paloaltonetworks.com)

• Wiper, Disguised as Fake Ransomware, Targets Russian Orgs (darkreading.com)

• Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices | Ars Technica

• Rackspace rocked by ‘security incident’ in hosted Exchange • The Register

• Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware (thehackernews.com)

• Understanding NIST CSF to assess your organisation's Ransomware readiness (thehackernews.com)

• New Ransom Payment Schemes Target Executives, Telemedicine – Krebs on Security

• South Pacific vacations may be wrecked by ransomware • The Register

• Gartner: 5 Considerations for I&O Leaders Planning Against Ransomware Attacks - IT Security Guru

• Intersport Data Posted On Hive Dark Web Blog - Information Security Buzz

• NZ Privacy Commissioner Investigates Mercury IT Ransomware Attack - Infosecurity Magazine (infosecurity-magazine.com)

• Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 (thehackernews.com)

• Education sector hit by Hive ransomware in November | TechTarget

• Ransomware attack forces French hospital to transfer patients (bleepingcomputer.com)

• CommonSpirit Health ransomware attack exposed data of 623,000 patients (bleepingcomputer.com)

• Ransomware Gang Steals Employee and Customer Data From LJ Hooker (vice.com)

Phishing & Email Based Attacks

• Rackspace warns of phishing risks following ransomware attack (bleepingcomputer.com)

• Phishing in the Cloud: We're Gonna Need a Bigger Boat (darkreading.com)

• Phishing scammers impersonate WhatsApp by buying a top ad spot on Google | PC Gamer

• Man who lost $149k after clicking on phishing e-mail among at least 10 victims in Case cyber attack | The Straits Times

• How to Recognize Phishing Emails: Cyber security Experts Give Advice - WSJ

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Christmas Warning: Threat Actors Impersonate your Favourite Brands to Attack, Finds CSC - Infosecurity Magazine (infosecurity-magazine.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Hardening Identities With Phish-Resistant MFA (darkreading.com)

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

Malware

• Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant (thehackernews.com)

• Infostealer Malware Market Booms, as MFA Fatigue Sets In (darkreading.com)

• Malware Authors Inadvertently Take Down Own Botnet (darkreading.com)

• New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm (thehackernews.com)

• Truebot Malware Activity Increases With Possible Evil Corp Connections - Infosecurity Magazine (infosecurity-magazine.com)

• Newly Discovered Trojan Steals 300,000 Facebook Users Details In 4 Year-Long Campaign - Information Security Buzz

• Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines (darkreading.com)

Mobile

• BEC Attacks Expand Beyond Email and Toward Mobile Devices - Infosecurity Magazine (infosecurity-magazine.com)

• 'Scattered Spider' Cyber crime Group Targets Mobile Carriers via Telecom, BPO Firms | SecurityWeek.Com

• Code of practice for app store operators and app developers - GOV.UK (www.gov.uk)

• Android malware apps with 2 million installs spotted on Google Play (bleepingcomputer.com)

• Privacy changes set Apple at odds with UK government over online safety bill | Apple | The Guardian

• Android malware infected 300,000 devices to steal Facebook accounts (bleepingcomputer.com)

• Researchers Uncover Darknet Service Allowing Hackers to Trojanize Legit Android Apps (thehackernews.com)

• Android December 2022 security updates fix 81 vulnerabilities (bleepingcomputer.com)

• Telcom and BPO Companies Under Attack by SIM Swapping Hackers (thehackernews.com)

• Darknet's Largest Mobile Malware Marketplace Threatens Users Worldwide (thehackernews.com)

• Eight Questions to Ask Your Aging Parents (and Yourself) to Keep Their Phones Safe From Hackers - WSJ

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Compromised Android keys used to sign info-stealing malware • The Register

• Largest mobile malware marketplace identified by Resecurity in the Dark Web - Security Affairs

Internet of Things – IoT

• How IoT is changing the threat landscape for businesses - Help Net Security

• What's the Matter with digital trust in smart home devices? - Help Net Security

• Security Risks Found in Millions of XIoT Devices - Infosecurity Magazine (infosecurity-magazine.com)

• Self-Propagating 'Zerobot' Botnet Targeting Spring4Shell, IoT Vulnerabilities | SecurityWeek.Com

• Eufy responds to camera security concerns | ZDNET

Data Breaches/Leaks

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

• Personal data of 10,000 Australians found for sale online | 7NEWS

• Stolen data of 600,000 Indians sold on bot markets so far - study | Reuters

Organised Crime & Criminal Actors

• Of Exploits and Experts: The Professionalization of Cyber Crime (darkreading.com)

• Economic uncertainty will greatly impact the spread of cyber crime - Help Net Security

• Automated dark web markets sell corporate email accounts for $2 (bleepingcomputer.com)

• DHS Cyber Safety Board to review Lapsus$ gang’s hacking tactics (bleepingcomputer.com)

• BlackProxies proxy service increasingly popular among hackers (bleepingcomputer.com)

• Gen Z Internet Users "Normalize" Cyber crime - Report - Infosecurity Magazine (infosecurity-magazine.com)

• Chart: Cyber crime Expected To Skyrocket in Coming Years | Statista

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Bitcoin ‘rarely’ used for legal transactions, on ‘road to irrelevance’, say European Central Bank officials | TechCrunch

• North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (thehackernews.com)

• Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks - Infosecurity Magazine (infosecurity-magazine.com)

• Threat Actors Use Malicious File Systems to Scale Crypto-Mining Operations - Infosecurity Magazine (infosecurity-magazine.com)

• Microsoft: Hackers target cryptocurrency firms over Telegram (bleepingcomputer.com)

• UK finalises plans for regulation of ‘wild west’ crypto sector | Financial Times (ft.com)

• North Korean Lazarus Group Linked to New Cryptocurrency Hacking Scheme – Security Bitcoin News

Insider Risk and Insider Threats

• Insights into insider threats: Detecting and monitoring abnormal user activity - Help Net Security

Fraud, Scams & Financial Crime

• Even cyber criminals fall for online scams: $2.5m last year • The Register

• Why are Monzo, Revolut and Starling becoming scam targets? — Startup Europe, The Sifted Podcast | Sifted

• 'I had £8,000 stolen but Revolut won't refund it' - BBC News

• Suspects arrested for hacking US networks to steal employee data (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Australia arrests 'Pig Butchering' suspects for stealing $100 million (bleepingcomputer.com)

• Cyber criminals are scamming each other, tipping off law enforcement - Help Net Security

• Elon Musk "Freedom Giveaway" crypto scam promoted via Twitter lists (bleepingcomputer.com)

• SIM swapper gets 18-months for involvement in $22 million crypto heist (bleepingcomputer.com)

• Metaparasites: The cyber criminals who rip each other off • Graham Cluley

• Investment Fraud Gang May Have Made $500m - Infosecurity Magazine (infosecurity-magazine.com)

Deepfakes

• Thanks to AI, it’s probably time to take your photos off the Internet | Ars Technica

AML/CFT/Sanctions

• Santander UK fined £108m over anti-money laundering failings | Banco Santander | The Guardian

Insurance

• What you should know when considering cyber insurance in 2023 | CSO Online

• Cyber Insurance Policy Underwriting Explained (trendmicro.com)

Dark Web

• Dark web recruiting techniques: Malware, phishing, and carding - Help Net Security

Supply Chain and Third Parties

• Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack (thehackernews.com)

• Antwerp's city services down after hackers attack digital partner (bleepingcomputer.com)

• Credit card skimming – the long and winding road of supply chain failure – Naked Security (sophos.com)

• Transport And Shipping Beware – Supply Chains Under Attack - Information Security Buzz

• Popular HR and Payroll Company Sequoia Discloses a Data Breach | WIRED

Software Supply Chain

• How Naming Can Change the Game in Software Supply Chain Security (darkreading.com)

Denial of Service DoS/DDoS

• 3 Types Of DDoS Attack Types You Should Care About - Information Security Buzz

• Microsoft warning after DDoS attack disrupts Russian bank • The Register