Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

• Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

• The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

• Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

• Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

• CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

• Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

• HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

• Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

• A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

• Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

• Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

• The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

• Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

• HardBit ransomware wants insurance details to set the perfect price (bleepingcomputer.com)

• An Overview of the Global Impact of Ransomware Attacks (bleepingcomputer.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Time to Deploy Ransomware Drops 94% - Infosecurity Magazine (infosecurity-magazine.com)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• A Deep Dive into the Evolution of Ransomware Part 1 (trendmicro.com)

• A Deep Dive into the Evolution of Ransomware Part 2 (trendmicro.com)

• Guardian staff forced to work out of former brewery after ransomware attack (telegraph.co.uk)

• Royal Ransomware Expands Attacks by Targeting Linux ESXi Servers (trendmicro.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• GoAnywhere zero-day opened door to Clop ransomware (malwarebytes.com)

• Derivatives market still hit by fallout from Ion Markets cyber attack | Financial Times (ft.com)

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

• Royal Mail resumes overseas deliveries via post offices after cyber-attack | Royal Mail | The Guardian

• LockBit gang takes credit for attack on water utility in Portugal - The Record from Recorded Future News

• IBM: Ransomware defenders showing signs of improvement | TechTarget

• ESXiArgs Ransomware Has Spread to 500 New Targets in Europe. Will there be More? - MSSP Alert

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Food giant Dole hit by ransomware, halts North American production temporarily (bitdefender.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Trellix Report: LockBit 3.0 Ransomware "Most Aggressive" with Demands - MSSP Alert

• Israel's Top Tech University Targeted by DarkBit Ransomware (darkreading.com)

• Warnings were issued over a log-in system used by Cork university in weeks before cyber attack (thejournal.ie)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Lockbit gang hit Portuguese municipal water utility Aguas do Porto-Security Affairs

• Student Medical Records Exposed After LAUSD Breach (darkreading.com)

Phishing & Email Based Attacks

• Three-quarters of businesses braced for ‘serious’ email attack this year | CSO Online

• Phishing Fears Ramp Up on Email, Collaboration Platforms (darkreading.com)

• Big rise in 'email thread hijacking' by cyber criminals (rte.ie)

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• Phishing as a Service (cyberark.com)

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Microsoft Outlook flooded with spam due to broken email filters (bleepingcomputer.com)

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

BEC – Business Email Compromise

• Google Translate Helps BEC Groups Scam Companies in Any Language (darkreading.com)

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering, deception becomes increasingly sophisticated-Security Affairs

• Smishing, vishing and whaling: How phishing scams are evolving | The Star

• Coinbase cyber attack targeted employees with fake SMS alert (bleepingcomputer.com)

2FA/MFA

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

Malware

• GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft (thehackernews.com)

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

• Researchers unearth Windows backdoor that’s unusually stealthy | Ars Technica

• Researchers warn of 'Havoc' command and control tool • The Register

• New WhiskerSpy malware delivered via trojanized codec installer (bleepingcomputer.com)

• Frebniis malware abuses Microsoft IIS feature to create a backdoor-Security Affairs

• New Stealc malware emerges with a wide set of stealing capabilities (bleepingcomputer.com)

• Experts Warn of RambleOn Android Malware Targeting South Korean Journalists (thehackernews.com)

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• Unanswered Questions Cloud the Recent Targeting of an Asian Research Org (darkreading.com)

• Hydrochasma Threat Group Bombards Targets with Slew of Commodity Malware, Tools (darkreading.com)

• Wiper Malware Surges Ahead, Spiking 53% in 3 Months (darkreading.com)

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Defenders on high alert as backdoor attacks become more common - Help Net Security

Mobile

• Five easy steps to keep your smartphone safe from hackers | ZDNET

• Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cybercrime Ecosystem” on Messaging App - CPO Magazine

• Accidental WhatsApp account takeovers? It's a thing • The Register

• Google will boost Android security through firmware hardening (bleepingcomputer.com)

Denial of Service/DoS/DDOS

• Seven German Airports Hit by Suspected Cyber Attack (heimdalsecurity.com)

• 4 Tips to Guard Against DDoS Attacks (darkreading.com)

Internet of Things – IoT

• Locking down the remote printer • The Register

• Are your IoT devices at risk? Cyber security concerns for 2023 - Help Net Security

Data Breaches/Leaks

• Sensitive US military emails exposed by unsecured Azure server • The Register

• DNA testing firm inks settlement after forgotten DB break-in • The Register

• Activision did not notify employees of data breach for months | TechCrunch

• GoDaddy blasted for breach response | SC Media (scmagazine.com)

• TELUS investigating leak of stolen source code, employee data (bleepingcomputer.com)

Organised Crime & Criminal Actors

• The war in Ukraine has shaken up the cyber criminal ecosystem, Google says | ZDNET

• Russian cyber crime alliances upended by Ukraine invasion • The Register

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Is Telegram the New Dark Web? Report Documents “Cyber crime Ecosystem” on Messaging App - CPO Magazine

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• Coinbase Attack Linked to Group Behind Last Year's Twilio, Cloudflare Hacks - SecurityWeek

• Coinbase breached by social engineers, employee data stolen – Naked Security (sophos.com)

• ‘Nevada Group’ hackers target thousands of computer networks | Financial Times (ft.com)

• Pirated Final Cut Pro infects your Mac with cryptomining malware (bleepingcomputer.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insider Risk and Insider Threats

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• Insider Threats Don't Mean Insiders Are Threatening (darkreading.com)

• Insider threats must be top-of-mind for organisations facing layoffs - Help Net Security

Fraud, Scams & Financial Crime

• Overwhelm impacts 90% of payment compliance teams as they combat record levels of fraud - IT Security Guru

• The cost of living crisis is triggering a wave of workplace crime - here's how | UK News | Sky News

• Fifth of Brits Have Fallen Victim to Online Scammers - Infosecurity Magazine (infosecurity-magazine.com)

• FTC: Americans lost $8.8 billion to fraud in 2022 after 30% surge (bleepingcomputer.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

• Europol busts ‘CEO fraud’ gang that stole €38M in a few days (bleepingcomputer.com)

• Criminals are flooding the internet with fake advice scams and adware, so watch out | TechRadar

• ‘They bleed you dry’: the recruitment scammers preying on Australian job seekers | Australia news | The Guardian

• City Fund Managers Jailed for £8m Fraud - Infosecurity Magazine (infosecurity-magazine.com)

• Scammers Mimic ChatGPT to Steal Business Credentials (darkreading.com)

• SBF faces four additional charges in FTX collapse case • The Register

Insurance

• Lower Data Breach Insurance Costs with These Tips (trendmicro.com)

Supply Chain and Third Parties

• UK NCSC Launches Recommendations on Supply Chain Mapping - Infosecurity Magazine (infosecurity-magazine.com)

• Chip company loses $250m after ransomware hits supply chain (malwarebytes.com)

• Third-Party Providers Create Identity and Access Control Challenges for Fintech Apps (darkreading.com)

• 3 Steps to Automate Your Third-Party Risk Management Program (thehackernews.com)

Software Supply Chain

• This Will Be the Year of the SBOM, for Better or for Worse (darkreading.com)

Cloud/SaaS

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• Four steps SMBs can take to close SaaS security gaps - Help Net Security

• Why Are My Employees Integrating With So Many Unsanctioned SaaS Apps? (darkreading.com)

• Four Reasons Why Web Security is as Important as Endpoint Security for MSSP Clients - MSSP Alert

Containers

• 87% of Container Images in Production Have Critical or High-Severity Vulnerabilities (darkreading.com)

Encryption

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

API

• Why people-driven remediation is the key to strong API security - Help Net Security

• ‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector | The Daily Swig (portswigger.net)

Open Source

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Passwords, Credential Stuffing & Brute Force Attacks

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

Social Media

• Twitter Limits SMS-Based 2-Factor Authentication to Blue Subscribers Only (thehackernews.com)

• Hackers Use S1deload Stealer to Target Facebook, YouTube Users - Infosecurity Magazine (infosecurity-magazine.com)

• 7 Tips for Mitigating Cyber-Risks to Your Corporate Social Media (darkreading.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Malvertising

• Google Ads Spreads FatalRAT Malware, Disguised As Popular Apps (informationsecuritybuzz.com)

Training, Education and Awareness

• Global threats fuel cyber defence training • The Register

Parental Controls and Child Safety

• Over confidence is putting children at risk online says Kaspersky research - IT Security Guru

Regulations, Fines and Legislation

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Firm Fined £200K For "Exploitative" Call Campaign - Infosecurity Magazine (infosecurity-magazine.com)

Governance, Risk and Compliance

• Employees bypass cyber security guidance to achieve business objectives - Help Net Security

• The financial system is alarmingly vulnerable to cyber attack | Financial Times (ft.com)

• Cyber threats, Regulations Mount for Financial Industry (darkreading.com)

• Fight Ransomware with a Cyber security Audit (trendmicro.com)

• Evolving Threat Landscape Leading to Cyber security Pro “Burnout,” Study Says - MSSP Alert

• Benchmarking your cyber security budget in 2023 | VentureBeat

• Security breach? Don’t blame your employees | TechCrunch

• 7 reasons to avoid investing in cyber insurance | CSO Online

• 5 top threats from 2022 most likely to strike in 2023 | CSO Online

• Cyber arms race, economic headwinds among top macro cyber security risks for 2023 | CSO Online

• Malicious actors push the limits of attack vectors - Help Net Security

Data Protection

• ICO Calls on Accountants to Improve SME Data Protection - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• CISOs struggle with stress and limited resources - Help Net Security

• Stress pushing CISOs out the door | CSO Online

• Complexity, volume of cyber attacks lead to burnout in security teams - Help Net Security

Law Enforcement Action and Take Downs

• Police Bust €38m BEC Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Spain Orders Extradition of British Alleged Hacker to US. - SecurityWeek

• Russian national accused of developing, selling malware appears in US. court | CyberScoop

• Dutch Police arrest three ransomware actors extorting €2.5 million (bleepingcomputer.com)

Privacy, Surveillance and Mass Monitoring

• Supreme Court declines to hear Wikimedia case against NSA surveillance program | CyberScoop

Artificial Intelligence

• MLOps Security AI power analysis breaks post-quantum security algorithm ... (eenewseurope.com)

• AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm - SecurityWeek

• Hackers use fake ChatGPT apps to push Windows, Android malware (bleepingcomputer.com)

Misinformation, Disinformation and Propaganda

• Security Experts Warn of Foreign Cyber Threat to 2024 Voting - SecurityWeek

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Musk restricts Starlink for Ukraine, cites World War III | Fortune

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Armenia and Azerbaijan Hackers Use OxtaRAT to Monitor Conflict - Infosecurity Magazine (infosecurity-magazine.com)

• Russia blames 'hackers' for fake missile strike alerts • The Register

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

• British Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

Nation State Actors

• ENISA and CERT-EU warns Chinese APTs targeting EU organisations-Security Affairs

• The war in Ukraine has shaken up the cybercriminal ecosystem, Google says | ZDNET

• Russian cybercrime alliances upended by Ukraine invasion • The Register

• EU Cyber security Agency Warns Against Chinese APTs - Infosecurity Magazine (infosecurity-magazine.com)

• Google Report Reveals Russia's Elaborate Cyber Strategy in Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Many cyber operations conducted by Russia are yet to be publicly disclosed, says Dutch intelligence-Security Affairs

• Russian spy working inside as security in a British embassy has been jailed for 13 years | UK News | Sky News

• Norwegian police recover $5.9m crypto stolen by North Korea • The Register

• America Loves Spying by Balloon, Just Like China (gizmodo.com)

• EU Organisations Warned of Chinese APT Attacks - SecurityWeek

• How Ukraine War Has Shaped US Planning for a China Conflict - SecurityWeek

• Earth Zhulong Familiar Patterns Target Southeast Asian Firms (trendmicro.com)

• Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack (trendmicro.com)

• Putin Speech Broadcast Temporarily Stopped By DDoS Attack (informationsecuritybuzz.com)

• Ukraine Suffered More Wiper Malware in 2022 Than Anywhere, Ever | WIRED

• Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (thehackernews.com)

• Russia’s Invasion Sparks Global Wiper Malware Surge - Infosecurity Magazine (infosecurity-magazine.com)

• Ukraine says Russian hackers backdoored govt websites in 2021 (bleepingcomputer.com)

• Russia's information war against Ukraine went stealth after Meta crackdown | CyberScoop

Vulnerability Management

• CVSS system criticized for failure to address real-world impact | The Daily Swig (portswigger.net)

• Majority of Ransomware Attacks Last Year Exploited Old Bugs (darkreading.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

Vulnerabilities

• US Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog (thehackernews.com)

• Fortinet Issues Patches for 40 Flaws Affecting FortiWeb, FortiOS, FortiNAC, and FortiProxy (thehackernews.com)

• SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities - SecurityWeek

• Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after release of PoC exploit-Security Affairs

• A New Kind of Bug Spells Trouble for iOS and macOS Security | WIRED

• VMware Patches Critical Vulnerability in Carbon Black App Control Product (thehackernews.com)

• New Privilege Escalation Bug Class Found on macOS and iOS - Infosecurity Magazine (infosecurity-magazine.com)

• PoC exploit code for critical Fortinet FortiNAC bug released online-Security Affairs

• Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks - SecurityWeek

• Hackers Exploit Privilege Escalation Flaw on Windows Backup Service - Infosecurity Magazine (infosecurity-magazine.com)

• Emergency VMware ESXi update fixes Windows Server 2022 VM boot issues (bleepingcomputer.com)

• Exploitation attempts observed against Fortinet FortiNAC flaw | TechTarget

• Researchers find hidden vulnerabilities in hundreds of Docker containers - Help Net Security

Tools and Controls

• Despite Breach, LastPass Demonstrates the Power of Password Management (darkreading.com)

• Google Cloud CISO Phil Venables: Zero trust ‘essential’ to protect the cloud | VentureBeat

• 10 Best Network Security Solutions & Providers - 2023 (cybersecuritynews.com)

• Modern Software: What's Really Inside? (darkreading.com)

• Why privileged access management should be critical to your security strategy | VentureBeat

• The battle for data security now falls on developers; here’s how they can win | VentureBeat

• Zero trust, XDR prominent in Gartner’s Hype Cycle for Endpoint Security | VentureBeat

• Advantages of the AWS Security Maturity Model (trendmicro.com)

Other News

• Army leads Western Europe’s largest cyber warfare exercise | The British Army (mod.uk)

• NSA shares guidance on how to secure your home network (bleepingcomputer.com)

• Encrypted Traffic, Once Thought Safe, Now Responsible For Most Cyberthreats (darkreading.com)

• Malicious actors push the limits of attack vectors - Help Net Security

• Researchers Hijack Popular NPM Package with Millions of Downloads (thehackernews.com)

• Is OWASP at Risk of Irrelevance? (darkreading.com)

• Justice Department Debuts 'Disruptive Technology Strike Force' (gizmodo.com)

• How to Detect New Threats via Suspicious Activities (thehackernews.com)

• At least one open source vulnerability found in 84% of code bases: Report | CSO Online

• White House cyber security strategy to force large companies to make systems secure by design | CyberScoop

• Microsoft urges Exchange admins to remove some antivirus exclusions (bleepingcomputer.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• ‘Biggest Cyber Risk Is Complacency, Not Hackers’ - UK Information Commissioner Issues Warning as Construction Company Fined £4.4 Million

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

The warning comes as the Information Commissioner’s Office (ICO) issued a fine of £4,400,000 to Interserve Group Ltd, a Berkshire based construction company, for failing to keep personal information of its staff secure. This is a breach of data protection law.

The ICO found that the company failed to put appropriate security measures in place to prevent a cyber attack, which enabled hackers to access the personal data of up to 113,000 employees through a phishing email.

The compromised data included personal information such as contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information.

John Edwards, UK Information Commissioner, said:

 “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.

 “Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.

 “Cyber attacks are a global concern, and businesses around the world need to take steps to guard against complacency. The ICO and NCSC already work together to offer advice and support to businesses, and this week I will be meeting with regulators from around the world, to work towards consistent international cyber guidance so that people’s data is protected wherever a company is based.”

https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/10/biggest-cyber-risk-is-complacency-not-hackers/

• Ransomware Threat Shifts from US to EMEA and APAC

The volume of ransomware detections in Q3 2022 was the lowest in two years, but certain geographical regions have become bigger targets as attacks on US organisations wane, according to SonicWall. The security vendor used its own threat detection network, including over one million security sensors in more than 200 countries, to reveal the current landscape.

The good news is that global malware volumes have remained flat for the past three quarters, amounting to a total of over four billion detections in the year to date. Of these, ransomware is also trending down after a record-breaking 2021. Even so, SonicWall detected 338 million compromise attempts in the first three quarters of the year.

Year-to-date ransomware attempts in 2022 have already exceeded the full-year totals from four of the past five years, the vendor claimed. While attacks on US organisations dipped by 51% year-on-year during the period, they increased significantly in the UK (20%), EMEA (38%) and APAC (56%).

The cyber-warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.

https://www.infosecurity-magazine.com/news/ransomware-threat-shifts-from-us/

• Phishing Attacks Increase by Over 31% In Third Quarter

Email security and threat detection company Vade has found that phishing emails in the third quarter this year increased by more than 31% quarter on quarter, with the number of emails containing malware in the first three quarters surpassing the 2021 level by 55.8 million.

Malware emails in the third quarter of 2022 alone increased by 217% compared to same period in 2021. Malware email volume peaked in July, reaching 19.2 million, before month-over-month declines in August and September, with numbers dropping to 16.8 million and 16.5 million respectively.

According to the report, email is the preferred attack vector for phishing and malware, as it gives hackers a direct channel to users, the weakest link in an organisation’s attack surface. The report analyses phishing and malware data captured by Vade, which does business internationally.

As attacks become more sophisticated, Vade said, they also become increasingly capable of evading the basic security offered by email providers, which almost eight in 10 businesses still rely on, according to Vade’s research.

While the activity of threat actors fluctuates, Vade’s research found that impersonating trusted and established brands remains the most popular strategy for hackers. In the third quarter of 2022, Facebook was the most impersonated brand for the second consecutive quarter, followed by Google, MTB, PayPal, and Microsoft.

The financial services sector remains the most impersonated industry, representing 32% of phishing emails detected by Vade, followed by cloud at 25%, social media at 22%, and internet/telco at 13%.

As phishing attacks increase, the techniques used by threat actors continue to evolve. While phishing campaigns were traditionally large scale and random, more recent campaigns seen by Vade suggest that hackers have pivoted to using more targeted campaigns.

https://www.csoonline.com/article/3678311/phishing-attacks-increase-by-over-31-in-third-quarter-report.html#tk.rss_news

• UK Urged to Watch for Fraud as People Aim to Make Extra Cash in Cost of Living Crisis

Brits have been warned to “stay alert for fraud” as more people are out to make extra cash as the cost of living rises across the country.

UK Finance said that more than half (56%) of people admitted that they are likely to look for opportunities to make extra money in the coming months, which could leave some people more susceptible to fraud.

According to the trade association’s Take Five To Stop Fraud campaign, one in six, or 16%, of people said the rising cost of living means they are more likely to respond to an unprompted approach from someone offering an investment opportunity or a loan.

Young people were more likely to be at risk, the data suggested, which surveyed 2,000 people across the UK. More than a third (34%) of 18 to 34-year-olds said they are more likely to respond to an unprompted approach from someone, with three in 10 (30%) also more likely to provide their personal or financial details to secure the arrangement.

Overall, three in five people (60%) said they are concerned about falling victim to financial fraud or a scam. It comes as recent figures from UK Finance showed that £609.8m was lost due to fraud and scams in the first half of this year.

https://uk.news.yahoo.com/uk-watch-for-fraud-extra-cash-cost-of-living-crisis-230154352.html

• HR Departments Play a Key Role in Cyber Security

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the centre of how an organisation is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cyber security posture.

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from bring-your-own-device (BYOD) and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organisation when they're not adequately aligned with the IT processes in an organisation. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organisation, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

https://www.darkreading.com/vulnerabilities-threats/hr-departments-play-a-key-role-in-cybersecurity

• The Long-Term Psychological Effects of Ransomware Attacks

Northwave has conducted scientific research into the psychological effects of a ransomware crisis on both organisations and individuals. The findings reveal the deep marks that a ransomware crisis leaves on all those affected. It also shows how their IT and security teams can turn in disarray long after the crisis itself has passed.

The research reveals how the psychological impact of ransomware attacks can persist on people in affected organisations for a very long time. It shows that crisis team members may develop serious symptoms far later. Top management and HR need to take measures against this, in fact right from the very beginning of the crisis. They are the ones bearing responsibility for the well-being of their staff.

They also discovered how teams have fallen apart some time after the crisis, with members leaving or staying home on sick-leave. The study reveals that effects can linger throughout the organisation. All in all the investigation shows that this invisible impact of a cyber crisis is an issue for the general business management, and certainly also for HR.

Northwave regards the response to a cyber attack as occurring in three phases. First comes the actual crisis situation, which evolves into an incident phase after about a week. A plan of action is then in place, and recovery measures are launched. The fire has been largely extinguished after a month or so, with the first (basic) functionalities available again.

Full recovery can take one to two years. Each phase has its specific effects on the minds and bodies of those involved, and by extension, on the organisation or parts of it. “On average a company is down for three weeks following a malware attack,” notes Van der Beijl. “But it surprised us that the impact persists for so long afterwards. Psychological issues are still surfacing a year after the actual crisis.”

One of every seven employees involved in the attack, either directly or indirectly, exhibits severe enough symptoms several months later, at a level considered to be above the clinical threshold at which professional trauma treatment help is needed. One in five employees say they would actually have needed more professional help subsequently in coming to terms with the attack. One in three liked to have more knowledge and concrete tools to deal with the psychological effects of the attack.

A ransomware attack has enduring psychological effects on the way employees view the world. Two-thirds of employees, including those not actually involved in the attack, now believe the world is less safe. As one IT manager pointed out, “I’ve become far more suspicious. The outside world is a dangerous place.”

https://www.helpnetsecurity.com/2022/10/25/psychological-effects-ransomware/

• 7 Hidden Social Media Cyber Risks for Enterprises

Whether they use it to amplify the brand, recruit new employees, advertise new products, or even sell directly to consumers, corporate brands love social media.

According to recent figures, brand advertising on social media is up by 53% in the last year, and that's not accounting for further investments that brands are making in developing and distributing content. They're pushing viral videos, funny memes, podcasts, written material, and more to increase engagement with their customers.

And brands are doing it across not only the old reliable social networks like Facebook and Twitter, but also emerging platforms like TikTok. In fact, according to another recent study, in 2022 marketers are expanding their horizons, with their increased content investments focused on areas like live streaming, long-form and short-form video content, virtual reality and augmented reality content, experimental content, and live audio chat rooms. The top platforms they're focused on most for increasing spending are now TikTok, Instagram, YouTube, and LinkedIn.

With the broadening of these social-media marketing strategies comes more risk. Whether an organisation uses social media to amplify its brand, or its executives and employees leverage social channels to bolster their professional and personal brands, these marketing platforms are a breeding ground for a wide range of cyber attacks and scams, including in the areas of artificial intelligence, deepfakes, and biometrics.

Cyber criminals, fraudsters, spies, and activists work around the clock to take advantage of emerging attack surfaces that arise from enterprise use of social media. The article below presents just a few avenues that organisations may overlook when they double-down on their social media investments.

https://www.darkreading.com/application-security/7-hidden-social-media-cyber-risks-enterprises

• 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds

Over half (54%) of office workers would reconsider working for a company that had recently experienced a cyber breach. That's according to a new study by cyber security technology provider, Encore.

An independent study of 100 C-level executives, 100 Chief Information Security Officers (CISOs) and 500 office workers in the US and the UK, conducted by Censuswide, sought to uncover the gap that remains between boards and security teams when it comes to addressing cyber demands.

Only a third (33%) of staff said they would be "completely unphased" if their employer suffered a cyber break-in. The majority (57%) of C-level executives polled said they have been breached in the last 12 months alone. Most office workers, however, were unaware, with only 39% believing their organisation had been the victim of a successful attack.

The immediate financial cost of a cyber-attack remains the number one concern for businesses, but security teams are learning that there is a long tail to these breaches, with employees at risk of losing faith in their company, its ethics and values and its overarching responsibilities to the general public. In a competitive market, this is a stark warning to businesses across the world. Keeping your staff in the dark about cyber risk is a fundamental error, not to mention the additional impact of delayed disclosure to customers.

41% of C-level executives polled named reputational damage as one of the biggest costs to their business following a cyber-attack, with 34% agreeing that loss of clientele or their trust was a significant cost.

Despite many admitting to suffering a cyber breach in the last year, the overwhelming majority (92%) of CISOs and C-level executives polled believe their business is secure at any given moment. Encore believes that a mindset shift is needed at an organisational level, treating cyber incidents and the security of employee and customer data as a fundamental part of normal business operations, not a function that sits on the outside, looking in.

https://www.darkreading.com/careers-and-people/54-of-staff-would-reconsider-working-for-a-firm-that-had-experienced-a-cyber-breach-research-finds

• Evolve as Fast as the Cyber Criminals: Protect Your Business Now, Before It’s Too Late

According to the 2022 Cyber Threat Report, 2021 saw a global average increase of 105% in the number of ransomware attacks. Proofpoint's 2022 State of the Phish report said that a staggering 82% of UK businesses that experienced a ransomware attack sent payment to the cyber criminals – believing this was the cheapest and easiest way to regain access to their data. However, in many cases criminals simply took the payment without restoring access and the organisation finds itself on criminal target lists as it has demonstrated that attacks pay off. Even when decryption keys are handed over it can take an extended period of time to restore data.

One attack, on a hospital in Dusseldorf, Germany, was implicated in the death of a patient who had to be diverted to an alternative site as the A&E department had been forced to close due to the loss of core computer systems. It appears that the attack had been misdirected, and the hackers – who were quickly apprehended by the police – handed over the encryption keys immediately when they realised what had happened. Nevertheless, the decryption process was slow. It began in the early hours of September 11 and by September 20 the hospital was still unable to add or retrieve information, or even send emails. 30 servers had been corrupted.

The methods and techniques required to conduct a cyber-attack have never been more accessible. Whether it is on the darknet or through open-source content, the ability to purchase material that allows a malicious user to conduct a cyber-attack is readily available. Conducting a ransomware attack and using it to extort money from companies and government services alike, is now viewed as a viable business model by organised criminals.

https://www.itsecurityguru.org/2022/10/28/evolve-as-fast-as-the-cybercriminals-protect-your-business-now-before-its-too-late/

• Enterprise Ransomware Preparedness Improving but Still Lacking

The majority of organisations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, "The Long Road Ahead to Ransomware Preparedness" by Enterprise Strategy Group, a division of TechTarget.

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organisations plan to invest more in ransomware preparedness over the next 12 to 18 months.

With preparedness investments expected to grow, the survey asked how organisations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

• network security (43%)

• backup infrastructure security (40%)

• endpoint security (39%)

• email security (36%)

• data encryption (36%)

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

https://www.techtarget.com/searchsecurity/feature/Enterprise-ransomware-preparedness-improving-but-still-lacking

• Why Are There So Many Data Breaches? A Growing Industry of Criminals is Brokering in Stolen Data

New details have emerged on the severity of the Australian Medibank hack, which has now affected all users. Optus, Medibank, Woolworths, and, last Friday, electricity provider Energy Australia are all now among the Australian household names that have fallen victim to a data breach.

If it seems like barely a week goes by without news of another incident like this, you would be right. Cyber crime is on the rise – seven major Australian businesses were affected by data breaches in the past month alone.

But why now? And who is responsible for this latest wave of cyber attacks?

In large part, the increasing number of data breaches is being driven by the growth of a global illicit industry that trades in your data. In particular, hackers known as “initial access brokers” specialise in illegally gaining access to victim networks and then selling this access to other cyber criminals.

Hackers and initial access brokers are just one part of a complex and diversifying cyber crime ecosystem. This ecosystem contains various cyber criminal groups who increasingly specialise in one particular aspect of online crime and then work together to carry out the attacks.

Ransomware attacks are complex, involving up to nine different stages. These include gaining access to a victim’s network, stealing data, encrypting a victim’s network, and issuing a ransom demand. Increasingly, these attacks are carried out not by lone cyber criminal groups, but rather by networks of different cyber crime groups, each of which specialises in a different stage of the attack.

Initial access brokers will often carry out the first stage of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world”, it’s their job to gain access to a victim’s network.

https://theconversation.com/why-are-there-so-many-data-breaches-a-growing-industry-of-criminals-is-brokering-in-stolen-data-193015

• How The "pizza123" Password Could Take Down an Organisation

Criminal hackers took responsibility for a recent FastCompany breach, saying they exploited an easily guessed default password, "pizza123." The business magazine reused the weak password across a dozen WordPress accounts, according to the hackers, who described the attack in their own article on FastCompany.com before the publication took the site down.

The breach, the bitter taste of pizza123, and the plight of malicious push notifications, demand caution when selecting and managing passwords.

The hackers claimed to have used the vulnerable password pizza123 to access authentication tokens, Apple News API keys, and Amazon Simple Email Service (SES) tokens. Then they sent offensive push notifications to the home screens of subscribers of the FastCompany channel on the Apple News service.

After decades of investment in sculpting the organisation's brand image, a business can watch its reputation flounder in the face of an obscene push notification. The sentiment of millions of faithful customers can turn sour in an instant. By the time organisations block the messages and make public apologies, the harm is done.

Customers can swap to a competitor, or even sue for the offence when they have entrusted a publisher to provide safe content. Regulatory bodies can fine organisations. The company can spend time and money defending itself in court and restoring its image. But malicious push notifications can do a lot worse than offend customers—criminal hackers can load messages with malware and infect consumer devices, leading to privacy violations and consumer financial fraud.

People often build passwords using the first word that comes to mind and a brief series of numbers. Pizza123 is a perfect example of an easy-to-guess password. Employees will create passwords already appearing on breached password lists. Criminal hackers use brute force attacks to confirm working passwords from the same lists.

Nearly two-thirds of employees reuse their passwords. The more they reuse them across business and personal accounts, the more likely criminal hackers will breach them and test them on the organisation. Hackers know to try the same passwords on different companies they hack because of password reuse.

Robust password management enables fine-grained password policies and policy customisation. With a custom password policy, organisations can increase complexity requirements, like length and previous-password change minimums. A custom password policy with increased complexity requirements will block 95% of weak and breached passwords.

Password length is a particularly critical component of strong passwords. Ninety-three percent of the passwords used in brute force attacks include eight or more characters. A custom password policy can require a minimum password length, decreasing password entropy.

https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/

Threats

Ransomware and Extortion

• SonicWall: Ransomware down this year, but there’s a catch • The Register

• Medibank cyber-attack: should the health insurer pay a ransom for its customers’ data? | Health | The Guardian

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Microsoft links Raspberry Robin worm to Clop ransomware attacks (bleepingcomputer.com)

• How to detect Windows worm that now distributes ransomware • The Register

• Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn (darkreading.com)

• BlackByte ransomware affiliate also steals victims' data • The Register

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

• CISA warns of ransomware attacks on healthcare providers (techtarget.com)

• Industrial Ransomware Attacks: New Groups Emerge, Manufacturing Pays Highest Ransom | SecurityWeek.Com

• Ransom Cartel - REvil Rebrand? (informationsecuritybuzz.com)

• Addressing Ransomware in Hospitals & Medical Devices (trendmicro.com)

• Australian Clinical Labs says patient data stolen in ransomware attack (bleepingcomputer.com)

• Vice Society Hackers Confess To Education Sector Ransomware Attacks (informationsecuritybuzz.com)

• Why Ransomware in Education on the Rise and What That Means for 2023 (thehackernews.com)

• Largest EU copper producer Aurubis suffers cyber attack, IT outage (bleepingcomputer.com)

• Hive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (thehackernews.com)

• Ransomware Gangs Ramp Up Industrial Attacks in US (darkreading.com)

Phishing & Email Based Attacks

• DHL Replaces LinkedIn As Most Imitated Brand in Phishing Attempts - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Social engineering attacks anybody could fall victim to - Help Net Security

• Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks | SecurityWeek.Com

Malware

• Threat Groups Repurpose Banking Trojans into Backdoors (darkreading.com)

• Types of cloud malware and how to defend against them (techtarget.com)

• Cranefly Hackers Use Stealthy Techniques to Deliver and Control Malware - Infosecurity Magazine (infosecurity-magazine.com)

• Thousands Of Fake PoC Exploits In GitHub Repositories Deliver Malware – (informationsecuritybuzz.com)

• Chrome extensions with 1 million installs hijack targets’ browsers (bleepingcomputer.com)

• Hackers use Microsoft IIS web server logs to control malware (bleepingcomputer.com)

Mobile

• Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability (thehackernews.com)

• These Dropper Apps On Play Store Targeting Over 200 Banking and Cryptocurrency Wallets (thehackernews.com)

• Android Hacking Warning As Criminals Target TikTok And PayPal For (informationsecuritybuzz.com)

Internet of Things – IoT

• IoT Fingerprinting Helps Authenticate and Secure All Those Devices (darkreading.com)

• IoT security strategy from enterprises using connected devices | Network World

• Security by design vital to protecting IoT, smart cities around the world, says CEO of UK NCSC | CSO Online

• Your CCTV devices can be hacked and weaponized - Help Net Security

• Critical Flaws in Abode Home Security Kit Allow Hackers to Hijack, Disable Cameras | SecurityWeek.Com

Data Breaches/Leaks

• Thomson Reuters leaked at least 3TB of sensitive data | Cybernews

• See Tickets discloses 2.5 years-long credit card theft breach (bleepingcomputer.com)

• Twilio discloses another hack from June, blames voice phishing (bleepingcomputer.com)

• Seven months after it found out, FamilySearch tells users their personal data has been breached • Graham Cluley

• Bed Bath & Beyond reviewing possible data breach | Reuters

Organised Crime & Criminal Actors

• Ukrainian charged for operating Raccoon Stealer malware service (bleepingcomputer.com)

• Interpol says metaverse opens up new world of cyber crime | Reuters

• From Bounty to Exploit Observations About Cyber criminal Contests (trendmicro.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Researchers uncover cryptojacking campaign targeting Docker, Kubernetes cloud servers | SC Media (scmagazine.com)

• Purpleurchin: Cryptocurrency miners scour GitHub, Heroku • The Register

• Cryptomining campaign abused free GitHub account trials (techtarget.com)

Insider Risk and Insider Threats

• New York Post hacked? No, the culprit is an employee - Security Affairs

Fraud, Scams & Financial Crime

• UK Anti-fraud Efforts Failing (informationsecuritybuzz.com)

• Dealers Report Dramatic Increase in Identity Fraud: Most Lack Effective Protection (darkreading.com)

• Economic strife fuels cyber anxiety - Help Net Security

• LinkedIn Releases New Security Features To Combat Fraud (informationsecuritybuzz.com)

• Beware Of SCAMS As Cost Of Living Bites Finances, Expert Comments (informationsecuritybuzz.com)

Insurance

• Health insurer Medibank's infosec diagnosis is getting worse • The Register

• Cyber Insurance Market 2022: FAQs & Updates with iBynd (trendmicro.com)

Dark Web

• Notorious ‘BestBuy’ hacker arraigned for running dark web market (bleepingcomputer.com)

• Student arrested for running one of Germany’s largest dark web markets (bleepingcomputer.com)

• Dark Web Forum Busts Come Days Apart (darkreading.com)

• British hacker arraigned for running The Real Deal dark web marketplace - Security Affairs

Software Supply Chain

• Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (informationsecuritybuzz.com)

• How the Software Supply Chain Security is Threatened by Hackers (thehackernews.com)

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• Consumer behaviours are the root of open source risk - Help Net Security

Denial of Service DoS/DDoS

• Key observations on DDoS attacks in H1 2022 - Help Net Security

• Meet the Windows servers that have been fuelling massive DDoSes for months | Ars Technica

Cloud/SaaS

• Everything you Need to Know about Cloud Hacking and its Methodologies (analyticsinsight.net)

• It’s time to prioritize SaaS security | InfoWorld

• Top Cloud Security Challenges & How to Beat Them (trendmicro.com)

• Atlassian Vulnerabilities Highlight Criticality of Cloud Services (darkreading.com)

• Threat Actors Target AWS EC2 Workloads to Steal Credentials (trendmicro.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

• Cloud Providers Throw Their Weight Behind Confidential Computing (darkreading.com)

Hybrid Working

• Balancing remote work privacy vs. productivity monitoring (techtarget.com)

• Cloud and Hybrid Working Security Concerns Surge - Infosecurity Magazine (infosecurity-magazine.com)

Attack Surface Management

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Asset risk management: Getting the basics right - Help Net Security

Encryption

• New Critical Vuln In Component That Allow Encryption Across Internet - (informationsecuritybuzz.com)

• Can a new form of cryptography solve the internet’s privacy problem? | Data protection | The Guardian

API

• Thousands Of Publicly Exposed API Tokens Could Threaten Software Integrity (informationsecuritybuzz.com)

• Key API Security Principles And How To Implement Them (informationsecuritybuzz.com)

Open Source

• Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security (darkreading.com)

• 4 Reasons Open Source Matters for Cloud Security (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why it's time to expire mandatory password expiration policies (techtarget.com)

• Feds say Ukrainian man running malware service amassed 50M unique credentials | Ars Technica

Biometrics

• ICO Warns of "Immature" Biometric Tech - Infosecurity Magazine (infosecurity-magazine.com)

Social Media

• LinkedIn Phishing Spoof Bypasses Google Workspace Security (darkreading.com)

• LinkedIn's new security features combat fake profiles, threat actors (bleepingcomputer.com)

• Cyber security event cancelled after scammers disrupt LinkedIn live chat (bitdefender.com)

• Expert Opinion: What Does Musk's Takeover Mean For Cyber security? (informationsecuritybuzz.com)

• Cyber attackers Target Instagram Users With Threats of Copyright Infringement (darkreading.com)

Cyber Bullying, Cyber Stalking and Sextortion

• Ex-cop abused police tool in Snapshot sextortion plot that stole sexually explicit photos and videos (bitdefender.com)

Regulations, Fines and Legislation

• UK Construction Biz Fined £4.4m for Serious Security Failings - Infosecurity Magazine (infosecurity-magazine.com)

• Australia Flags New Corporate Penalties for Privacy Breaches | SecurityWeek.Com

Data Protection

• What consumers expect from organisations that handle their personal data - Help Net Security

Law Enforcement Action and Take Downs

• Criminals are starting to exploit the metaverse, says Interpol. So police are heading there too | ZDNET

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Ukraine: Russian cyber attacks aimless and opportunistic (techtarget.com)

• Unknown Actors are Deploying RomCom RAT to Target Ukrainian Military (thehackernews.com)

• Slovak, Polish Parliaments Hit by Cyber attacks | SecurityWeek.Com

• Norway arrests man accused of being Russian spy - BBC News

• Cuba ransomware affiliate targets Ukraine, CERT-UA warns - Security Affairs

• Ukraine Warns of Cuba Ransomware Attacks - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

Nation State Actors – Russia

• Russia says Starlink satellites could become military target • The Register

• Calls for inquiry mount after reports that Truss’s phone was hacked | Financial Times

• OldGremlin Ransomware Fierce Comeback Against Russian Targets (informationsecuritybuzz.com)

Nation State Actors – China

• Chinese spy duo charged in Huawei case as US condemns ‘egregious’ interference | China | The Guardian

• Chinese Connected Cyber Crew Unleashes Disinformation Campaign Ahead of US Elections - MSSP Alert

• Federal bans don't stop US states from buying Chinese kit • The Register

• Chinese Spies Indicted for Coercing Nationals Living in US to Return as Agents of the PRC - MSSP Alert

Nation State Actors – North Korea

• Kimsuky Hackers Spotted Using 3 New Android Malware to Target South Koreans (thehackernews.com)

Nation State Actors – Iran

• Iranian government blames 'foreign country' for hack-and-leak of nuclear information - CyberScoop

Vulnerability Management

• Outpost24: How Pentesting-as-a-Service finds vulnerabilities before they're exploited (bleepingcomputer.com)

• Protecting organisations by understanding end-of-life software risks - Help Net Security

Vulnerabilities

• OpenSSL to fix the second critical flaw ever - Security Affairs

• Urgent: Google Issues Emergency Patch for Chrome Zero-Day (darkreading.com)

• Multiple RCE Vulnerabilities Discovered in Veeam Backup & Replication App - Infosecurity Magazine (infosecurity-magazine.com)

• ConnectWise fixes RCE bug exposing thousands of servers to attacks (bleepingcomputer.com)

• Critical authentication bug in Fortinet products actively exploited in the wild | The Daily Swig (portswigger.net)

• Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now! – Naked Security (sophos.com)

• Windows Mark of the Web Zero-Days Remain Patchless, Under Exploit (darkreading.com)

• 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library (thehackernews.com)

• Cisco warns admins to patch AnyConnect flaws exploited in attacks (bleepingcomputer.com)

• Exploit released for critical VMware RCE vulnerability, patch now (bleepingcomputer.com)

• Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities | SecurityWeek.Com

• Incoming OpenSSL critical fix: Organisations, users, get ready! - Help Net Security

• Cisco Users Informed of Vulnerabilities in Identity Services Engine | SecurityWeek.Com

• VMware fixes critical RCE in VMware Cloud Foundation - Security Affairs

• VMware Patches Critical Vulnerability in End-of-Life Product | SecurityWeek.Com

• Multiple vulnerabilities affect the Juniper Junos OS - Security Affairs

Reports Published in the Last Week

• Q3 2022 Phishing and Malware Report: Phishing Volumes Increase 31% (vadesecure.com)

• Attack Surface Management 2022 Midyear Review Part 2 (trendmicro.com)

• Justice response inadequate to meet scale of fraud epidemic - Committees - UK Parliament

Other News

• Cyber Security Risks & Stats This Spooky Season (darkreading.com)

• Cyber Certification Skills Are For Life, Not Just For Linkedin (informationsecuritybuzz.com)

• 8 hallmarks of a proactive security strategy | CSO Online

• Implementing Defence in Depth to Prevent and Mitigate Cyber Attacks (thehackernews.com)

• Cyber security’s importance and impact reaches all levels of the tech workforce - Help Net Security

• Stress Is Driving Cyber Security Professionals to Rethink Roles (darkreading.com)

• Equifax's Lessons Are Still Relevant, 5 Years Later (darkreading.com)

• Why dark data is a growing danger for corporations - Help Net Security

• Know the dangers you're facing: 4 notable TTPs used by cyber criminals worldwide - Help Net Security

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Cyber Security Is Getting Harder: More Threats, More Complexity, Fewer People

Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise. More than 1,200 security leaders participated in the survey, revealing they’ve seen an increase in cyber attacks while their teams are facing widening talent gaps.

According to the report, 65% of respondents say they have seen an increase in attempted cyber attacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted:

·       49% of organisations say they have suffered a data breach over the past two years, an increase from 39% a year earlier.

·       79% of respondents say they’ve encountered ransomware attacks, and 35% admit that one or more of those attacks led them to lose access to data and systems.

·       59% of security teams say they had to devote significant time and resources to remediation, an increase from 42% a year ago.

·       54% of respondents report that their business-critical applications have suffered from unplanned outages related to cyber security incidents on at least a monthly basis, with a median of 12 outages per year. The median time to recover from unplanned downtime tied to cyber security incidents is 14 hours. Respondents estimated the cost of this downtime averaged about $200,000 per hour.

·       64% of security professionals have stated that it’s challenging to keep up with new security requirements, up from 49% a year ago.

https://www.helpnetsecurity.com/2022/04/13/modern-enterprise-security-issues/

• Terrible Cloud Security Is Leaving the Door Open for Hackers. Here's What You're Doing Wrong

A rise in hybrid work and a shift to cloud platforms has changed how businesses operate - but it's also leaving them vulnerable to cyber attacks.

Cloud applications and services are a prime target for hackers because poor cyber security management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyber attacks.

Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cyber security researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.

The global pandemic pushed organisations and employees towards new ways of remote and hybrid working, with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cyber security risks – and malicious hackers know this.

https://www.zdnet.com/article/terrible-cloud-security-is-leaving-the-door-open-for-hackers-heres-what-youre-doing-wrong/

• More Organisations Are Paying the Ransom. Why?

Most organisations (71%) have been hit by ransomware in 2021, and most of those (63%) opted for paying the requested ransom, the 2022 Cyberthreat Defense Report (CDR) by the CyberEdge Group has shown.

The research company says that possible explanations for the steady yearly rise of the percentage of organisations that decided to pay the ransom may include: the threat of exposing exfiltrated data, increased confidence for data recovery, and the fact that many organisations find that paying a ransom is significantly less costly than system downtime, customer disruption, and potential lawsuits.

“72% of ransom-paying victims recovered their data [in 2021], up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision,” the company noted.

Similarly, BakerHostatler’s 2022 Data Security Incident Response Report says that in ransomware incidents the US-based law firm was called in to manage in 2021, ransomware groups provided decryptors and stuck to their promise to not publish stolen data 97% of the time.

https://www.helpnetsecurity.com/2022/04/11/organizations-paying-ransom/

• Cyber Attack Puts City Firms on High Alert to Bolster Defences

Experts warn a combination of 'ignorance and arrogance' makes City executives vulnerable to attacks.

City firms on high alert for cyber attacks were sent a clear warning recently, bolstering concerns of the potential for breaches from Russia.

Ince Group, the London-listed law firm, last month fell prey to hackers who infiltrated its computer systems and stole confidential data. The company's security systems detected the intrusion on March 13, prompting the IT team to shut down servers to try and prevent widespread damage.

But soon after, the hackers demanded a ransom for stolen data and threatened to publish it on the dark web if Ince Group, which has clients in the shipping, energy and healthcare sectors, didn't pay up.

The incident has intensified worries of possible breaches after warnings that City firms could be targeted by Russian hackers following Putin’s invasion of Ukraine.

Julia O'Toole, chief executive of MyCena Security Solutions, says executives should be "very concerned" about any news of a cyber attack at a rival company.

https://www.telegraph.co.uk/business/2022/04/11/cyber-attack-puts-city-firms-high-alert-bolster-defences/

• More Than 60% of Organisations Suffered a Breach in the Past 12 Months

Firms focus too narrowly on external attackers when it's insiders, third parties, and stolen assets that cause many breaches, new study shows.

The majority of companies — 63% — have suffered at least one breach in the past 12 months. The global average breach cost $2.4 million — a price tag that increases to $3.0 million for companies unprepared to respond to compromises.

The new data from Forrester Research, released on April 8 in a report titled "The 2021 State Of Enterprise Breaches," found that the number of breaches and the cost of breaches varied widely depending on the geographic location of the business and to what degree the organisation is prepared to respond to breaches. Companies in North America had the largest disparity between the haves and have-nots: While the average organisation required 38 days to find, eradicate, and recover from a breach, companies that failed to adequately prepare for security challenges took 62 days.

The difference in response resulted in a large difference in cost as well, with the average North American company paying $3.0 million to recover from a breach, a bill that rises to $4.0 million if the company suffered from a lack of incident-response preparation.

"The misalignment between the expectation and the reality of breaches has become very important," says Allie Mellen, an analyst with Forrester's Security and Risk group. "On a global scale, there is a big disparity of about $600,000 between those who are prepared to respond to a breach and those who are not."

https://www.darkreading.com/attacks-breaches/more-than-60-of-organizations-suffered-a-breach-in-the-past-12-months

• Account Takeover Poised to Surpass Malware as The No. 1 Security Concern

As most researchers and financial executives can attest, virtually all types of fraud have dramatically risen over the past two years. However, attackers taking over legitimate financial accounts have become even more of a favourite with cyber criminals than most fraud schemes.

Many major recent research reports have pointed out that account takeover (ATO), a form of identity theft where bad actors access legitimate bank accounts, change the account information and passwords, and hijack a real customer’s account, has skyrocketed since last year. According to Javelin Research’s annual "Identity Fraud Study: The Virtual Battleground" report, account takeover increased by 90% to an estimated $11.4 billion in 2021 when compared with 2020 — representing roughly one-quarter of all identity fraud losses last year.

Like many types of financial fraud, cyber thieves are betting on the fact that if they attempt to seize a large number of legitimate accounts, eventually they will get a payoff.

Account takeovers are a numbers game, the more accounts that an organisation has, the bigger their risk that some of them will be compromised.

Account takeovers often piggyback off of previous attacks, making these crimes a way for hackers to make the most out of stolen information. Diskin pointed out that account takeovers most commonly happen when a password is “taken from another data leak and reused for different accounts. But there are a variety of risky scenarios that can lead to compromise.”

https://www.scmagazine.com/analysis/cybercrime/account-takeover-poised-to-surpass-malware-as-the-no-1-security-concern

• Security Research Reveals 42% Rise in New Ransomware Programs In 2021

Critical infrastructure in the crosshairs: operational technology vulnerabilities jump 88% .

Threat intelligence analysts at Skybox Research Lab uncovered a 42% increase in new ransomware programs targeting known vulnerabilities in 2021. The Silicon Valley cyber security company released its annual 2022 Vulnerability and Threat Trends Report, revealing how quickly cyber criminals capitalise on new security weaknesses – shrinking the window that organisations have to remediate vulnerabilities ahead of an attack.

With 20,175 new vulnerabilities published in 2021, Skybox Research Lab witnessed the most vulnerabilities ever reported in a single year. And these new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published over the last 10 years reached 166,938 in 2021 — a three-fold increase over a decade. These cumulative vulnerabilities, piling up year after year, represent an enormous aggregate risk, and they’ve left organisations struggling with a mountain of cyber security debt. As the US Cybersecurity and Infrastructure Security Agency (CISA) highlights in its Top Routinely Exploited Vulnerabilities list, threat actors are routinely exploiting publicly disclosed vulnerabilities from years past.

The sheer volume of accumulated risks — hundreds of thousands or even millions of vulnerability instances within organisations — means they can’t possibly patch all of them. To prevent cyber security incidents, it is critical to prioritise exposed vulnerabilities that could cause the most significant disruption, then, apply appropriate remediation options including configuration changes or network segmentation to eliminate risk, even before patches are applied or in cases where patches aren’t available.

https://informationsecuritybuzz.com/study-research/skybox-security-research-reveals-42-rise-in-new-ransomware-programs-in-2021/

• Fraudsters Stole £58m with Remote Access Trojans (RATs) in 2021

2021 saw victims of Remote Access Tool (RAT) scams lose £58m in 2021, official UK police figures show.

RAT scams involve scammers taking control of a victim’s device, typically in order to access bank accounts.

Some 20,144 victims fell for this type of scam in 2021, averaging around £2800 stolen per incident.

Typically, RAT attacks begin with a victim being inundated with pop-ups claiming there is a problem with the computer. Users are often then asked to call a “hotline” number, when a scammer will persuade them to download a RAT.

RAT scams are often compared to the classic “tech support” scams. Modern RAT scams are typically more devious, however, with scammers often cold-calling their victims pretending to work for their bank and claiming that they need computer access to investigate a fraudulent transaction.

https://www.itsecurityguru.org/2022/04/11/fraudsters-stole-58m-with-rats-in-2021/

• As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

With the ongoing conflict in Eurasia, cyber warfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months.

Notably, cyber attacks backed by state actors are becoming prominent. There have been reports of a rise of ransomware and other malware attacks such as Cyclops Blink, HermeticWiper, and BlackCat. These target businesses as well as government institutions and nonprofit organisations. There have been cases of several attempts to shut down online communications and IT infrastructure.

The ongoing list of significant cyber incidents curated by the Center for Strategic and International Studies (CSIS) shows that the number of major incidents in January 2022 is 100% higher compared to the same period in the previous year. With the recent activities in cyberspace impacted by the emergence of the geopolitical tumult in February, it is not going to be surprising to see an even more dramatic rise in the number of significant incidents.

https://thehackernews.com/2022/04/as-state-backed-cyber-threats-grow.html

• Q1 Reported Data Compromises Up 14% Over 2021

The Identity Theft Resource Center published a First Quarter 2022 Data Breach Analysis which found that Q1 of 2022 began with the highest number of publicly reported data compromises in the past three years.

Publicly reported data compromises totalled 404 through March 31, 2022, a 14 percent increase compared to Q1 2021.

This is the third consecutive year when the number of total data compromises increased compared to Q1 of the previous year. It also represents the highest number of Q1 data compromises since 2020.

https://informationsecuritybuzz.com/expert-comments/q1-reported-data-compromises-up-14-over-2021/

• Europol Announces Operation to Hit Russian Sanctions-Evaders

European police have announced a major new operation designed to crack down on Russian oligarchs and businesses looking to circumvent sanctions.

Operation Oscar will run for at least a year as an umbrella initiative that will feature many separate investigations, Europol explained.

The policing organisation’s European Financial and Economic Crime Centre will work to exchange information and intelligence with partners and provide operational support in financial crime investigations.

A key focus appears to be on illicit flows of money, which Russian individuals and entities will be trying to move around the region in order to bypass sanctions imposed since President Putin’s invasion of Ukraine.

“Europol will centralise and analyse all information contributed under this operation to identify international links, criminal groups and suspects, as well as new criminal trends and patterns,” Europol said.

“Europol will further provide tailor-made analytical support to investigations, as well as operational coordination, forensics and technical expertise, and financial support to the relevant national authorities.”

https://www.infosecurity-magazine.com/news/europol-hit-russian/

Threats

Ransomware

• Ransomware: These Two Gangs Are Behind Half of All Attacks | ZDNet

• Clueless Hackers Spent Months Inside a Network And Nobody Noticed. But Then a Ransomware Gang Turned Up | ZDNet

• Conti Ransomware Leak Shows Group Operates Like a Normal Tech Company, with an HR Department, Performance Reviews and an ‘Employee of the Month’ (cnbc.com)

• Don't Let Ransomware Gangs Spend Months in Your Network • The Register

• Dismantling ZLoader: How Malicious Ads Led to Disabled Security Tools And Ransomware - Microsoft Security Blog

• Analysis of the SunnyDay Ransomware - Security Affairs

• Karakurt Data Thieves Linked to Larger Conti Hacking Group | CSO Online

• Conti Ransomware Gang Claims Responsibility for The Nordex Hack - Security Affairs

• OldGremlin Ransomware Gang Targets Russia with New Malware (bleepingcomputer.com)

• Conti Ransomware Offshoot Targets Russian Organisations | Malwarebytes Labs

Other Social Engineering

• FBI: Payment App Users Targeted in Social Engineering Attacks (bleepingcomputer.com)

• These Hackers Pretend to Poach, Recruit Rival Bank Staff In New Cyber Attacks | ZDNet

Malware

• Credential-Stealing Malware Disguises Itself As Telegram, Targets Social Media Users | Malwarebytes Labs

• Microsoft Sounds The Alarm Over New Cunning Windows Malware | TechRadar

• Spring4Shell Under Active Exploit by Mirai Botnet Herders • The Register

• Haskers Gang Gives Away ZingoStealer Malware to Other Cyber Criminals for Free (thehackernews.com)

• Hackers Hijack Adult Websites to Infect Victims With Malware | TechRadar

• Qbot Malware Switches To New Windows Installer Infection Vector (bleepingcomputer.com)

• Windows 11 tool to Add Google Play Secretly Installed Malware (bleepingcomputer.com)

• Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service (thehackernews.com)

• Researchers Warn of FFDroider and Lightning Info-Stealers Targeting Users in The Wild (thehackernews.com)

• Enemybot: a New Mirai, Gafgyt Hybrid Botnet Joins The Scene | ZDNet

Mobile

• Android Banking Malware Intercepts Calls to Customer Support (bleepingcomputer.com)

• How to Stop Octo Malware From Remotely Accessing Your Android (lifehacker.com)

IoT

• New EnemyBot DDoS Botnet Recruits Routers and IoTs Into Its Army (bleepingcomputer.com)

• 3 Reasons Connected Devices are More Vulnerable than Ever (bleepingcomputer.com)

Data Breaches/Leaks

• GitHub Says Hackers Breached Dozens of Organisations Using Stolen OAuth Access Tokens (thehackernews.com)

Organised Crime & Criminal Actors

• New Industrial Spy Stolen Data Market Promoted Through Cracks, Adware (bleepingcomputer.com)

• Google Files Suit Against Cameroonian Cyber Criminal Who Used Puppies as Lures - CyberScoop

Cryptocurrency/Cryptomining/Cryptojacking

• 10 NFT and Cryptocurrency Security Risks That CISOs Must Navigate | CSO Online

• A Practical Reason Why Crypto Might Not Work for Large-Scale Sanctions Evasion - CyberScoop

Insider Risk and Insider Threats

• Who Is Your Biggest Insider Threat? | CSO Online

• Former DHS Acting IT Chief Convicted in Software, Database Theft Scheme (darkreading.com)

Fraud, Scams & Financial Crime

• Cyber Criminals Do Their Homework for Latest Banking Scam • The Register

Denial of Service DoS/DDoS

• New Fodcha DDoS Botnet Targets Over 100 Victims Every Day (bleepingcomputer.com)

• New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt (thehackernews.com)

Cloud

• 99% Of Cloud Identities Are Overly Permissive, Opening Door to Attackers | CSO Online

• The Perils of SaaS Misconfigurations - Help Net Security

• Top Attack Techniques for Breaching Enterprise And Cloud Environments - Help Net Security

• Finding Attack Paths in Cloud Environments (thehackernews.com)

• The Two Words You Should Never Forget When You’re Securing a Cloud - Help Net Security

Privacy

• Muting Your Mic Reportedly Doesn’t Stop Big Tech from Recording Your Audio (thenextweb.com)

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Preparing for Armageddon: How Ukraine Battles Russian hackers | Ars Technica

• Ukraine Proves Cyber War Has No Borders - MSSP Alert

• Hackers Target Ukrainian Govt with IcedID Malware, Zimbra Exploits (bleepingcomputer.com)

• Russia’s Sandworm Hackers Attempted a Third Blackout In Ukraine | Ars Technica

• The Unceasing Action of Anonymous Against Russia - Security Affairs

• European Officials Reportedly Targeted by NSO Spyware • The Register

Nation State Actors

Nation State Actors – Russia

• CISA Warns Orgs of WatchGuard Bug Exploited by Russian State Hackers (bleepingcomputer.com)

Nation State Actors – China

• China-Linked Hafnium APT Leverages Tarrask Malware to Gain Persistence - Security Affairs

• China ‘Decodes’ An Orbiting US Satellite; Claims Expertise In Automatically Detecting & Fixing Security Flaws In Outer Space (eurasiantimes.com)

Nation State Actors – North Korea

• US Gov Believes Lazarus APT is Behind Ronin Validator Cyber Heist - Security Affairs

• Feds Offer $5m Reward for Info on North Korean Cyber Crooks • The Register

• FBI Links Largest Crypto Hack Ever to North Korean Hackers (bleepingcomputer.com)

• Symantec: North Korea's Lazarus Targets Chemical Companies • The Register

Vulnerabilities

• Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities (thehackernews.com)

• Google Issues Third Emergency Fix For Chrome This Year • The Register

• Critical HP Teradici PCoIP Flaws Impact 15 Million Endpoints (bleepingcomputer.com)

• Critical Windows RPC Vulnerability Raises Alarm (techtarget.com)

• VMware Workspace One Flaw Actively Exploited in The Wild (techtarget.com)

• Adobe Patches Gaping Security Holes in Acrobat, Reader, Photoshop | SecurityWeek.Com

• Cisco Vulnerability Lets Hackers Craft Their Own Login Credentials (bleepingcomputer.com)

• Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure (thehackernews.com)

• Several Vulnerabilities Allow Disabling of Palo Alto Networks Products | SecurityWeek.Com

• Cisco Patches Critical Vulnerability in Wireless LAN Controller | SecurityWeek.Com

• Critical Flaw in Elementor WordPress Plugin May Affect 500k Sites (bleepingcomputer.com)

• Critical Apache Struts RCE Vulnerability Wasn't Fully Fixed, Patch Now (bleepingcomputer.com)

• Attackers Are Exploiting VMware RCE to Deliver Malware (CVE-2022-22954) - Help Net Security

• These D-Link Routers Are Vulnerable To Remote Hacks And Should Be Retired Immediately | HotHardware

• Upgrades for Spring Framework Have Stalled (darkreading.com)

Sector Specific

CNI, OT, ICS, IIoT and SCADA

• CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks (darkreading.com)

• Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED

• New Malware Tools Pose 'Clear and Present Threat' to ICS Environments (darkreading.com)

• US Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware (thehackernews.com)

• Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks | SecurityWeek.Com

Energy & Utilities

• US Agencies Warn of Custom-Made Hacking Tools Targeting Energy Sector Systems - The Record by Recorded Future

Reports Published in the Last Week

• The 2021 State Of Enterprise Breaches | Forrester

• First Quarter 2022 Data Breach Analysis Report | Identity Theft Resource Centre
  

Other News

• Singapore To License Infosec Service Providers • The Register

• What Is the Cyber Kill Chain? A Model for Tracing Cyber Attacks | CSO Online

• Cyber Defense: Prioritized By Real-World Threat Data - Help Net Security

• How Can You Spot Fake News? And What Should We, As A Society, Do About Mass Disinformation? - Information Security Buzz

• The Cyber Criminal Isn’t Necessarily Who You Think… | Mind Matters

• Consumer Trust Is in The Doldrums: Indifference Towards Data Exposure Is Widespread - Help Net Security

• How Cryptocurrency Gave Birth to the Ransomware Epidemic (vice.com)

• Dark Data Is a Pain Point For Many Security Leaders - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Britain Warns of Cyber Attacks as Russia-Ukraine Crisis Escalates

Britain warned of potential cyber attacks with "international consequences" this week after Russian President Vladimir Puitin ordered troops to two breakaway regions in eastern Ukraine.

Britain's National Cyber Security Centre (NCSC), a part of the GCHQ eavesdropping intelligence agency, called on British organisations to "bolster their online defences" following the developments.

"While the NCSC is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, there has been an historical pattern of cyber attacks on Ukraine with international consequences," it said in a statement.

Last week, Ukranian banking and government websites were briefly knocked offline by a spate of distributed denial of service (DDoS) attacks which the United States and Britain said were carried out by Russian military hackers.

https://www.reuters.com/technology/britain-warns-cyberattacks-russia-ukraine-crisis-escalates-2022-02-22/

Ransomware Extortion Doesn't Stop After Paying The Ransom

A global survey that looked into the experience of ransomware victims highlights the lack of trustworthiness of ransomware actors, as in most cases of paying the ransom, the extortion simply continues.

This is not a surprising or new discovery, but when seeing it reflected in actual statistics, one can appreciate the scale of the problem in full.

The survey was conducted by cyber security specialist Venafi, and the most important findings that emerge from the respondents are the following:

• 18% of victims who paid the ransom still had their data exposed on the dark web.

• 8% refused to pay the ransom, and the attackers tried to extort their customers.

• 35% of victims paid the ransom but were still unable to retrieve their data.

As for the ransomware actor extortion tactics, these are summarized as follows:

• 83% of all successful ransomware attacks featured double and triple extortion.

• 38% of ransomware attacks threatened to use stolen data to extort customers.

• 35% of ransomware attacks threatened to expose stolen data on the dark web.

• 32% of attacks threatened to directly inform the victim's customers of the data breach incident.

https://www.bleepingcomputer.com/news/security/ransomware-extortion-doesnt-stop-after-paying-the-ransom/

Ukraine Calls For Volunteer Hackers To Protect Its Critical Infrastructure And Spy On Russian Forces

The government of Ukraine is calling on the hacking community to volunteer its expertise and capabilities, following the invasion of the country by Russian forces.

Reuters reports that Yegor Aushev, the CEO of Kyiv-based Cyber Unit Technologies which has worked with Ukraine's government on the defence of critical infrastructure, claims to have been asked to post a digital call-to-arms after being asked by "a senior Defence Ministry official."

The message, which was posted on hacking forums by Aushev on Thursday, begins "Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country," and calls for cybersecurity experts and hackers to apply as a volunteer via a Google Docs link.  The page volunteers are directed to asks applicants to list their specialities, such as if they have developed malware, and professional references.

According to Aushev, volunteers will be divided into two groups - tasked with offensive and defensive cyber operations.

https://www.bitdefender.com/blog/hotforsecurity/ukraine-calls-for-volunteer-hackers-to-protect-its-critical-infrastructure-and-spy-on-russian-forces/

Study: UK Firms Most Likely To Pay Ransomware Hackers

Some 82% of British firms which have been victims of ransomware attacks paid the hackers in order to get back their data, a new report suggests.

The global average was 58%, making the UK the most likely country to pay cyber-criminals.

Security firm Proofpoint's research also found that more than three-quarters of UK businesses were affected by ransomware in 2021.

Phishing attacks remain the key way criminals access networks, it found.

Phishing happens when someone in a firm is lured into clicking on a link in an email that contains malware, which in turn can help cyber-criminals access company networks.

https://www.bbc.co.uk/news/business-60478725

Conti Ransomware Group Announces Support of Russia, Threatens Retaliatory Attacks

An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.”

The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organises a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based.

Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September.

https://www.cyberscoop.com/conti-ransomware-russia-ukraine-critical-infrastructure/

91% of UK Organisations Compromised by an Email Phishing Attack in 2021

More than nine in 10 (91%) UK organizations were successfully compromised by an email phishing attack last year, according to Proofpoint’s 2022 State of the Phish report.

The study observed a significant rise in email-based attacks globally in 2021 compared to 2020. Over three-quarters (78%) of organizations were targeted by email-based ransomware attacks last year and 77% faced business email compromise (BEC) attacks, the latter an 18% year-on-year increase from 2020.

The survey of 600 information and IT security professionals and 3500 workers in the US, Australia, France, Germany, Japan, Spain and the UK also found that attacks in 2021 were more likely to be successful than in 2020. More than four in five (83%) respondents said their organization experienced at least one successful email-based phishing attack last year, up from 57% in 2020. In addition, 68% of organizations admitted they had to deal with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery or other exploit.

Worryingly, 60% of organizations infected with ransomware admitted to paying a ransom, with around a third (32%) paying additional sums to regain access to data and systems.

https://www.infosecurity-magazine.com/news/uk-organizations-email-phishing/

Almost 100,000 New Mobile Banking Trojan Strains Detected In 2021

Researchers have found almost 100,000 new variants of mobile banking Trojans in just a year.

As our digital lives have begun to centre more on handsets rather than just desktop PCs, many malware developers have shifted part of their focus to the creation of mobile threats.

Many of the traditional infection routes are still workable -- including phishing and the download and execution of suspicious software -- but cyber attackers are also known to infiltrate official app stores, including Google Play, to lure handset owners into downloading software that appears to be trustworthy.

This technique is often associated with the distribution of Remote Access Trojans (RATs). While Google maintains security barriers to stop malicious apps from being hosted in its store, there are methods to circumvent these controls quietly.

https://www.zdnet.com/article/almost-100000-new-mobile-banking-trojans-detected-in-2021/

Anonymous Collective Has Hacked The Russian Defence Ministry And Leaked The Data Of Its Employees In Response To The Ukraine Invasion

A few hours after the Anonymous collective has called to action against Russia following the illegitimate invasion of Ukraine its members have taken down the website of the Russian propaganda station RT News and news of the day is the attack against the servers of the Russian Defense Ministry.

“Anonymous, a group of hacktivists, successfully hacked and leaked the database of the website of the Ministry of Defense of Russia.” reported the Pravda agency.

The website of the Kremlin (Kremlin.ru) is also unreachable, but it is unclear if it is the result of the Anonymous attack or if the government has taken offline it to prevent disruptive attacks.

The Russian Government’s portal, and the websites of other ministries are running very slow.

The collective is also threatening the Russian Federation and private organizations of attacks, it is a retaliation against Putin’s tyranny.

Anonymous pointed out that it is not targeting Russian citizens, but only their government.

“We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals.”

https://securityaffairs.co/wordpress/128428/hacking/anonymous-russian-defense-ministry.html

Email Remains Go-To Method for Cyber Attacks, Phishing Research Report Finds

If you don’t know what it is, if you can’t identify it and if you can’t make sure you don’t topple into its traps, then you can’t fight it, suggests a new report by security provider Proofpoint in its eighth annual State of the Phish report.

The “it” is email-based malware attacks, the kingpin of all hacking methods, that victims often fall for out of a lack of awareness, inadequate training or risky behaviours, such as using a company mobile device for home use.

Proofpoint’s report takes an in-depth look at user phishing awareness, vulnerability and resilience and comes away with some startling numbers: More than three-quarters of organizations associated with the 4,100 IT security professionals and staffers in the worldwide study were hit by email-based ransomware attacks in 2021 and an equal number were victimized by business email compromise attacks, an 18 percent spike from 2020.

What explains the year-over-year climb? Answer: Cyber criminals continue to focus on compromising people, not necessarily systems, Proofpoint said. Email remains cyber criminals’ go-to attack strategy, said Alan Lefort, Proofpoint security awareness training senior vice president and general manager. “Infosec and IT survey participants experienced an increase in targeted attacks in 2021 compared to 2020, yet our analysis showed the recognition of key security terminology such as phishing, malware, smishing (text-based ruse), and vishing (telephone trickery) dropped significantly,” said Lefort. “The awareness gaps and lax security behaviors demonstrated by workers creates substantial risk for organizations and their bottom line.”

https://www.msspalert.com/cybersecurity-news/email-remains-go-to-method-for-cyberattacks-phishing-research-report-finds/

The Future of Cyber Insurance

In 2016, just 26% of insurance clients had cyber coverage. That number rose to 47% in 2020, according to a US Government Accountability Office (GAO) report. But the demand for cyber coverage isn't the only thing soaring.

At the end of 2020, insurance prices jumped anywhere from 10% to 30%. In the third quarter of 2021, the average cost of cyber insurance premiums climbed a record 27.6%.

If the rates continue to rise, companies might decide it's not worth the cost. That is, if insurers continue to cover their industry.

https://www.darkreading.com/risk/the-future-of-cyber-insurance

Businesses Are at Significant Risk of Cyber Security Breaches Due to Immature Security Hygiene and Posture Management Practices

Enterprise Strategy Group (ESG), a leading IT analyst, research, and strategy firm, and a division of TechTarget, Inc., today announced new research into security hygiene and posture management – a foundational part of a strong security program. The study reveals that many aspects of cyber security are managed independently and with antiquated tools, leaving organisations with limited visibility and weak defenses against an ever-evolving threat landscape. Since strong cybersecurity starts with the basics, like knowing about all IT assets deployed, this situation makes organisations vulnerable to advanced threats among strategic, yet often hurried, cloud and digital transformation initiatives.

The new report, Security Hygiene and Posture Management, summarizes a survey of 398 IT and cyber security professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management, including vulnerability management, asset management, attack surface management, and security testing tools. The data reveals that organisations must aim to further assess security posture management processes, examine vendor risk management requirements, and test security tool and processes more frequently.

https://www.darkreading.com/risk/businesses-are-at-significant-risk-of-cybersecurity-breaches-due-to-immature-security-hygiene-and-posture-management-practices

Microsoft Teams Is The New Frontier For Phishing Attacks

Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.

One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.

“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said anti-fraud technology firm Outseer.

Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.

However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.

https://venturebeat.com/2022/02/23/microsoft-teams-is-the-new-frontier-for-phishing-attacks/

Threats

Ransomware

• Russia-Based Ransomware Group Conti Issues Warning To Kremlin Foes | Reuters

• Conti Ransomware 'Acquires' TrickBot as It Thrives Amid Crackdowns | SecurityWeek.Com

• Ransomware Is Top Attack Vector On Critical Infrastructure | CSO Online

• TrickBot Malware Operation Shuts Down, Devs Move To Stealthier Malware (bleepingcomputer.com)

• Microsoft Exchange Servers Hacked To Deploy Cuba Ransomware (bleepingcomputer.com)

• Attackers Used Dridex To Deliver Entropy Ransomware, Code Resemblance Uncovered - Help Net Security

• Expeditors Shuts Down Global Operations After Likely Ransomware Attack (bleepingcomputer.com)

• Chipmaker Giant Nvidia Hit By A Ransomware Attack - Security Affairs

• Backups ‘No Longer Effective’ For Stopping Ransomware Attacks (computerweekly.com)

BEC – Business Email Compromise

• BEC-as-a-Service Campaigns Drive Surge in Email Fraud - Infosecurity Magazine

Phishing & Email

• Cyber Attackers Leverage DocuSign to Steal Microsoft Outlook Logins | Threatpost

• New Phishing Campaign Targets Monzo Online-Banking Customers (bleepingcomputer.com)

• Devious Phishing Method Bypasses MFA Using Remote Access Software (bleepingcomputer.com)

Other Social Engineering

• Social Media Attacks Surged In 2021, Financial Institutions Targeted The Most - Help Net Security

Malware

• Over 2.7 Million Cases Of Emotet Malware Detected Globally - Japan Today

• Jester Stealer Malware Adds More Capabilities To Entice Hackers (bleepingcomputer.com)

• Beware: New Kraken Botnet Easily Fools Windows Defender And Steals Crypto Wallet Data - Neowin

• Threat Actors Target Poorly Protected Microsoft SQL Servers - Security Affairs

• New Golang Botnet Empties Windows Users’ Cryptocurrency Wallets (bleepingcomputer.com)

• Revamped CryptBot Malware Spread By Pirated Software Sites (bleepingcomputer.com)

• Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store (thehackernews.com)

Mobile

• New Xenomorph Android Malware Targets Customers Of 56 Banks (bleepingcomputer.com)

• Gaming, Banking Trojans Dominate Mobile Malware Scene | Threatpost

• Beware of ‘Zero-Click’ Hacks That Exploit Security Flaws in Phones’ Operating Systems (insurancejournal.com)

• Samsung Shipped '100m' Android Phones With Flawed Encryption • The Register

Data Breaches/Leaks

• Revealed: Credit Suisse Leak Unmasks Criminals, Fraudsters And Corrupt Politicians | Credit Suisse | The Guardian

Organised Crime & Criminal Actors

• Police Dismantled Gang That Used Phishing Sites To Steal Credit Cards - Security Affairs

• Nigerian Hacker Pleads Guilty To Stealing Payroll Deposits (bleepingcomputer.com)

Cryptocurrency/Cryptomining/Cryptojacking

• North Korean Hackers Launder Crypto Using Sophisticated Techniques: Report (cryptopotato.com)

Insider Risk and Insider Threats

• Employees Are Often Using Devices In Seriously Risky Ways - Help Net Security

• Insider Threats Are More Than Just Malicious Employees (darkreading.com)

• 83% Of Employees Continue Accessing Old Employer's Accounts - Help Net Security

• Motorola Case Shows Importance Of Detecting Insider IP Theft Quickly | CSO Online

Fraud, Scams & Financial Crime

• Think You Couldn't Be Duped By a Con Artist? Think Again | Psychology Today

• Sextortion Rears Its Ugly Head Again | Threatpost

• French Speakers Blasted By Sextortion Scams With No Text Or Links – Naked Security (sophos.com)

• Digital Ad Fraud Set to Hit $68bn in 2022 - Infosecurity Magazine

Supply Chain

• Hackers Tried To Shatter The Spine Of Global Supply Chains In 2021 | ZDNet

Nation State Actors

• NCSC Advises Organisations to Act Following Russia’s Further Violation of Ukraine’s Territorial Integrity - NCSC.GOV.UK

• Russia-Backed Hackers Behind Powerful New Malware, UK and US Say | Russia | The Guardian

• Ransomware Used as Decoy in Destructive Cyber Attacks on Ukraine | SecurityWeek.Com

• Data Wiper Attacks On Ukraine Were Planned At Least In November - Security Affairs

• Russia’s Sandworm Hackers Have Built a Botnet of Firewalls | WIRED

• China-linked APT10 Target Taiwan's Financial Trading Industry - Security Affairs

• Iran's Hackers Are Using These Tools To Steal Passwords And Deliver Ransomware, say FBI and CISA | ZDNet

• US and UK Details a New Python Backdoor Used by MuddyWater APT - Security Affairs

Privacy

• What Is Browser Fingerprinting and How Does It Track You? | WIRED

Spyware, Espionage & Cyber Warfare

• CISOs, Beware Of Spyware Tools For Illicit Competitive Intelligence | CSO Online

Vulnerabilities

• Cisco Firewall Customers Warned Of Need For Rapid Updates • The Register

• New Flaws Discovered in Cisco's Network Operating System for Switches (thehackernews.com)

• CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform (thehackernews.com)

Sector Specific

Financial Services Sector

• CrowdStrike CEO: Bank Execs ‘Very Concerned’ About Russia Cyber Attacks (cnbc.com)

Defence

• New "SockDetour" Fileless, Socketless Backdoor Targets US Defense Contractors (thehackernews.com)

Health/Medical/Pharma Sector

• Massive Ransomware Attack Could Cost Irish Health Exec €100m - Infosecurity Magazine

Construction

• Construction Companies Receive Cyber Security Guidance - IT Security Guru

Reports Published in the Last Week

• 2022 State of the Phish Report - Stats, Trends & More | Proofpoint

Other News

• The Threat of Cyber War Has Finally Arrived - The Atlantic

• War in Ukraine Risks Scrambling the Logic of Cyber Security | Financial Times (ft.com)

• Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides (thehackernews.com)

• 22 Very Bad Stats On The Growth Of Phishing, Ransomware | VentureBeat

• Data Leaks And Shadow Assets Greatly Exposing Organisations To Cyber Attacks - Help Net Security

• 50% of Websites Vulnerable to Hacking All Year in 2021, New Report Says - MSSP Alert

• ‘Betamax’ Police Forces Failing To Recognise The Digital ‘Crime Challenges Of Today’ (telegraph.co.uk)

• How Much Can You Trust Your Printer? - Help Net Security

• Is Multifactor Authentication Less Effective Than It Used To Be? (slate.com)

• How To Keep Pace With Rising Data Protection Demands - Help Net Security

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.