Threat Intelligence Blog

Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.

Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 05 April 2024

Black Arrow Cyber Threat Intelligence Briefing 05 April 2024:

-Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

-Ransomware Incidents Reported to UK Financial Regulator Doubled

-Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

-Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

-AI Abuse and Misinformation Campaigns Threaten Financial Institutions

-Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

-AI Makes Phishing Attacks Accessible to Basic Users

-Cyber Attacks Wreaking Physical Disruption on the Rise

-73% Brace for Cyber Security Impact on Business in Next Two Years

-To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

-Cyber Security Imperative for Protecting Executives

-The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Corporations with Effective Cyber Governance Create 4 Times More Value, Boosting Shareholder Returns

According to a recent report, companies who demonstrated an advanced level of cyber security performance generated a shareholder return 372% higher than their peers over a 5 year period. The report highlighted that having board committees focused on specialised risk and audit compliance produced the best outcomes; however, it was found that only a small number of those surveyed had done this. Financial institutions and healthcare had the highest cyber security ratings, highlighting the correlation between regulatory environments and cyber security performance.

Sources: [Help Net Security ] [Dark Reading]

Ransomware Incidents Reported to UK Financial Regulator Doubled

The number of security and ransomware incidents reported to the UK Financial Conduct Authority (FCA) surged in 2023, according to a freedom of information request. 31% of these incidents were categorised as ransomware, which had double the number of reports as the previous year. To note, these statistics address the number of ransomware incidents involving financial services that were disclosed: the number of actual incidents could be far higher.

Sources: [Digital Journal] [Digital Journal]

Half of British SMEs Have Lost Data in Past Five Years: Threat Indicators Show 2024 Already Promising to be Worse Than 2023

According to a new report, since 2019 nearly half (48%) of the UK’s small and medium-sized enterprises (SMEs) have lost access to data, potentially costing billions. The report found that nationwide, the number of businesses that lost data temporarily or permanently could amount to more than 800,000. Unfortunately, the report found that half of respondents assessed were relying on flawed backup processes, with a quarter not backing up data at all.

A number of organisations assume that they are backing data up automatically and that these backups are safe, but it is an assumption that can have cost. Added to this, some organisations are not aware that their backups can be changed, or deleted, by a malicious actor; a situation better mitigated by implementing immutable backups.

To better their situation, organisations need to understand the cause of a breach, map their data and understand where it is stored, follow the 3,2,1 rule (three copies of data, two separate locations, one in the cloud), consider immutable backups and monitor their backups. An effective backup policy will help.

Sources: [Infosecurity Magazine] [Security Week] [IT Security Guru]

Researchers Report Sevenfold Increase in Data Theft Cases, as 17 billion Personal Records Exposed in Breaches in 2023

According to a global threat intelligence report, data breach incidents rose by 34.5% in 2023, with 17 billion personal records compromised throughout the year. The research also observed a 429% spike in stolen or leaked personal data in the first two months of 2024. In a separate report, Kaspersky found that roughly 10 million devices encountered data-stealing malware in 2023, a sevenfold increase since 2020.

The reports highlight the importance of ensuring that precautions and mitigations are undertaken to thwart attackers. This should include enabling multi-factor authentication, strong and unique passwords, and using a password manager.

Sources: [Infosecurity Magazine] [Infosecurity Magazine]

AI Abuse and Misinformation Campaigns Threaten Financial Institutions

According to the Financial Services Information Sharing Analysis Center (FS-ISAC), cyber threats relating to generative AI in financial services are a consistent concern, with threat actors using generative AI to write malware and other types of attacks. In some cases, attackers are injecting contaminated data into the large language models used by AI, in order to supply it with misinformation which will in turn feed back to financial institutions.

Not all risks are malicious, however. In some cases where generative AI uses enormous datasets, this can contain privileged information or biased data, which can in turn cost financial firms the trust of regulators, consumers and investors. The FS-ISAC stated “As we look ahead to a critical year marked by emerging technology and heightened geopolitical tensions, the best way to maintain the integrity, security, and trust of the sector is through global information sharing.”

Source: [Help Net Security]

Security Teams are ‘Overconfident’ About Handling Next-Gen Threats

In a new study of more than 8,000 cyber security decision makers, Cisco found that nearly three-quarters of organisations anticipated a cyber incident to disrupt their business in the next two years and 80% said they felt at least “moderately confident” in their ability to defend against emerging threats. In contrast, Cisco’s own analysis rated the maturity of these organisations, finding 71% were deemed to be rated as ‘formative’ or ‘beginner’, the two lowest categories.

Source: [CSO Online]

AI Makes Phishing Attacks Accessible to Basic Users

One of the big selling points of AI is its ability to allow even an unsophisticated user to advance their capability and operate at a far more damaging level. Crucially AI can enable a completely non-technical user to understand and produce technical output. Unfortunately, many cyber criminals have realised this and are using AI to sharpen the efficacy of their phishing emails. With AI, phishing emails can now be created without telltale grammatical errors, and can be convincingly formatted to use a certain style to resonate with given target audience, such as a board level executive. AI is also enabling these phishing campaigns to be replicated across languages and geographies, giving malicious actors wider nets than ever before. Whilst low sophistication ‘Nigerian Prince’ type phishing emails are still doing the rounds they are largely being replaced by much more convincing and devious legitimate looking emails.

Source: [The Economic Times]

Cyber Attacks Wreaking Physical Disruption on the Rise

According to a report, more than 500 industrial operational technology (OT) sites worldwide suffered physical consequences as the result of a cyber attack last year, a near 20% rise from the previous year. The report found that some of the attacks cost the organisation up to $100 million in damages.

Attacks on utilities, water, energy, and other critical national infrastructure (CNI) have seen a sharp rise over the last year, against a backdrop of geopolitical tensions and actions by nation state aggressors such as Russia, China, North Korea and Iran, as well as hacktivist groups and other malicious actors.

Threats to IT may be better known than threats to OT, but the latter can result in very serious real world consequences, ultimately leading to potential mass loss of life events.

Source: [Dark Reading]

73% Brace for Cyber Security Impact on Business in Next Two Years

A survey has found that 73% of organisations are expecting a business disruption relating to a cyber incident in the next 12 to 24 months. Part of this was based on previous experiences, with 54% experiencing a cyber incident in the last 12 months, and 52% of those impacted reporting costs of at least $300,000. 87% reported issues with talent, and 46% reported having more than 10 unfilled roles related to cyber security.

Source: [Help Net Security]

To Stay Ahead of Ransomware Businesses Need to Adopt An Offensive Security Mindset

2023 was the most lucrative year yet for ransomware attacks and it was also the year that saw the biggest shift in ransomware tactics, with the majority of ransomware actors now implementing data exfiltration and extortion, in addition to encryption. As it is getting harder for organisations to defend against these attacks and to stay ahead of ransomware, organisations need to develop an offensive security mindset, working out how an attacker might gain access to their systems. This includes keeping up with the latest tactics, communicating this throughout the organisation and running threat-led attack simulations.

Source: [IBTimes]

Cyber Security Imperative for Protecting Executives

The stakes are high in cyber security, and particularly for executives whose positions amplify the potential fall out and damage from cyber incidents. The variety of sensitive information that they have access to, and their authority in the organisation, makes them a desirable target for business email compromise.

Organisations need to implement a robust security culture, led by executives, to foster an environment where cyber threats are understood and mitigated. As part of this, training needs to be given to the whole organisation, including executives.

Executives may have historically excluded themselves from security controls, yet ironically it is this exclusion and their position in the organisation that makes them such a lucrative target.

Source: [Forbes]

The Increasing Role of Cyber Security Experts in Complex Legal Disputes

Expert witnesses have been known to play significant roles in matters where their valuable insight is required. In today’s world, with the number of high-stake crimes now involving technology, cyber security professionals have become some of the most sought-after experts.

Disputes involving highly complex cyber crimes typically require more technical experience than is on hand, and the contributions of a cyber expert are significant in uncovering critical evidence and shaping the legal strategy, as well as explaining cyber security in the courtroom.

Source: [JDSupra]

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Artificial Intelligence

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Models, Frameworks and Standards

Backup and Recovery

Data Protection

Careers, Working in Cyber and Information Security

Misinformation, Disinformation and Propaganda

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

Nation State Actors

China

Russia

Iran

North Korea

Tools and Controls

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 4th August 2023

Black Arrow Cyber Threat Intelligence Briefing 04 August 2023:

-Top 12 Exploited Vulnerabilities List Highlights Troubling Reality: Many Organisations Still Are Not Patching

-67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

-Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

-The Generative AI War Between Companies and Hackers is Starting

-Spend to Save: The CFO’s Guide to Cyber Security Investment

-Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

-How the Talent Shortage Impacts Cyber Security Leadership

-Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

-Cyber Insurance and the Ransomware Challenge

-Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

-66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

-Startups Should Move Fast and Remember Cyber Security

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Top 12 Exploited Vulnerabilities List Highlights Troubling Reality That Many Organisations Are Still Not Patching

A joint advisory from US and allied cyber security agencies highlights the top routinely exploited vulnerabilities. This is a list that includes old and well-known bugs that many organisations still have not patched, including some vulnerabilities that have been known for more than five years. The list underscores how exploiting years-old vulnerabilities in unpatched systems continues to dominate the threat landscape. Organisations are more likely to be compromised by a bug found in 2021 or 2020 than they are by ones discovered over the past year.

This report emphasises that a vulnerability management strategy relying solely on CVSS for vulnerability prioritisation is proving to be insufficient at best; CVSS is an established method for assigning criticality scores to known vulnerabilities based on different scoring criteria. Additional context is required to allow for a more scalable and effective prioritisation strategy. This context should stem from internal sources, for example, the target environment (asset criticality, mitigating controls, reachability), as well as from external sources, which will permit a better assessment of the likelihood and feasibility of exploitation. Most organisations have a limited patching capacity, affected by the tooling, processes, and skills at their disposal. The challenge is to direct that limited patching capacity towards vulnerabilities that matter most in terms of risk reduction. Therefore, the task of sifting the signal through the noise is becoming increasingly more important.

Sources: [HelpNetSecurity] [NSA.gov] [SCMagazine]

67% of Data Breaches Start with a Single Click, with 1 in 100 Emails Being Malicious

In a report that leveraged data from 23.5 billion cyber security attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities it was found that approximately 67% of all breaches start with someone clicking on a seemingly safe link, which explains why adversaries begin 80-95% of all attacks with a phishing email.

A separate report found that there was a 36% rise in cyber attacks in the first half of 2023. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious. In addition, malware accounted for 20% of attacks, and business email compromise (BEC) constituted 8%.

The findings reinforce the need for organisations to employ effective and regular security awareness training for users to better help them to not only identify, but also report such attacks to help strengthen the cyber resilience of the organisation. Black Arrow offers bespoke training to all roles within the organisation as well as upskilling tailored to those at the board level.

Source: [Security Intelligence]

Ransomware Attacks Hit All Time High. Attackers’ Motives Change, So Should Your Defence

Cases of straight-up data theft and extortion now appear to be more widespread a threat than ransomware, becoming the single most observed threat in the second calendar quarter of 2023, according to new data released by researchers. 1,378 organisations have been named as victims on ransomware data-leak websites in Q2 2023. This was a 64.4% increase from the record-breaking number of victims named in Q1 2023.

Despite both the rise in threats and the high percentage of respondents whose organisations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience. In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Sources: [Forbes] [HelpNetSecurity] [ComputerWeekly] [SecurityBrief.co.nz] [Malwarebytes]

The Generative AI War Between Companies and Hackers is Starting

To no one’s surprise, criminals are tapping open-source generative AI programs for all kinds of heinous acts, including developing malware and phishing attacks, according to the FBI. This comes as the UK National Risk Register officially classes AI as a long-term security threat. It’s safe to say AI is certainly a controversial field right now, with the battle between companies and hackers really starting to take place; only recently had technology giants such as Amazon, Google, Meta and Microsoft met with the US President Joe Biden to pledge to follow safeguards.

A recent report from security firm Barracuda has found that between August 2022 and July 2023, ransomware attacks had doubled and this surge has largely been driven by the breaching of networks via AI-crafted phishing campaigns, as well as automating attacks to increase reach, again using AI.

Despite the controversy, AI can be of tremendous value to organisations, helping to streamline and automate tasks. Organisations employing or looking to employ AI in the workplace should also have effective governance and identification procedures over the usage of said AI. Equally, when it comes to defending against AI attacks, organisations need to have a clear picture of their attack landscape, with layers of defence.

Sources: [CSO Online] [PC MAG] [CNBC] [Tech Radar]

Spend to Save: The CFO’s Guide to Cyber Security Investment

As a CFO, you need to make smart choices about cyber security investments. The increasing impact of data breaches creates a paradox: While more spending is necessary to combat these challenges, this spending isn’t directly tied to profit. Instead, cyber security spending should be seen an investment in the future of your business.

The impact of a cyber event extends beyond quantifiable currency loss. Further impacts include those of reputation and customer retention. CFOs should look to identify weak spots, understand the effect these can have, pick the right solution that mitigates these and finally, advocate cyber security and robust governance at the board level.

It is important to remember, cyber security is not just a technical issue, but also a business one, and you have a key role in ensuring the security and resilience of your organisation.

Source: [Security Intelligence]

Corporate Boards Take Heed: Give CISOs the Cold Shoulder at your Peril

The debate over whether the CISO should, by the very nature of the position, be considered a member of the C-suite has been raging for some time and seems likely to continue for a good while to come. CISOs should not only have a seat among the uppermost echelon at the big table but also be recognised as a foundational element in the success of any business.

There is a danger that, without an effective CISO, organisations can end up in a perilous situation in which there's no one driving the cyber security bus at a time when vulnerabilities and incidents are ever on the rise. When the CISO has a seat at the big table, everybody wins.

Source [CSO Online]

How the Talent Shortage Impacts Cyber Security Leadership

The lack of a skilled cyber security workforce hampers the effectiveness of an organisation’s security program. While technologies like AI and machine learning can provide some support, they are not sufficient, especially for small and medium sized businesses (SMBs). The cyber security workforce shortage affects not just current security but the future of leadership roles, including CISOs and CSOs.

Today’s CISOs require a blend of technology and business understanding. According to the (ISC)2 2022 Workforce Study, the global cyber security workforce is nearly 5 million and growing at 26% yearly. However, more than 3 million jobs still need to be filled, including specialised roles in cloud security, data protection, and incident response. This gap jeopardises functions like risk assessment, oversight, and systems patching.

The greatest talent shortage is found in soft skills, leading to a trend of looking outside the traditional security talent pool. The future of CISOs will likely require a solid security background, but as the talent gap widens, finding leadership candidates from the existing pool may remain challenging.

Source: [Security Intelligence]

Salesforce, Meta Suffer Phishing Campaign that Evades Typical Detection Methods

A recent report by cyber security company identified a sophisticated email phishing campaign exploiting a zero-day vulnerability in Salesforce's legitimate email services. The vulnerability allowed threat actors to craft targeted phishing emails, cleverly evading conventional detection methods by leveraging Salesforce's domain and reputation and exploiting legacy quirks in Facebook's web games platform.

Whilst Facebook and Salesforce have now addressed the issue, it goes to show that technology alone is not enough to stop phishing; operational and people controls are still necessary and should form part of an effective organisational response.

Source: [Security Brief]

Cyber Insurance and the Ransomware Challenge

The cyber insurance industry has been heavily criticised for providing coverage for ransom payments. A frequent accusation, which has become close to perceived wisdom in policymaking and cyber security discussions on ransomware, is that cyber insurance has incentivised victims to pay a ransom following a cyber incident, rather than seek alternative remediation options. However, the insurance industry could do much more to instil discipline in both insureds and the ransomware response ecosystem in relation to ransom payments to reduce cyber criminals’ profits. Insurers’ role as convenors of incident response services gives them considerable power to reward firms that drive best practices and only guide victims towards payment as a last resort.

While the insurance industry has the power to do this, there are still challenges that need to be addressed in the underwriting process. Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach. This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand. Namely, that the underwriting process for cyber insurance policies is still not that sophisticated. Most underwriters are poorly equipped to effectively measure the cyber risk exposure of new or renewing customers.

Sources: [RUSI] [Dark Reading]

Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats

Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard.

"In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities" Microsoft said. "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organisation by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts."

Source: [TheHackerNews]

66% of Cyber security Leaders Don’t Trust Their Current Cyber Risk Mitigation Strategies

A recent report found that 66% of cyber security leaders don’t trust their current cyber risk mitigation strategies. It was also found that while 90% of respondents say their organisation has dedicated resources responsible for managing and reducing cyber risk, in almost half of situations (46%) this consists of just one person.

In some cases, it can be hard to get the necessary talent to build out the cyber security arm of an organisation; this is where organisations can look towards outsourcing to fulfil positions with expertise. At Black Arrow we offer many services to help you to govern your cyber security, including as virtual CISO that leverages our diverse team with backgrounds from British intelligence, board governance, IT and finance.

Source: [ITSecurityWire]

UK legal Sector at Risk, National Cyber Security Centre Warns

Over the past three years more than 200 ransomware attacks worldwide have been inflicted on companies in the legal industry. The UK was the second most-attacked country constituting 2.3% of all ransomware attacks across various sectors. The legal sector was the fourth most-attacked industry in the UK in 2022. Ransomware groups are indiscriminate in their targeting, attacking companies of all sizes, from small law firms with only ten employees to large firms with 1,000+ employees, and ranging in revenue from companies generating £100 million to those with under £3 million. No single kind of company is immune to these attacks.

The International Bar Association (IBA) has released a report to guide senior executives and boards in protecting their organisations from cyber risk. Entitled "Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors," the report aims to provide leaders with insight into the primary elements of a robust cyber risk management programme. Its recommendations for senior executives and boards encompass understanding the organisation's cyber risk profile, knowing what information assets to safeguard, being aware of significant regulatory requirements, and recognising the security standards utilised by the organisation.

Sources: [Todays Conveyancer] [Infosecurity Magazine]

Startups Should Move Fast and Remember Cyber Security

The importance of cyber security for startups, which can often be overlooked in the pursuit of fast-paced growth, cannot be overstated. However, cyber attacks can have devastating consequences for businesses of all sizes. The percentage of micro-businesses in the UK that consider cyber security a high priority has dropped from 80% to 68% in the past year, possibly due to wider economic pressures. Cyber criminals target businesses of all sizes, often initially using automated software to find weak spots. Startups can be particularly vulnerable due to their fast-paced environments and new or less familiar supply chains. The use of shared office spaces can also increase risk.

The UK DCMS/DSIT 2023 Cyber Security Breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone, with the average victim losing £15,300. Startups have the unique advantage of being able to implement cyber security best practices from the outset and embed them into company culture. It is recommended that startups prioritise cyber security from the get-go to protect their business and ensure long-term growth.

Source: [UKTech] [Cyber security breaches survey 2023 - GOV.UK (www.gov.uk)]

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Travel

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 30 June 2023

Black Arrow Cyber Threat Briefing 30 June 2023:

-Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

-Employees Worry Less About Cyber Security Best Practices in the Summer

-Businesses are Ignoring Third-Party Security Risks

-Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

-Over 130 Organisations and Millions of Individuals Believed to Be Impacted by MOVEit Hack, it Keeps Growing

-Widespread BEC Attacks Threaten European Organisations

-Lloyd’s Syndicates Sued Over Cyber Insurance

-95% Fear Inadequate Cloud Security Detection and Response

-The Growing Use of Generative AI and the Security Risks They Pose

-The CISO’s Toolkit Must Include Political Capital Within The C-Suite

-Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

-SMBs Plagued by Exploits, Trojans and Backdoors

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Zurich Insurance Group Secures Data Leak After Leaving Sensitive Data Publicly Accessible

Zurich Insurance Group is a major player in the insurance game, with over 55 million clients. They have recently just fixed a sensitive file that they had left publicly accessible. The file in question contained a range of credentials including database credentials, admin credentials, credentials for the actively exploited MOVEit software, credentials for their HR system and more. All of which could be utilised by threat actors to inflict serious damage. This was not the only vulnerability stemming from the insurance group; researchers found that Zurich were also running an outdated website, which contained a large number of vulnerabilities.

The case is alarming as Zurich Insurance Group provides cyber insurance and the instance above reinforces the need for organisations to be proactive in identifying cyber risks in their environment; it is simply not enough to rely on having insurance or meeting insurance requirements.

https://cybernews.com/zurich-insurance-data-leak/

  • Employees Worry Less About Cyber Security Best Practices in the Summer

IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months according to a new report. The report found that 55% of employees admitted to relying solely on their mobile devices while working remotely in the summer. 25% of all respondents claim that they aren’t concerned about ensuring network connections are secure when accessing their company’s data.

In the same report, 45% of employees in the US and UK said no specific measures to educate and remind employees on security best practices are taken during the summer, with only 24% of UK respondents receiving access to online cyber security training and guides and even less (17%) in the US. This comes as a separate report found that the number of phishing sites targeting mobile devices increased from 75% to 80% year-on-year in 2022, and this is likely to continue rising. Worryingly, it was also found that the average user is between six and ten times more likely to fall for an SMS phishing attack than email.

https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

https://www.infosecurity-magazine.com/news/mobile-malware-and-phishing-surge/

  • Businesses are Ignoring Third-Party Security Risks

With 58% of companies managing over 100 vendors, 8% of which manage over 1,000, the need for a robust Third-Party Security Risk Management process becomes abundantly clear. Despite this, only 13% of organisations continuously monitor the security risks of their third parties. This is worrying, when considering the knock-on effects of third party breaches from the likes of Capita, SolarWinds and 3CX, and the recent MOVEit attack, impacting organisations whose only relationship with MOVEit was that their supplier used it.

https://www.helpnetsecurity.com/2023/06/30/third-party-relationships-risks/

  • Fear Trumps Anger When It Comes to Data Breaches – Angry Customers Vent, But Fearful Customers Don’t Come Back

When a person is notified of a data breach involving their personal information, if they react with a feeling of fear, as opposed to anger, they’re more likely to stop using the site. A report found that positive attitudes toward the website before the breach did not meaningfully affect whether consumers reengaged with the website after the breach, as some prior research has indicated. Instead, the emotional response of fear weighed heavily on customers and outweighed any earlier positive sentiment towards the organisation.

When a company has been breached in the past they have dealt with angry customers and negative press. To do so, companies may engage crisis managers to contain the damage, partner with identity protection services, pay fines or settlements, or try to lure back customers with free services. However, the study shows that companies need to address fearful customers differently after a data breach has occurred if they want to avoid customer loss. To do this, companies can work with their IT departments to identify customers who are no longer active after a breach and then reach out to them directly to assuage their fears.

https://theconversation.com/fear-trumps-anger-when-it-comes-to-data-breaches-angry-customers-vent-but-fearful-customers-dont-come-back-203109

  • Over 130 Organisations and Millions of Individuals Believed to be Impacted by MOVEit Hack, it Keeps Growing

The dramatic fallout continues in the mass exploitation of a critical vulnerability in a widely used file-transfer program, with at least three new victims coming to light in the past few days. They include the New York City Department of Education and energy companies Schneider Electric and Siemens Electric. These join others, including PwC, Sony and EY. If the attack has shown us one thing, it’s that any organisation can be a victim.

https://www.securityweek.com/over-130-organizations-millions-of-individuals-believed-to-be-impacted-by-moveit-hack/

https://arstechnica.com/security/2023/06/casualties-keep-growing-in-this-months-mass-exploitation-of-moveit-0-day/

  • Widespread BEC Attacks Threaten European Organisations

Based on an analysis of email attack trends between June 2022 and May 2023, total email attacks in Europe increased by 7 times and the US 5 times. For business email compromise (BEC) specifically, Europe saw an alarming 10 times the amount it had previously and the US saw a 2 times increase.

BEC continues to remain a high priority threat for many organisations and if someone already has a legitimate business email which they have compromised to use for BEC attacks on your organisation, it is very likely that your technical processes will be ineffective, leaving your people and operational processes to stop an attack. Is your organisation cyber aware? Are they undergoing regular awareness training?

This is one of many areas that Black Arrow can help improve your organisation’s security through robust employee cyber security Awareness Behaviour and Culture training.

https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency/

  • Lloyd’s Syndicates Sued Over Cyber Insurance

The University of California (UCLA) is suing a number of insurance firms for refusing to pay out on cyber policies nearly 10 years after hackers breached data on millions of patients at its health system. The dispute is over a cyber attack from 2014 through 2015 that exposed personal information of patients at UCLA Health.

UCLA Health allege that the syndicates refused to engage in dispute resolution by asserting that the statue of limitations applying to the claims had expired. The insurers, who could not be named, are said to have refused every claim saying that UCLA Health failed to satisfy cyber security requirements under the contract terms. It’s important for organisations with cyber insurance to understand their insurance in detail and to know where they stand in the event of a cyber incident.

https://www.wsj.com/articles/university-of-california-sues-lloyds-syndicates-over-cyber-insurance-da4675f5

  • 95% Fear Inadequate Cloud Security Detection and Response

A recent report found 95% of respondents expressed concern in their organisation’s ability to detect and respond to a security event in their cloud environment. The same study also found that 50% of total respondents had reported a data breach due to unauthorised access to their cloud environment.

It is often the case that issues in the cloud come from the perception of the responsibility of the cloud environment. Organisations must realise that they share responsibility for securing their cloud environment, including its configuration. The report found that, despite the number of breaches and concerns in their organisation’s ability, more than 80% of respondents still felt their existing tooling and configuration would sufficiently cover their organisation from an attack. Organisations must ask themselves what they are doing to protect their cloud environment.

https://www.helpnetsecurity.com/2023/06/27/cloud-environment-security/

  • The Growing Use of Generative AI and the Security Risks They Pose

A recent survey by Malwarebytes revealed 81% of people are concerned about the security risks posed by ChatGPT and generative AI, and 52% of respondents are calling for a pause on ChatGPT for regulations to catch up, while 7% think it will improve internet security. A key concern about the data produced by generative AI platforms is the risk of "hallucinations" whereby machine learning models produce untruths. This becomes a serious issue for organisations if its content is heavily relied upon to make decisions, particularly those relating to threat detection and response.

Another recent report on the risks brought by Large Language Model AIs showed that the rise in opensource AI adoption is developed insecurely; this results in an increased threat with substantial security risks to organisation.

https://www.csoonline.com/article/643516/survey-reveals-mass-concern-over-generative-ai-security-risks.html

https://www.darkreading.com/operations/malwarebytes-chatgpt-survey-reveals-81-are-concerned-by-generative-ai-security-risks

https://www.darkreading.com/vulnerabilities-threats/generative-ai-projects-cybersecurity-risks-enterprises

  • The CISO’s Toolkit Must Include Political Capital Within The C-Suite

Over the past 18 months, there has been a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is responsible for the protection of an entity's information. The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cyber security risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board's oversight of cyber security risk. Couple this with the former CISO of Uber being found guilty on charges of "obstruction of the proceedings of the Federal Trade Commission" and it is clear that the hand at the helm must be able to navigate all types of seas in their entity's political milieu. In this regard, the CISO needs to acquire political capital. CISO’s should have the capability to talk in understandable terms and clearly demonstrate value to the other board members.

https://www.csoonline.com/article/643199/the-cisos-toolkit-must-include-political-capital-within-the-c-suite.html

  • Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers as War Ministers Reliant on Cyber Crime

Russia's diminishing position on the world stage has limited its physical options on the ground, leaving Putin's regime increasingly reliant on cyber crime to carry out its oppositional activities against Ukraine and Europe. Microsoft has disclosed that it has detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard.

This comes as Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment, predicting that Russia will increasingly launch cyber attacks as part of its war strategy not just in Ukraine, but against NATO member states as well.

https://www.darkreading.com/threat-intelligence/russia-reliant-on-cybercrime-as-international-pariah

https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html

  • SMB’s Plagued as Cyber Attackers Still Rely on Decades Old Security Weaknesses and Tactics

Despite best cyber security efforts, small and mid-sized businesses (SMBs) continue to struggle to thwart attacks and harden defences in response to remote working and other newer challenges.

This future focus can lead to a neglection of older weaknesses. Cyber attackers are typically relying on tried-and-tested tactics and old security weaknesses to target organisations, a recent Barracuda threat spotlight found. Hackers are returning to proven methods to gain remote control of systems, install malware, steal information and disrupt or disable business operations through denial-of-service attacks, Barracuda reports. The report found that between February to April 2023, the top malicious tactics found to be used were vulnerabilities from 2008.

The report highlights the fact that there are no cutoff dates for vulnerabilities and attackers will use whatever is at their disposal to try and infiltrate your organisation. This can be protected by having strong policies and controls in place alongside frequent penetration testing to ensure these vulnerabilities are being patched.

https://www.msspalert.com/cybersecurity-research/cyberattackers-still-rely-on-decades-old-security-weaknesses-tactics-barracuda-reports/

https://www.scmagazine.com/news/malware/smbs-plagued-by-exploits-trojans-and-backdoors

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Travel

Cyber Bullying, Cyber Stalking and Sextortion

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare and Cyber Espionage

Russia

China

Iran

North Korea

Misc/Other/Unknown

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 16 June 2023

Black Arrow Cyber Threat Briefing 16 June 2023:

-Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

-Social Engineering Drives BEC Losses to $50B Globally

-Creating A Cyber-Conscious Culture—It Must Be Driven from the Top

-Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

-Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

-Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

-A Recent Study Shows Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour as the Cost of Living Crisis Worsens, Driving Insider Threat Concerns

-Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

-Europol Warns of Metaverse and AI Terror Threat

-What is AI, and is it Dangerous?

-Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

-Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Hacker Gang Clop Deploys Extortion Tactics Against Global Companies

The Russian-speaking gang of hackers that compromised UK groups such as British Airways and the BBC has claimed it has siphoned off sensitive data from more institutions including US-based investment firms, European manufacturers and US universities. Eight other companies this week made it onto Clop’s list on the dark web. That adds to the news last week that UK groups, including Walgreens-owned Boots, informed employees that their data had been compromised. The issue also targeted customers of Zellis, a UK-based payroll provider that about half of the companies on the FTSE 100 use.

The hacking group is pushing for contact with the companies on the list, according to a post on Clop’s dark web site, as the gang demands a ransom that cyber security experts and negotiators said could be as much as several million dollars.

https://www.ft.com/content/c1db9c5c-cdf1-48bc-8e6b-2c2444b66dc9

  • Social Engineering Drives BEC Losses to $50B Globally

Business email compromise (BEC) continues to evolve on the back of sophisticated targeting and social engineering, costing businesses worldwide more than $50 billion in the last 10 years - a figure that reflected a growth in business losses to BEC of 17% year-over-year in 2022, according to the FBI.

Security professionals attribute BEC's continued dominance in the cyber threat landscape to several reasons. A key one is that attackers have become increasingly savvy in how to socially-engineer messages so that they appear authentic to users, which is the key to being successful at this scam. And with the increase in availability of artificial intelligence, the continued success of BEC means these attacks are here to stay. Organisations will be forced to respond with even stronger security measures, security experts say.

https://www.darkreading.com/threat-intelligence/social-engineering-drives-bec-losses-to-50b-globally

  • Creating A Cyber Conscious Culture—It Must Be Driven from the Top

Businesses are facing more frequent and sophisticated cyber threats and they must continuously learn new ways to protect their revenues, reputation and maintain regulatory compliance. With hybrid and remote working blurring traditional security perimeters and expanding the attack surface, the high volumes of sensitive information held by organisations are at increased risk of cyber attacks.

The increase had led to cyber elevating to the board level; after all the board is responsible for cyber security. It doesn’t stop there however, as everyone in an organisation has responsibility for upholding cyber security. The board must aim to create a cyber-conscious culture, where users are aware of their role in cyber security. One important way such a culture can be achieved is through providing regular education and training to all users.

https://www.forbes.com/sites/forbestechcouncil/2023/06/12/creating-a-cyber-conscious-culture-it-must-be-driven-from-the-top/sh=6a0bb36426cc

  • Artificial Intelligence is Coming to Windows: Are Your Security Policy Settings Ready?

What’s in your Windows security policy? Do you review your settings on an annual basis or more often? Do you provide education and training regarding the topics in the policy? Does it get revised when the impact of an incident showcases that an internal policy violation led to the root cause of the issue? And, importantly, do you have a security policy that includes your firm’s overall policies around the increasing race towards artificial intelligence, which is seemingly in nearly every application released these days?

From word processing documents to the upcoming enhancements to Windows 11, which will include AI prompting in the Explorer platform, organisations should review how they want their employees to treat customer data or other confidential information when using AI platforms. Many will want to build limits and guidelines into their security plans that specify what is allowed to be entered into platforms and websites that may store or share the information online. However, confidential information should not be included in any application that doesn’t have clearly defined protections around the handling of such data. The bottom line is that AI is coming to your network and your desktop sooner than you think. Build your policies now and review your processes to determine if you are ready for it today.

https://www.csoonline.com/article/3698517/artificial-intelligence-is-coming-to-windows-are-your-security-policy-settings-ready.html

  • Cyber Crooks Targeting Employees, Organisations Fight Back with Training Programs

Cyber criminals are increasingly targeting an organisation’s employees, figuring to trick an untrained staffer to click on a malicious link that starts a malware attack, Fortinet said in a newly released study of security awareness and training.

More than 80% of organisations faced malware, phishing and password attacks last year, which were mainly targeted at users. This underscores that employees can be an organisation’s weakest point or one of its most powerful defences.

Fortinet’s research revealed that more than 90% of the survey’s respondents believe that increased employee cyber security awareness would help decrease the occurrence of cyber attacks. As organisations face increasing cyber risks, employees serving as an organisation’s first line of defence in protecting their organisation from cyber crime becomes of paramount importance.

https://www.msspalert.com/cybersecurity-research/cyber-crooks-targeting-employees-organizations-fight-back-with-training-programs/

  • Massive Phishing Campaign Uses 6,000 Sites to Impersonate 100 Brands

A widespread brand impersonation campaign targeting over a hundred popular apparel, footwear, and clothing brands has been underway since June 2022, tricking people into entering their account credentials and financial information on fake websites. The brands impersonated by the phony sites include Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face and others.

A recent report found the campaign relies on at least 3,000 domains and roughly 6,000 sites, including inactive ones. The campaign had a significant activity spike between January and February 2023, adding 300 new fake sites monthly. The domain names follow a pattern of using the brand name together with a city or country, followed by a generic TLD such as ".com." Additionally, any details entered on the checkout pages, most notably the credit card details, may be stored by the website operators and resold to cyber criminals.

https://www.bleepingcomputer.com/news/security/massive-phishing-campaign-uses-6-000-sites-to-impersonate-100-brands/

  • Over One in Ten Brits are Willing to Engage in ‘Illegal or Illicit’ Online Behaviour

A recent study found that 11% of Brits were tempted to engage in ‘illegal or illicit online behaviour’ in order to help manage the fallout from the cost of living crisis. This statistic becomes even more concerning when focused on younger people, with almost a quarter of 25–35 year old respondents (23%) willing to consider illegal or illicit online activity. Of those willing to engage in this kind of behaviour, 56% suggested it was because they are desperate and struggling to get by, and need to find alternative means of supporting their families.

Nearly half (47%) of UK business leaders believe their organisation has been at a greater risk of attack since the start of the cost-of-living crisis. Against this backdrop, many SME business leaders are understandably worried about the impact on employees. Of those who think their organisation is more exposed to attack, 38% believe it’s due to malicious insiders and 35% to overworked and distracted staff making mistakes. Organisations not doing so already, should look to incorporate insider threat into their security plans. Insider threat should focus on areas such as regular education and monitoring and detection.

The report found that 44% of respondents have also noticed an uptick in online scams hitting their inboxes since the cost of living crisis began in late 2021/early 2022. Another worrying finding is that this uptick is proving devastatingly effective for scammers: over one in ten (13%) of UK respondents have already been scammed since the cost of living crisis began. This rises to a quarter (26%) of respondents in the 18-25 age range, reflecting a hyper-online lifestyle and culture that scammers can work to exploit effectively.

https://www.itsecurityguru.org/2023/06/15/it-security-guru-study-shows-over-one-in-ten-brits-are-willing-to-engage-in-illegal-or-illicit-online-behaviour-as-the-cost-of-living-crisis-worsens 

https://www.infosecurity-magazine.com/news/costofliving-crisis-drives-insider/

  • Microsoft Office 365 Phishing Reveals Signs of Much Larger BEC Campaign

Recently, Microsoft discovered multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attacks against banking and financial services organisations. The attackers are successfully phishing employees’ accounts with fake Office 365 domains. This allows them to bypass authentication, exfiltrate data and send further phishing emails against other employees and several targeted external organisations. In some cases, threat actors have registered their own device to the employee’s account, to evade MFA defences and achieve persistent access.

https://securityaffairs.com/147327/hacking/aitm-bec-attacks.html

https://thehackernews.com/2023/06/adversary-in-middle-attack-campaign.html

https://www.csoonline.com/article/3699122/microsoft-office-365-aitm-phishing-reveals-signs-of-much-larger-bec-campaign.html

  • Europol Warns of Metaverse and AI Terror Threat

New and emerging technologies like conversational AI, deepfakes and the metaverse could be utilised by terrorists and extremists to radicalise and recruit converts to their cause, Europol has warned. The report stated that the online environment lowers the bar for entering the world of terrorism and extremism, broadens the range of people that can become exposed to radicalisation and increases the unpredictability of terrorism and extremism.

Europol also pointed to the potential use of deepfakes, augmented reality and conversational AI to enhance the efficiency of terrorist propaganda. Both these technologies and internet of things (IoT) tools can also be deployed in more practical tasks such as the remote operation of vehicles and weapons used in attacks or setting up virtual training camps. Digital currencies are also playing a role in helping to finance such groups while maintaining the anonymity of those contributing the funding, Europol said.

https://www.infosecurity-magazine.com/news/europol-warns-metaverse-and-ai/

  • What is AI, and is it Dangerous?

Recently, we saw the release of the first piece of EU regulation on AI. This comes after a significant rise in the usage of tools such as ChatGPT. Such tools allow for even those with limited technical ability to perform sophisticated actions. In fact, usage has risen 44% over the last three months alone, according to a report.

Rather worryingly, there is a lack of governance on the usage of AI, and this extends to how AI is used within your own organisation. Whilst the usage can greatly improve actions performed within an organisation, the report found that 6% of employees using AI had pasted sensitive company data into an AI tool. Would your organisation know if this happened, and how damaging could it be to your organisation if this data was to be leaked? Continuous monitoring, risk analysis and real-time governance can help aid an organisation in having an overview of the usage of AI.

https://www.bbc.co.uk/news/technology-65855333

https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html

  • Cyber Liability Insurance Vs. Data Breach Insurance: What's the Difference?

With an ever-increasing number of cyber security threats and attacks, companies are becoming motivated to protect their businesses and customer data both technically and financially. Finding the right insurance has become a key part of the security equation.

Companies looking to protect themselves have most likely heard the terms “cyber liability insurance” and “data breach insurance.” Put simply, cyber liability insurance refers to coverage for third-party claims asserted against a company stemming from a network security event or data breach. Data breach insurance, on the other hand, refers to coverage for first-party losses incurred by the insured organisation that has suffered a loss of data.

https://www.csoonline.com/article/3698297/cyber-liability-insurance-vs-data-breach-insurance-whats-the-difference.html

  • Exploring the Dark Web: Hitmen for Hire and the Realities of Online Activities

The dark web makes up a significant portion of the internet. Access can be gained through special browser, TOR, also known as the onion Router. The service bounces around IP addresses, constantly changing to protect the anonymity of the user.

This dark web contains an array of activities and sites, which include hitmen for hire, drugs for sale, and stolen credit card databases amongst others. Sometimes these aren’t real however, and are actually a trap to steal money from users on the basis that these users are unlikely to report it to law enforcement when the victim was trying to break the law in the first place. What we do know however, is that the dark web contains a plethora of information, and this could include data from your organisation.

https://news.clearancejobs.com/2023/06/07/exploring-the-dark-web-hitman-for-hire-and-the-realities-of-online-activities/

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

Artificial Intelligence

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Encryption

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Training, Education and Awareness

Digital Transformation

Regulations, Fines and Legislation

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 12 May 2023

Black Arrow Cyber Threat Briefing 12 May 2023:

-79% of Cyber Pros Make Decisions Without Threat Intelligence

-61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

-Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

-Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

-AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

-Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

-Majority of US, UK CISOs Unable to Protect Company 'Secrets'

-Company Executives Can’t Afford to Ignore Cyber Security Anymore

-BEC Campaign via Israel Spotted Targeting Multinational Companies

-CISOs Worried About Personal Liability for Breaches

-UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

-Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • 79% of Cyber Pros Make Decisions Without Threat Intelligence

In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on?

Threat intelligence helps organisations stay informed about the latest cyber threats and vulnerabilities. By gathering and analysing information about potential attacks, threat intelligence can provide organisations with valuable insights into the tactics, techniques and procedures (TTPs) used by cyber criminals.

Given the deep value provided by threat intelligence, why aren’t more cyber pros taking advantage of it?

https://securityintelligence.com/articles/79-percent-of-cyber-pros-make-decisions-without-threat-intelligence/

  • 61% of Business Leadership Overlook the Role of Cyber Security as a Business Enabler and as being Key to Business Success

A recent report found only 39% of respondents think their company's leadership has a sound understanding of cyber security's role as a business enabler. Cyber security can be a huge business enabler; executive leaders need to think of cyber security in terms of the value it can deliver at a more strategic level.

https://www.darkreading.com/risk/global-research-from-delinea-reveals-that-61-of-it-security-decision-makers-think-leadership-overlooks-the-role-of-cybersecurity-in-business-success

  • Risk Managers Warn Cyber Insurance Could Become ‘Unviable Product’

The Federation of European Risk Management Associations (FERMA), an umbrella body representing 22 trade associations, said the cyber insurance market is “evolving in isolation from the industries it serves”.

It highlighted a move by Lloyd’s of London, the specialist insurance market and hub for cyber insurance, demanding that standard cyber policies have an exemption for big state-backed attacks.

“Without a more collaborative approach to cyber balancing the risk appetite of the insurance market with the coverage requirements of the corporate buyers, there is a risk that cyber insurance becomes an unviable product for many organisations,” FERMA said in a statement shared with the Financial Times.

The intervention is the strongest yet by the business lobby over the controversial exemption and wider concerns about cyber insurance.

https://www.ft.com/content/401629cc-e68a-41a4-8d50-e7c0d3e27835

  • Small and Medium-Sized Businesses: Don’t Give up on Cyber Security

In today’s increasingly hostile environment, every enterprise, big or small, should be concerned about cyber security and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world.

Yet time and again, small and medium-sized businesses (SMBs) are left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt. Thus, cyber security becomes an “afterthought” or “add when we can” kind of service that leaves SMBs far more vulnerable than the corporate giants — just reading the news every day shows even they aren’t immune to ransomware, intrusions, and data theft. If you haven’t already, start thinking about security now.

https://www.csoonline.com/article/3695593/small-and-medium-sized-businesses-don-t-give-up-on-cybersecurity.html

  • AI Has Been Dubbed a 'Nuclear' Threat to Cyber Security, but It Can Also Be Used for Defence

Hackers using ChatGPT are faster and more sophisticated than before, and cyber security analysts who don’t have access to similar tools can very quickly find themselves outgunned and outsmarted by these AI-assisted attackers. However, corporations are stumbling to figure out governance around AI, and while they do so, their employees are clearly defying rules and possibly jeopardising company operations. According to a study of 1.6 million workers, 3.1% input confidential company information into ChatGPT. Although the number seems small, 11% of users' questions include private information. This is a fatal flaw for corporate use considering how hackers can manipulate the system into giving them previously hidden information. In another study, it was found that 80% of security professionals used AI, with 46% of these giving specialised capabilities as a reason.

https://www.euronews.com/2023/05/04/ai-has-been-dubbed-a-nuclear-threat-to-cybersecurity-but-it-can-also-be-used-for-defence

  • Paying Cyber Hijackers’ Ransoms Doubles Cost of Recovery, Sophos Study Shows

In three out of four cyber attacks, the hijackers succeeded in encrypting victims’ data, cyber security provider Sophos said in its newly released State of Ransomware 2023 report.

The rate of data encryption amounted to the highest from ransomware since Sophos first issued the report in 2020. Overall, roughly two-thirds of the 3,000 cyber security/IT leaders’ organisations were infected by a ransomware attack in the first quarter of 2023, or the same percentage as last year.

Much advice has been doled out by cyber security providers and law enforcement urging organisations to not pay a ransom. According to Sophos’ survey, the data shows that when organisations paid a ransom to decrypt their data, they ended up doubling their recovery costs. On average, those organisations paying ransoms for decryption forked out $750,000 in recovery costs versus $375,000 for organisations that used backups to recover their data.

Moreover, paying the ransom usually meant longer recovery times, with 45% of those organisations that used backups recovering within a week, compared to 39% of those that paid the ransom.

https://www.msspalert.com/cybersecurity-research/paying-cyber-hijackers-ransoms-doubles-cost-of-recovery-sophos-study-shows/

  • Majority of US, UK CISOs Unable to Protect Company 'Secrets'

A recent study found 75% of organisations have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past. It was found that about 52% of chief information and security officers (CISOs) in the US and UK organisations are unable to fully secure their company secrets. The study showed that a huge chunk of the IT sector realises the danger of exposed secrets. Seventy-five percent said that a secret leak has happened in their organisation in the past, with 60% acknowledging it caused serious issues for the company, employees, or both. The report has pointed out that even though secrets management practice across the US and the UK has seen some maturity, it still needs to go a long way.

https://www.csoonline.com/article/3695583/majority-of-us-uk-cisos-unable-to-protect-company-secrets-report.html

  • Company Executives Can’t Afford to Ignore Cyber Security Anymore

In a recent survey, when asked about the Board and C-Suite‘s understanding of cyber security across the organisation, only 36% of respondents believe that it is considered important only in terms of compliance and regulatory demands, while 17% said it is not seen as a business priority. The disconnect between business and security goals appears to have caused at least one negative consequence to 89% of respondents’ organisations, with 26% also reporting it resulted in an increased number of successful cyber attacks at their company. On the misalignment of cyber security goals, respondents believed it contributed to delays in investments (35%), delays in strategic decision making (34%), and unnecessary increases in spending (27%).

https://www.helpnetsecurity.com/2023/05/10/cybersecurity-business-goals-alignment/

  • BEC Campaign via Israel Spotted Targeting Multinational Companies

An Israel-based threat group was discovered carrying out a business email compromise (BEC) campaign primarily targeting large and multinational enterprises. The group has conducted 350 BEC campaigns since February 2021, with email attacks targeting employees from 61 countries across six continents. The group operate through two personas — a CEO and an external attorney and spoofed email addresses using real domains.

https://www.darkreading.com/remote-workforce/bec-attacks-out-of-israel-target-multinational-corporations

  • CISOs Worried About Personal Liability for Breaches

Over three-fifths (62%) of global CISOs are concerned about being held personally liable for successful cyber attacks that occur on their watch, and a similar share would not join an organisation that fails to offer insurance to protect them, according to Proofpoint annual ‘Voice of the CISO’ survey for 2023. The security vendor polled 1600 CISOs from organisations of 200 employees or more across different industries in 16 countries to compile the report.

It revealed that CISOs in sectors with high volumes of sensitive data and/or heavy regulation such as retail (69%), financial services (65%) and manufacturing (65%) are most likely to demand insurance coverage.

Such concerns only add to the mental load on corporate IT security bosses. A combination of high-stress working environments, shrinking budgets and personal liability could be harming CISOs’ quality of life. Some 60% told Proofpoint they’ve experienced burnout in the past 12 months.

CISOs are most likely to experience burnout in the retail (72%) and IT, technology and telecoms (66%) industries.

https://www.infosecurity-magazine.com/news/cisos-worried-personal-liability/

  • UK, US and International Allies Uncover Russian Snake Malware Network in 50+ Countries

The UK NCSC along with the US National Security Agency (NSA) and various international partner agencies have discovered infrastructure connected with the sophisticated Russian cyber-espionage tool Snake in over 50 countries worldwide. Snake operations have been attributed to a specific unit within Russia’s Federal Security Service (FSB), Center 16.

Cyber criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

According to an advisory published by the agencies on Tuesday, the FSB targeted various industries, including education, small businesses, media, local government, finance, manufacturing and telecommunications. The Snake malware is installed on external infrastructure nodes for further exploitation.

According to the NSA Russian government actors have used this tool for years for intelligence collection and it is hoped that the technical details shared in the advisory will help many organisations find and shut down the malware globally.

https://www.infosecurity-magazine.com/news/nsa-uncovers-russian-snake-malware/

  • Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

A new phishing-as-a-service tool called "Greatness" is being used in attacks targeting manufacturing, healthcare, technology, and other sectors.

Researchers at Cisco Talos detailed their findings on "Greatness," a one-stop-shop for all of a cyber criminal's phishing needs. With Greatness, anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.

The tool has been in circulation since at least mid-2022 and has been used in attacks against enterprises in manufacturing, healthcare, and technology, among other sectors. Half of the targets thus far have been concentrated in the US, with further attacks occurring around Western Europe, Australia, Brazil, Canada, and South Africa.

https://www.darkreading.com/cloud/plug-and-play-microsoft-365-phishing-tool-democratizes-attacks

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Attack Surface Management

Identity and Access Management

Asset Management

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Nation State Actors

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 28 April 2023

Black Arrow Cyber Threat Briefing 28 April 2023:

- Navigating The Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation Are Key

- Shadow IT, SaaS Pose Security Liability for Enterprises

- The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

- Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

- Over 70 billion Unprotected Files Available on Unsecured Web Servers

- Cyber Thieves Are Getting More Creative

- Modernising Vulnerability Management: The Move Toward Exposure Management

- Almost Three-quarters of Cyber Attacks Involve Ransomware

- Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

- NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

- Email Threat Report 2023: Key Takeaways

- 5 Most Dangerous New Attack Techniques

- Many Public Salesforce Sites are Leaking Private Data

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Navigating the Future of Cyber: Business Strategy, Cyber Security Training, and Digital Transformation are Key

Cyber investments have become table stakes for businesses around the world. Cyber crime is increasing, with 91% of organisations reporting at least one cyber incident in the past year. Not only are they growing in numbers, but they are becoming more sophisticated and diverse, with new threats constantly emerging. According to the 2023 Deloitte Global Future of Cyber survey, business leaders are changing how they think of cyber, and it’s emerging as a larger strategic discussion tied to an organisation’s long-term success.

Cyber is about more than protecting information—risk management, incident response planning, threat intelligence and training can often be directly correlated to increasing trust within businesses.

Cyber security training is essential for employees to ensure the safety and security of a business. Employees are often the first line of defence against cyber-attacks and frequently the weakest link in an organisation's security posture. Cyber security training can help employees recognise and avoid common cyber threats, such as phishing attacks, malware, and social engineering. 89% of organisations cited as high-performing cyber organisations have implemented annual cyber awareness training among all employees. With increased digital dependency year over year—effective employee training can raise awareness, reduce risk, improve security posture, and support compliance.

https://www.forbes.com/sites/deloitte/2023/04/20/navigating-the-future-of-cyber-business-strategy-cybersecurity-training-and-digital-transformation-are-key/?sh=1ab15c2c29c1

  • Shadow IT, SaaS Pose Security Liability for Enterprises

There's no denying that software-as-a-service (SaaS) has entered its golden age. Software tools have now become essential to modern business operations and continuity. However, not enough organisations have implemented the proper procurement processes to ensure they're protecting themselves from potential data breaches and reputational harm.

A critical component contributing to concerns around SaaS management is the rising trend of shadow IT, which is when employees download and use software tools without notifying their internal IT teams. A recent study shows that 77% of IT professionals believe that shadow IT is becoming a major concern in 2023, with more than 65% saying their SaaS tools aren't being approved. Organisations are beginning to struggle with maintaining security as their SaaS usage continues to sprawl.

To combat shadow IT and the high risks that come along with it, organisations must gain greater visibility over their SaaS stacks and institute an effective procurement process when bringing on new software solutions.

https://www.darkreading.com/edge-articles/shadow-it-saas-pose-security-liability-for-enterprises

  • The Strong Link Between Cyber Threat Intelligence and Digital Risk Protection

While indicators of compromise and attackers’ tactics, techniques, and processes (TTPs) remain central to threat intelligence, cyber threat intelligence needs have grown over the past few years, driven by things like digital transformation, cloud computing and remote working. In fact, these changes have led to a cyber threat intelligence (CTI) subcategory focused on digital risk protection (DRP). DRP is broadly defined as, “telemetry, analysis, processes, and technologies used to identify and mitigate risks associated with digital assets”.

According to research provider ESG, the most important functions of DRP as part of a mature CTI programme are: vulnerability exploit intelligence, takedown services, leaked data monitoring, malicious mobile application monitoring, brand protection and attack surface management. It should be noted that a mature CTI programme can utilise service providers to help carry out threat intelligence, it doesn’t have to be spun up by the organisation from nothing. Regardless, an organisation employing these DRP functions as part of a CTI programme will be increasing its cyber resilience and reducing the chance of a cyber incident.

https://www.csoonline.com/article/3693754/the-strong-link-between-cyber-threat-intelligence-and-digital-risk-protection.html

  • Weak Credentials, Unpatched Vulnerabilities, Malicious Open Source Packages Causing Cloud Security Risks

Threat actors are getting more adept at exploiting common everyday issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open-source software (OSS) packages. Meanwhile, security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments according to a recent report. The report, conducted by UNIT 42 analysed the workload of 210,000 cloud accounts across 1,300 organisations.

The report’s findings echoed similarities from the previous year, finding almost all cloud users, roles, services and resources grant excessive permissions. Some of the other key findings include as many as 83% of organisations having hard-coded credentials in their source control management systems, 53% of cloud accounts allowing weak password usage and 44% allowing password reuse and 71% of high or critical vulnerabilities exposed were at least two years old.

https://www.csoonline.com/article/3693260/weak-credentials-unpatched-vulnerabilities-malicious-oss-packages-causing-cloud-security-risks.html

  • Over 70 Billion Unprotected Files Available on Unsecured Web Servers

A recent report found that more than 70 billion files, including intellectual property and financial information, are freely available and unprotected on unsecured web servers. Other key findings of the report included almost 1 in 10 of all detected internet-facing assets having an unpatched vulnerability, with the top 10 vulnerabilities found unpatched at least 12 million times each.

The report predicted that there will be a significant rise in information stealing malware; the report had found that 50% of emails associated with customers were plaintext and unencrypted. Additionally, there will be more incidents due to an increase in assets which are not known to IT, known as shadow IT.

Organisations should look to employ efficient patch management, have an up to date asset register, and use encryption to better increase their cyber defences.

https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

  • Cyber Thieves Are Getting More Creative

Cyber criminals are constantly changing their tactics and finding new ways to steal money from organisations. An example of this can be seen where criminals are breaking into systems to learn who is authorised to send payments and what the procedures are. Eventually, this leads to the criminal instructing payment to their own account.

Unfortunately, it is only after such events that some organisations are taking actions, such as verifying payments through phone calls. Whilst it is important for organisations to learn from attacks, it is beneficial to take a pro-active approach and employ procedures such as call back procedures before an incident has occurred.

https://hbr.org/2023/04/cyber-thieves-are-getting-more-creative

  • Modernising Vulnerability Management: The Move Toward Exposure Management

Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritisation, and understanding of attackers' motivations, opportunities and means. Vulnerabilities only represent a small part of the attack surface that attackers can leverage.

Exposures are broader and can encompass more than just vulnerabilities. Exposures can result from various factors, such as human error, improperly defined security controls, and poorly designed and unsecured architecture. Organisations should consider that an attacker doesn’t just look at one exposure; attackers will often use a combination of vulnerabilities, misconfigurations, permissions and other exposures to move across systems and reach valuable assets.

As such, organisations looking to improve their cyber resiliency should consider their vulnerability management system and assess both whether it is taking into account exposures and the context in relation to the organisation.

https://thehackernews.com/2023/04/modernizing-vulnerability-management.html

  • Two-thirds of Cyber Attacks Involve Ransomware

A report from Sophos focusing on recent incident response cases, found that 68.4% of incidents resulted from ransomware. This was followed by network breaches, accounting for 18.4%. Regarding threat actor access, the report found that unpatched vulnerabilities were the single most common access method, followed by compromised credentials.

https://www.computerweekly.com/news/365535467/Almost-three-quarters-of-cyber-attacks-involve-ransomware

  • Corporate Boards Pressure CISOs to Step Up Risk Mitigation Efforts

A recent report found that the top challenges when implementing an effective cyber/IT risk management programme include an increase in the quantity (49%) and severity (49%) of cyber threats, a lack of funding (37%) and a lack of staffing/cyber risk talent (36%).

Cyber attacks have been increasing for several years now and resulting data breaches cost businesses an average of $4.35 million in 2022, according to the annual IBM ‘Cost of a Data Breach’ report. Given the financial and reputational consequences of cyber attacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

When it came to reporting to the board, 30% of CIO and CISO respondents say they do not communicate risk around specific business initiatives to other company leaders, indicating they may not know how to share that information in a constructive way.

https://www.helpnetsecurity.com/2023/04/26/effective-it-risk-management/

  • NSA Sees ‘Significant’ Russian Intel Gathering on European, US Supply Chain Entities

According to the US National Security Agency (NSA), Russian hackers could be looking to attack logistics targets more broadly. The NSA have noted a significant amount of intelligence gathering into western countries, including the UK and the US.

Although there is no indication yet regarding attacks from Russia in connection with the logistics related to Ukraine, organisations should be aware and look to improve their cyber security practices to be best prepared.

https://cyberscoop.com/nsa-russian-ukraine-supply-chain-ransomware/

  • Email Threat Report 2023: Key Takeaways

According to a recent report, email phishing made up 24% of all spam types in 2022, a significant increase in proportion from 11% in 2021. The finance industry was the most targeted by far, accounting for 48% of phishing incidents. It is followed by the construction sector at 17%, overtaking 2021’s second-place industry, e-commerce. Both the finance and construction industries saw an increase in phishing since last year. Of all the emails analysed in 2022, an enormous 90% were spam emails.

With phishing as prevalent as ever, organisations should look to implement training for their staff to not only be able to spot phishing emails, but to be able to report these and aid in improving the cyber security culture of their organisation.

https://www.itsecurityguru.org/2023/04/27/email-threat-report-2023-key-takeaways/

  • 5 Most Dangerous New Attack Techniques

Experts from security training provider SANS Institute have revealed the 5 most dangerous new attack techniques: adversarial AI, ChatGPT-powered social engineering, third-party developer attacks (also known as software supply chain attacks), SEO, and paid advertising attacks.

The new techniques highlight the ever changing environment of the attack environment. SEO and paid advertising attacks are leveraging fundamental marketing strategies to gain initial access, heightening the importance for organisations to incorporate scalable user awareness training programmes, tailored to new threats.

https://www.csoonline.com/article/3694892/5-most-dangerous-new-attack-techniques.html  

  • Many Public Salesforce Sites are Leaking Private Data

A shocking number of organisations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

This included the US State of Vermont who had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance programme that exposed the applicant’s full name, social security number, address, phone number, email, and bank account number. Similar information was leaked by TCF Bank on their Salesforce Community Website.

It's not just Salesforce though; misconfigurations in general are responsible for a number of leaked documents and or exposures relating to an organisation.

https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Deepfakes

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Containers

Attack Surface Management

Shadow IT

Identity and Access Management

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Digital Transformation

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Tools and Controls

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 24 February 2023

Black Arrow Cyber Briefing 24 February 2023:

-Employees Bypass Cyber Security Guidance to Achieve Business Objectives

-Three Quarters of Businesses Braced for Serious Email Attack this Year

-The Cost of Living Crisis is Triggering a Wave of Workplace Crime

-Fighting Ransomware with Cyber Security Audits

-Record Levels of Fraud Impacting 90% of Payment Compliance Teams

-CISOs Struggle with Stress and Limited Resources

-Cyber Threats and Regulations Mount for Financial Industry

-HardBit Ransomware Wants Insurance Details to Set the Perfect Price

-Social Engineering is Becoming Increasingly Sophisticated

-A Fifth of Brits Have Fallen Victim to Online Scammers

-Cyber Attacks Hit Data Centres to Steal Information From Companies

-Phishing Fears Ramp Up on Email, Collaboration Platforms

-The War in Ukraine has Shaken up the Cyber Criminal Eco-system

-Police Bust €41m Email Scam Gang

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Employees Bypass Cyber Security Guidance to Achieve Business Objectives

Researcher Gartner predicts that by 2025, lack of talent or human failure will be responsible for over half of significant cyber incidents. In a survey conducted by Gartner it was found that 69% of employees had bypassed their organisations cyber security guidance in the previous 12 months and 74% said they would bypass cyber security guidance if it helped them or their team achieve a business objective.

https://www.helpnetsecurity.com/2023/02/24/bypass-cybersecurity-guidance/

  • Three Quarters of Businesses Braced for Serious Email Attack this Year

According to a survey conducted by security provider Vanson Bourne, 76% of cyber security professionals predict that an email related attack will have serious consequences for their organisation in the coming year. The survey found that 82% of companies reported a higher volume of email in 2022 compared with 2021 and 2020 and 74% had said email-based threats had risen over the last 12 months. In addition, a worrying 91% had seen attempts to steal or use their email domain in an attack.

https://www.csoonline.com/article/3688573/three-quarters-of-businesses-braced-for-serious-email-attack-this-year.html#tk.rss_news

  • The Cost of Living Crisis is Triggering a Wave of Workplace Crime

Almost 6,000 people were caught stealing from their employer in 2022 according to insurance provider Zurich with the firms facing an average loss of £140,000.  Zurich have said “As cost of living pressures mount, employee theft has significantly increased, suggesting some workers could be turning to desperate measures to make ends meet”.

https://news.sky.com/story/the-cost-of-living-crisis-is-triggering-a-wave-of-workplace-crime-heres-how-12817082

  • Fighting Ransomware with Cyber Security Audits

With the ever increasing number of devices and distributed environments, it’s easy for organisations to lose track of open IP addresses, administrator accounts and infrastructure configurations; all of this creates an increase in opportunities for threat actors to deploy ransomware. By conducting audits of IT assets, organisations can identify the data they hold and reduce the risk of forgotten devices. The need for auditing of an organisations assets is reinforced where a survey conducted by research provider Enterprise Strategy Group found that nearly 70% of respondents had suffered at least one exploit that started with an unknown, unmanaged, or poorly managed Internet-facing IT asset.

https://www.trendmicro.com/en_us/ciso/23/b/cybersecurity-audit.html

  • Record Levels of Fraud Impacting 90% of Payment Compliance Teams

New research from research provider VIXIO has found that 90% of payment company compliance teams are frequently overwhelmed and increased fraud was a particular concern for teams in the UK.

https://www.itsecurityguru.org/2023/02/17/overwhelm-impacts-90-of-payment-compliance-teams-as-they-combat-record-levels-of-fraud/

  • CISOs Struggle with Stress and Limited Resources

A survey from security provider Cynet has found that 94% of CISOs report being stressed at work, with 65% admitting that this work stress has compromised their ability to protect their organisation. Furthermore, the survey found all respondents said they needed additional resources to adequately cope with current cyber challenges. Amongst some of the key findings were 77% of CISOs believing that a lack of resources had led to important security initiatives falling to the wayside.

https://www.helpnetsecurity.com/2023/02/23/cisos-work-related-stress/

  • Cyber Threats and Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture. For example, last year a report conducted by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and security provider Akamai found that distributed denial-of-service attacks (DDoS) attacks rose 73% more for European financial institutions compared to the previous year. This combination of attacks is followed by an increase in regulations such as the requirement to report breaches to the European Authorities to satisfy the General Data Protection Regulation (GDPR). Such increase has caused financial institutions to bolster their security, with a survey conducted by security provider Contrast finding 72% of financial organisations plan to increase their investment in the security of their applications and 64% mandated cyber security requirements for their vendors.

https://www.darkreading.com/risk/cyberthreats-regulations-mount-for-financial-industry

  • HardBit Ransomware Wants Insurance Details to Set the Perfect Price

Operators of a ransomware threat known as Hardbit are trying to negotiate ransom payments so that they would be covered by victim’s insurance companies. Typically, the threat actor tries to convince the victim that it is in their interest to disclose their insurance details so that the threat actor can adjust their demands so that insurance would cover it.

 https://www.bleepingcomputer.com/news/security/hardbit-ransomware-wants-insurance-details-to-set-the-perfect-price/ 

  • Social Engineering is Becoming Increasingly Sophisticated

The rapid development of deepfake technology is providing an increase in the sophistication of social engineering attacks. Deepfake technology refers to products created through artificial intelligence, which could allow an individual to impersonate another with likeness and voice during a video conversation. The accessibility of such technology has allowed threat actors to conduct more sophisticated campaigns, including the replication of the voice of a company executive.

https://securityaffairs.com/142487/hacking/social-engineering-increasingly-sophisticated.html

  • A Fifth of Brits Have Fallen Victim to Online Scammers

Security founder F-Secure have found that a fifth of Brits had fallen victim to digital scammers in the past, yet a quarter had no security controls to protect themselves. When providing a reason for the lack of security, 60% said they found cyber security too complex. This is worrying for organisations who need to ensure these low levels of security awareness are not displayed in the corporate environment.

https://www.infosecurity-magazine.com/news/fifth-brits-have-victim-online/

  • Cyber Attacks Hit Data Centres to Steal Information from Companies

Cyber attacks targeting multiple data centres globally have resulted in the exfiltration of information relating to companies who used them. In addition, attackers have been seen to publish access credentials relating to these attacks on the dark web. This malicious activity reinforces the need for organisations to be aware of and properly manage their supply chain.

https://www.csoonline.com/article/3688909/cyberattacks-hit-data-centers-to-steal-information-from-global-companies.html#tk.rss_news  

  • Phishing Fears Ramp Up on Email, Collaboration Platforms

Three quarters of organisations are expecting a serious impact from an email-based attack and with the rapid growth and expansion of collaboration tools such as Microsoft Teams, it’s expected that these will also be used as a vector for threat actors. Combined with the emergence of Chat-GPT, the landscape provides an increasing amount of opportunities for threat actors.

https://www.darkreading.com/remote-workforce/phishing-fears-ramp-up-on-e-mail-collaboration-platforms

  • The War in Ukraine has Shaken up the Cyber Criminal Eco-System

One year after Russia invaded Ukraine, the war continues -- including an ever-evolving digital component that has implications for the future of cyber security around the world. Among other things, the war in Ukraine has upended the Eastern European cyber criminal ecosystem, according to cyber security experts from Google, shaking up the way ransomware attacks are playing out. Google later explained that “Lines are blurring between financially motivated and government-backed attackers in Eastern Europe”.

https://www.zdnet.com/article/the-war-in-ukraine-has-shaken-up-the-cybercriminal-ecosystem-google-says/

  • Police Bust €41m Email Scam Gang

A coordinated police operation spanning multiple countries led to the dismantling of a criminal network which was responsible for tens of millions in Business Email Compromise (BEC) losses. In one of the attacks the gang used social engineering to target the Chief Financial Officer (CFO) of a real estate developer, defrauding them of 38 million euros.

https://www.infosecurity-magazine.com/news/police-bust-41m-bec-gang/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Insurance

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Containers

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Data Protection

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 17 February 2023

Black Arrow Cyber Threat Briefing 17 February 2023:

-High Risk Users May be Few, but the Threat They Pose is Huge

-The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

-Cyber Attacks Worldwide Increased to an All-Time Record Breaking High

-Most Organisations Make Cyber Security Decisions Without Insights

-Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

-Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

-Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

-EU Countries Told to Step up Defence Against State Hackers

-Cyber Criminals Exploit Fear and Urgency to Trick Consumers

-How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

-Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

-5 Biggest Risks of Using Third Party Managed Service Providers

-Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • High Risk Users May be Few, but the Threat They Pose is Huge

High risk users represent approximately 10% of the worker population according to research provider, Elevate Security research. The research found that high risk users were responsible for 41% of all simulated phishing clicks, 30% of all real-world phishing clicks, 54% of all secure-browsing incidents and 42% of all malware events. This is worrying, considering the rise in sophisticated targeted phishing campaigns.

https://www.helpnetsecurity.com/2023/02/16/high-risk-behavior/

  • The Cost of Cyber Security Insurance is Soaring so Firms Need to Take Prevention More Seriously

State-backed cyber attacks are on the rise, but they are not raising the level of alarm that they should in the corporate world. Unfortunately, this is not a productive way of thinking. Come the end of March, insurance provider Lloyds will no longer cover damage from cyber attacks carried out by state or state-backed groups. In the worst cases, this reduced insurance coverage could exacerbate the trend of companies taking a passive approach toward state-backed attacks as they feel there is now really nothing they can do to protect themselves. The uncertainty however, could be the motivation for companies to take the threat of state-backed attacks more seriously.

https://fortune.com/2023/02/15/cost-cybersecurity-insurance-soaring-state-backed-attacks-cover-shmulik-yehezkel/

  • Cyber Attacks Worldwide Increased to an All-Time Record-Breaking High, Report Shows

According to a report by security provider Check Point, cyber attacks rose 38% in 2022 compared to the previous year. Some of the key trends in the report included an increase in the number of cloud-based networking attacks, with a 48% rise and non-state affiliated hacktivist groups becoming more organised and effective than ever before. Additionally, ransomware is becoming more difficult to attribute and track and extra focus should be placed on exfiltration detection.

https://www.msspalert.com/cybersecurity-research/cyberattacks-worldwide-increased-to-an-all-time-high-check-point-research-reveals/

  • Most Organisations Make Cyber Security Decisions Without Insights

A report by security provider Mandiant found some worrying results when it came to organisational understanding of threat actors. Some of the key findings include, 79% of respondents stating that most of their cyber security decisions are made without insight into the treat actors targeting them, 79% believing their organisation could focus more time and energy on identifying critical security trends, 67% believing senior leadership teams underestimate the cyber threats posed to their organisation and finally, 47% of respondents felt that they could not prove to senior leadership that their organisation has a highly effective cyber security program.

https://www.msspalert.com/cybersecurity-research/mandiant-report-most-organizations-make-cybersecurity-decisions-without-insights/

  • Ransomware Attackers Finding New Ways to Weaponise Old Vulnerabilities

Ransomware attackers are finding new ways to exploit organisations’ security weaknesses by weaponising old vulnerabilities.  A report by security provider Cyber Security Works had found that 76% of the vulnerabilities currently being exploited were first discovered between 2010-2019.

https://venturebeat.com/security/ransomware-attackers-finding-new-ways-to-weaponize-old-vulnerabilities/

  • Are Executives Fluent in IT Security Speak? 5 Reasons Why the Communication Gap is Wider Than You Think

Using data from two different reports conducted by security provider Kaspersky, the combined data showed some worrying results. Some of the results include 98% of respondents revealing they faced at least one IT security miscommunication that regularly leads to bad consequences, 62% of managers revealing miscommunication led to at least one cyber security incident, 42% of business leaders wanting their IT security team to better communicate and 34% of C-level executives struggle to speak about adopting new security solutions.

https://www.msspalert.com/cybersecurity-research/are-c-suite-executives-fluent-in-it-security-speak-five-reasons-why-the-communication-gap-is-wider-than-you-think/

  • Business Email Compromise Groups Target Firms with Multilingual Impersonation Attacks

Security providers Abnormal Security have identified two Business Email Compromise (BEC) groups “Midnight Hedgehog” and “Mandarin Capybara” which are conducting impersonation attacks in at least 13 different languages. Like many payment fraud attacks, finance managers or other executives are often targeted. In a separate report by Abnormal Security, it was found that business email compromise (BEC) attacks increased by more than 81% during 2022.

https://www.infosecurity-magazine.com/news/bec-groups-multilingual/

  • EU Countries Told to Step up Defence Against State Hackers

European states have raced to protect their energy infrastructure from physical attacks but the European Systemic Risk Board (ESRB) said more needed to be done against cyber warfare against financial institutions and the telecommunications networks and power grids they rely on. "The war in Ukraine, the broader geopolitical landscape and the increasing use of cyber attacks have significantly heightened the cyber threat environment," the ESRB said in a report. In addition, the ESRB highlight an increased risk of cyber attacks on the EU financial system, suggesting that stress tests and impact analyses should be carried out to identify weaknesses and measure resilience.

https://www.reuters.com/world/europe/eu-countries-told-step-up-defence-against-state-hackers-2023-02-14/

  • Cyber Criminals Exploit Fear and Urgency to Trick Consumers

Threats using social engineering to steal money, such as refund and invoice fraud and tech support scams, increased during Q4 of 2022 according to a report by software provider Avast. “At the end of 2022, we have seen an increase in human-centred threats, such as scams tricking people into thinking their computer is infected, or that they have been charged for goods they didn’t order. It’s human nature to react to urgency, fear and try to regain control of issues, and that’s where cyber criminals succeed” Avast commented.

https://www.helpnetsecurity.com/2023/02/13/cybercriminals-exploit-fear-urgency-trick-consumers/

  • How to Manage Third Party and Supply Chain Cyber Security Risks that are Too Costly to Ignore

Many organisations have experienced that “after the breach” feeling — the moment they realise they have to tell customers their personal information may have been compromised because one of the organisations’ vendors had a data breach. Such situations involve spending significant amount of money and time to fix a problem caused by a third party. An organisation’s ability to handle third-party cyber risk proactively depends on its risk management strategies.

https://techcrunch.com/2023/02/10/why-third-party-cybersecurity-risks-are-too-costly-to-ignore/

  • Russian Spear Phishing Campaign Escalates Efforts Towards Critical UK, US and European Targets

Following the advisory from the NCSC, it is clear that Russian state-sponsored hackers have become increasingly sophisticated at launching phishing attacks against critical targets in the UK, US and Europe over the last 12 months. The attacks included the creation of fake personas, supported by social media accounts, fake profiles and academic papers, to lure targets into replying to sophisticated phishing emails. In some cases, the bad actor may never leverage the account to send emails from and only use it to make decisions based on intelligence collection.

https://www.computerweekly.com/news/365531158/Russian-spear-phishing-campaign-escalates-efforts-toward-critical-UK-US-and-European-targets

  • 5 Biggest Risks of Using Third Party Managed Service Providers

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work. But it does present risks. 5 of the biggest risks to be considered are: indirect cyber attacks, financial risks from incident costs, reputational damage, geopolitical risk and regulatory compliance risk.

https://www.csoonline.com/article/3687812/5-major-risks-third-party-services-may-bring-along-with-them.html#tk.rss_news

  • Cyber Crime as a Service: A Subscription Based Model in the Wrong Hands

Arguably nothing in tech has changes the landscape more than ‘as a Service’ offerings, the subscription-based IT service delivery model, in fact, the ‘as a Service’ offering has made its way into the cyber crime landscape. And cyber crime, for its part, has evolved beyond a nefarious hobby; today it’s a means of earning for cyber criminals. Organised cyber crime services are available for hire, particularly to those lacking resources and hacking expertise but willing to buy their way into cyber criminal activities. Underground cyber crime markets have thus emerged, selling cyber attack tools and services ranging from malware injection to botnet tools, Denial of Service and targeted spyware services.

https://www.splunk.com/en_us/blog/learn/cybercrime-as-a-service.html

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Attack Surface Management

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Backup and Recovery

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 10 February 2023

Black Arrow Cyber Threat Briefing 10 February 2023:

-Companies Banned from Paying Hackers After Attacks on Royal Mail and Guardian

-Fraud Set to Be Upgraded as a Threat to National Security

-98% of Attacks are Not Reported by Employees to their Employers

-UK Second Most Targeted Nation Behind America for Ransomware

-Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

-An Email Attack Can End Up Costing You Over $1 Million

-Cyber Crime Shows No Signs of Slowing Down

-Surge of Swatting Attacks Targets Corporate Executive and Board Members

-Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

-Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

-Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

-PayPal and Twitter Abused in Turkey Relief Donation Scams

-Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • UK Companies Banned from Paying Ransomware Hackers After Attacks on Royal Mail and Guardian

British companies have been banned from paying ransomware hackers after a spate of attacks on businesses including Royal Mail and the Guardian newspaper.

UK Foreign Secretary James Cleverly on Thursday unveiled sanctions on seven Russian hackers linked to a gang called Conti, effectively banning any payments to the group.

Thursday’s sanctions are the first of their kind to be specifically targeted against Russian ransomware gang members.

The actions follow a spate of high-profile attacks on businesses and amid warnings from GCHQ that Russian and Iranian hackers are stepping up actions in Britain.

https://www.telegraph.co.uk/business/2023/02/09/companies-banned-paying-hackers-attacks-royal-mail-guardian/

  • Fraud Set to Be Upgraded as a Threat to National Security

Fraud is to be reclassified as a threat to national security under UK government plans that will force police chiefs to devote more officers to solving the crime.

It will be elevated to the same status as terrorism, with chief constables mandated to increase resources and combine capabilities in a new effort to combat a fraud epidemic that now accounts for 30 per cent of all crime.

It will be added to the strategic policing requirement, which means that forces will be required by ministers to treat fraud as a major priority alongside not only terrorism, but also public disorder, civil emergencies, serious and organised crime, cyber attacks and child sexual abuse.

https://www.telegraph.co.uk/news/2023/02/04/fraud-set-upgraded-threat-national-security/

  • 98% of Attacks are Not Reported by Employees to their Employers

Cyber attackers are increasingly using social engineering tactics to lure employees into opening malicious emails in an attempt to trick them into providing login credentials, updating bank account information and paying fraudulent invoices. Worryingly, research conducted by security provider Abnormal has found that 98% of attacks on organisations are not reported to the organisation’s security team. In addition to this, the report found that the volume of business email compromise attacks are spiking, growing by 175% over the past two years. The report also found that nearly two-thirds of large enterprises experiencing a supply chain compromise attack in the second half of 2022.

https://www.msspalert.com/cybersecurity-research/employees-fail-to-report-98-of-email-cyber-hacks-to-security-teams-study-finds/

  • UK Second Most Targeted Nation Behind America for Ransomware

Security research team Kraken Labs released their report earlier this week, which found that of the 101 different countries that registered victims of ransomware, the UK had registered the second highest number of victims behind the US. Currently, there are over 60 ransomware groups, with the top 3 accounting for a third of all ransomware attacks.

https://www.itsecurityguru.org/2023/02/07/uk-second-most-targeted-nation-behind-america-for-ransomware/

  • Financial Institutions are Suffering from Increasingly Sophisticated Cyber Attacks

This week security provider Contrast Security released its Cyber Bank Heists report, an annual report that exposes cyber security threats facing the financial sector. The report warns financial institutions that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilising wipers and a record-breaking year of zero-day exploits. The report involved a series of interviews with financial sector security leaders and found some notable results. Some of the results include 64% of leaders seeing an increase in application attacks, 72% of respondents planning to increase investment in application security in 2023, 60% of respondents falling victim to destructive attacks and 50% of organisations detecting campaigns which aimed to steal non-public market information.

https://www.darkreading.com/attacks-breaches/financial-institutions-are-suffering-from-increasingly-sophisticated-cyberattacks-according-to-contrast-security

  • An Email Attack Can End Up Costing You Over $1 Million

According to a report by security provider Barracuda Network, 75% of organisations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing potential costs of over $1 million for their most expensive attack. The fallout from an email security attack can be significant, with the report finding 44% of those hit had faced significant downtime and business disruption. Additionally financial services greatly impacted by the loss of valuable data (59%) and payments made to attackers (51%). When it came to organisations preparation, 30% felt underprepared when dealing with account takeover and 28% felt unprepared for dealing with business email compromise.

https://www.helpnetsecurity.com/2023/02/10/email-attack-damage-1-million/

  • Cyber Crime Shows No Signs of Slowing Down

Global risks from population pressures and climate change to political conflicts and industrial supply chain challenges characterised 2022. Cyber criminals used this turmoil to exploit these trending topics, including significant events, public affairs, social causes, and anywhere else opportunity appeared. According to security researchers at Zscaler TheatLabz, 2023 will see a rise in Crime-as-a-service (CaaS), supply chains will be bigger targets than ever, there will be a greater need for defence in depth as endpoint protection will not be enough and finally, there will be a decrease in the time between initial compromise and the final stage of an attack.

https://www.darkreading.com/zscaler/cybercrime-shows-no-signs-of-slowing-down

  • Surge of Swatting Attacks Targets Corporate Executive and Board Members

Swatting is the act of deceiving an emergency service with the purpose of the service then sending an emergency response, often armed, to a targeted persons address. Security provider Black Cloak has found that swatting incidents are now beginning to target C-suite executives and corporate board members, with the number of incidents increasing over the last few months. Malicious actors are using information from the dark web, company websites and property records to construct their swatting attacks.

https://www.csoonline.com/article/3687177/surge-of-swatting-attacks-targets-corporate-executives-and-board-members.html#tk.rss_news

  • Phishing Surges Ahead, as ChatGPT and Artificial Intelligence Loom

Artificial Intelligence (AI) is making it easier for threat actors to create sophisticated and malicious email campaigns. In their report, security provider Vade found that Q4 of 2022 saw a 36% volume increase in phishing campaigns compared to the previous quarter, with over 278.3 million unique phishing emails in that period. The researchers found in particular, new AI tools such as ChatGPT had made it easy for anyone, including those with limited skills, to conduct a sophisticated phishing campaign. Furthermore, the ability of ChatGPT to tailor phishing to different languages is an area for concern.

https://www.darkreading.com/vulnerabilities-threats/bolstered-chatgpt-tools-phishing-surged-ahead

  • Pro-Russian Hacktivist Group is Only Getting Started, Experts Warn

A pro-Russian hacktivist group's low-level distributed denial-of-service (DDoS) attacks on US critical infrastructure could be a precursor to more serious cyber attacks, health care and security officials warned this week. A DDoS attack involves overwhelming a targeted service, service or network with traffic in an attempt to disrupt it. Earlier this week Killnet, a politically motivated Russian hacking group, overloaded and took down some US healthcare organisations. The attack came after threatening western healthcare organisations for the continued NATO support of Ukraine.

https://www.axios.com/2023/02/03/killnet-russian-hackers-attacks

  • Crypto Investors Lost Nearly $4 Billion to Hackers in 2022

Last year marked the worst year on record for cryptocurrency hacks, according to analytic firm Chainalysis’ latest report. According to the report, hackers stole $3.8 billion in 2022, up from $3.3 billion the previous year. De-centralised finance products, which are products that have no requirement for an intermediary or middle-man accounted for about 82% of all crypto stolen.

https://www.cnbc.com/2023/02/04/crypto-investors-lost-nearly-4-billion-dollars-to-hackers-in-2022.html

  • PayPal and Twitter Abused in Turkey Relief Donation Scams

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria. This time, stealing donations by abusing legitimate platforms such as PayPal and Twitter. It has been identified that multiple scams are running which call for fundraising, linking the victim to a legitimate PayPal site. The money however, is kept by the scammer.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

  • Mysterious Leak of Booking.com Reservation Data is Being Used to Scam Customers

For almost 5 years, Booking.com customers have been on the receiving end of a continuous series of scams that demonstrate criminals have obtained travel plans amongst other personally identifiable information that were provided to Booking.com. The scams have involved users receiving fake emails purporting to be from Booking.com with genuine travel details that victims had provided. These emails contain links to malicious URL’s that look nearly identical to the Booking.com website. These then display the victim’s expected travel information, requiring them to input their card details. Some of the scams have developed and involve scammers sending WhatsApp messages after payment has been made, purporting to be from hotels which have been booked by the victims.

https://arstechnica.com/information-technology/2023/02/mysterious-leak-of-booking-com-reservation-data-is-being-used-to-scam-customers/

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Malware

Mobile

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Software Supply Chain

Cloud/SaaS

Hybrid/Remote Working

Identity and Access Management

Encryption

API

Passwords, Credential Stuffing & Brute Force Attacks

Biometrics

Social Media

Malvertising

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Governance, Risk and Compliance

Models, Frameworks and Standards

Data Protection

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Vulnerability Management

Vulnerabilities

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 06/02/2023 – New Wave of Ransomware Exploiting VMware ESXi Hypervisors - updated 09/02/2023 and 10/02/2023 

Black Arrow Cyber Advisory 06/02/2023 – New Wave of Ransomware Exploiting VMware ESXi Hypervisors

Updated 10/02/2023

Reports indicate that at least 18,500 ESXi servers are still vulnerable to VMware bug behind initial ransomware spree, after last week’s ransomware infections hit more than 3,800 organisations across the United States, France, Italy and more.

Updated 09/02/2023

It has now been found that there is a second wave of the ransomware campaign and reports from administrators are that they are being breached, even though SLP was disabled. There is also a script released by the Cybersecurity and Infrastructure Agency (CISA) which will attempt to recover files from an impacted VMware ESXi hypervisor. It should be noted however, that it will likely not work if the VMware ESXi hypervisor was hit by the second wave of ransomware.

CISA’s advice and link to their recovery script can be found here: https://www.cisa.gov/uscert/ncas/current-activity/2023/02/08/cisa-and-fbi-release-esxiargs-ransomware-recovery-guidance

Executive Summary

A large ransomware campaign is targeting VMware ESXi hypervisors around the world, according to the French government’s computer emergency readiness team (CERT-FR). Although not officially confirmed by VMware, multiple sources report that the ransomware exploits a vulnerability known as CVE-2021-21974, which is a heap-overflow vulnerability in which exploitation can result in remote code execution. A patch was made available by VMware in February 2021.

What’s the risk to me or my business?

According to VMware, the malicious actor needs to reside within the same network segment as VMware ESXi and have access to port 427 to be able to exploit CVE-2021-21974 and remotely execute code. This exploit only impacts organisations with VMware ESXi where OpenSLP services are in use. OpenSLP is an open-source implementation of the Service Location Protocol (SLP), which is used to allow networking applications to discover the existence, location and configuration of network services within enterprise networks. The impacted versions of VMware ESXi are as follows:

·         ESXi 7.x versions earlier than ESXi70U1c-17325551

·         ESXi 6.7.x versions earlier than ESXi670-202102401-SG

·         ESXi 6.5.x versions earlier than ESXi650-202102101-SG

What can I do?

Organisations should look to apply the available patches from VMware as soon as possible. It is recommended that organisations disable the SLP service on ESXi hypervisors that have not been patched for the mean time. Where a patch has been applied recently, a system scan should be performed to detect any indicators of compromise.

Further information on the vulnerability can be found through the original security advisory from VMware, which was published in February 2021: https://www.vmware.com/security/advisories/VMSA-2021-0002.html  

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 03 February 2023

Black Arrow Cyber Threat Briefing 03 February 2023:

-Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

-Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

-The Corporate World is Losing its Grip on Cyber Risk

-Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

-Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

-The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will come from the Inside

-98% of Organisations Have a Supply Chain Relationship That Has Been Breached

-New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

-Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

-Financial Services Targeted in 28% of UK Cyber Attacks Last Year

-Phishing Attacks are Getting Scarily Sophisticated. Here’s what to Watch Out For

-City of London on High Alert After Ransomware Attack

-Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

-JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Business Leaders Need a Hands-on Approach to Stop Cyber Crime, Says Spy Chief

Business leaders must not see cyber crime as “just a technical issue” that can be left up to IT departments, said Lindy Cameron, chief executive of the National Cyber Security Centre (NCSC).  Ms Cameron later commented that “In the world of cyber security, the new year has brought with it some sadly familiar themes - a continuation of cyber incidents affecting organisations large and small as well as the British public”.

Along with this, came the urge for business leaders to step up their efforts in combating cyber crime by taking an active interest and educating themselves on the subject.  When commenting upon board members’ level of understanding, Ms Cameron said “I’d also encourage board members to develop a basic understanding of cyber security, which can help when seeking assurances from IT teams about the resilience of an organisation - in a similar way that leaders have a certain level of understanding of finance to assess financial health”.

https://www.telegraph.co.uk/news/2023/01/28/business-leaders-need-hands-on-approach-stop-cyber-crime-says/

  • Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial Scale Cyber Attacks

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is.

"Firebrick Ostrich" is a threat actor that's been performing BEC at a near-industrial scale. Since April 2021, the group has carried out more than 350 BEC campaigns, impersonating 151 organisations and utilising 212 malicious domains in the process. This volume of attacks is made possible by the group's wholesale gunslinging approach. Firebrick Ostrich doesn't discriminate much when it comes to targets, or gather exceptional intelligence in order to craft the perfect phishing bait. It throws darts at a wall because, evidently, when it comes to BEC at scale, that's enough.

BEC is attractive to bad actors due to the lower barriers to entry than malware, less risk, faster scaling opportunities, and way more profit potential to higher echelons than other methods of attack. These factors may explain why such attacks are absolutely the emerging trend, potentially even leaving even ransomware in the dust. There are literally hundreds, if not thousands, of these groups out there.

https://www.darkreading.com/remote-workforce/rising-firebrick-ostrich-bec-group-launches-industrial-scale-cyberattacks

  • The Corporate World is Losing its Grip on Cyber Risk

Lloyd's of London’s insurance market prides itself on being able to put a price on anything, from Tina Turner’s legs or Bruce Springsteen’s vocal cords, to the risk that a bounty hunter might claim the reward from Cutty Sark Whisky in the 1970s for capturing the Loch Ness monster.

But from the end of March, there will be something it won’t price: systemic cyber risk, or the type of major, catastrophic disruption caused by state-backed cyber warfare. In one sense, this isn’t surprising. Insurance policies typically exclude acts of war. Russia’s NotPetya attack on Ukraine in 2017 showed how state-backed cyber assaults can surpass traditional definitions of armed conflict and overspill their sovereign target to hit global businesses. It caused an estimated $10bn in damages and years of wrangling between companies like pharma group Merck and snack maker Mondelez and their insurers.

But the move is prompting broader questions about the growing pains in this corner of the insurance world. “Cyber insurance isn’t working anywhere at the moment as a public good for society,” says Ciaran Martin, former head of the UK National Cyber Security Centre. “It has a huge role to play in improving defences in a market-based economy and it has been a huge disappointment in that sense so far.”

The Lloyd’s move is designed, say insurers, to clarify rather than restrict coverage. Whether it succeeds is another matter: this is a murky world, where cyber crime groups operate with impunity in certain jurisdictions.

https://www.ft.com/content/78bfdf29-1e20-4c12-a348-06e98d5ae906

  • Microsoft Reveals Over 100 Threat Actors are Deploying Ransomware in Attacks

Microsoft revealed this week that its security teams are tracking over 100 threat actors deploying ransomware during attacks. In all, the company says it monitors over 50 unique ransomware families, with some of the most prominent ransomware payloads in recent campaigns including Lockbit, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.

Microsoft said that defence strategies should focus less on payloads themselves but more on the chain of activities that lead to their deployment, since ransomware gangs are still targeting servers and devices not yet patched against common or recently addressed vulnerabilities.

Furthermore, while new ransomware families launch all the time, most threat actors utilise the same tactics when breaching and spreading through networks, making the effort of detecting such behaviour even more helpful in thwarting their attacks.

Attackers are increasingly relying on tactics beyond phishing to conduct their attacks, with threat actors for example capitalising on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.

https://www.bleepingcomputer.com/news/security/microsoft-over-100-threat-actors-deploy-ransomware-in-attacks/

  • Ransomware Conversations: Why the CFO is Pivotal to Discussing and Preparing for Risk

With the amount of cyber attacks in all industries, organisations are beginning to grasp the significance of cyber risk and how it is integral to protecting and maintaining an efficient business. In fact, the first half of 2022 alone saw 236.1 million cases of ransomware.

Whilst the expectation for responsibility has typically fallen on Chief Information Security Officers (CISOs), Chief Financial Officers (CFOs) are just as vital in managing cyber risk, which is now inherently also business risk.  The CFO plays an important part in determining whether cyber security incidents will become material and affect the business more seriously. Their insight is critical across many areas which include ransomware, cyber insurance, regulatory compliance and budget management.

https://www.itsecurityguru.org/2023/02/02/ransomware-conversations-why-the-cfo-is-pivotal-to-discussing-and-preparing-for-risk

  • Greater Incident Complexity, a Shift in How Threat Actors Use Stolen Data Will Drive the Cyber Threat Landscape in 2023

Insurance provider Beazley released their Cyber Services Snapshot Report which claims the cyber security landscape will be influenced by greater complexity and the way threat actors use stolen data. The report also found that as a category, fraudulent instruction experienced a growth as a cause of loss in 2022, up 13% year-over year. 

In response to vulnerabilities such as fraudulent instructions, the report suggests organisations must get smarter about educating users to spot things such as spoofed emails or domain names. The report also cautions organisations to watch for social engineering, spear phishing, bypassing of multi-factor authentication (MFA), targeting of managed service providers (MSP) and the compromise of cloud environments as areas of vulnerability.

https://www.darkreading.com/attacks-breaches/greater-incident-complexity-a-shift-in-the-way-threat-actors-use-stolen-data-and-a-rise-in-us-class-actions-will-drive-the-cyber-threat-landscape-in-2023-according-to-beazley-report

  • The Threat from Within: 71% of Business Leaders Surveyed Think Next Cyber Security Breach Will Come from the Inside

A survey conducted by IT provider EisnerAmper found that 71% of business executives worry about accidental internal staff error as one of the top threats facing their organisation and 23% of these worried about malicious intent by an employee. In comparison, 75% of business executives had concerns about external hackers. The survey also asked about current safety measures, with 51% responding that they were “somewhat prepared”. Despite this, only 50% of respondents reported conducting regular cyber security training. 

https://www.darkreading.com/vulnerabilities-threats/the-threat-from-within-71-of-business-leaders-surveyed-think-next-cybersecurity-breach-will-come-from-the-inside

  • 98% of Organisations Have a Supply Chain Relationship That Has Been Breached

A report from SecurityScorecard found that 98% of organisations have a relationship with at least one third party that has experienced a breach in the last two years, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. Of course, this is keeping in mind that not all organisations disclose or even know they have been breached.

https://www.securityweek.com/98-of-firms-have-a-supply-chain-relationship-that-has-been-breached-analysis/

  • New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Software provider SysKit has published a report on the effects of digital transformation on IT administrators and the current governance landscape. The report found that 40% of organisations experienced a data leak in the previous year. A data leak can have severe consequences on an organisation's efficiency and the impact can lead to large fines, downtime, and loss of business-critical certifications and customers.

In addition, the Survey found that the biggest challenge for IT administrators was a lack of understanding from superiors, huge workloads and misalignment of IT and business strategies.

https://www.darkreading.com/attacks-breaches/new-survey-reveals-40-of-companies-experienced-a-data-leak-in-the-past-year

  • Russian Hackers Launch Cyber Attack on Germany in Leopard Tank Retaliation

The websites of key German administrations, including companies and airports, have been targeted by cyber attacks, the German Federal Office for Information Security (BSI) stated.

The BSI commented they had been informed of DDoS (distributed denial of service) attacks “currently in progress against targets in Germany". This was followed by the statement that “Individual targets in the financial sector” and federal government sites were also attacked, with some websites becoming temporarily unavailable.  It is believed that this is due to the approved deployment of Leopard 2 tanks to Ukraine, with Russian hacker site Killnet taking credit.

https://www.euronews.com/2023/01/26/russian-hackers-launch-cyberattack-on-germany-in-leopard-retaliation

  • Financial Services Targeted in 28% of UK Cyber Attacks Last Year

Based on data from security provider Imperva, security researchers have identified that over a quarter (28%) of all cyber attacks in the UK hit the financial services and insurance (FSI) industry in the last 12 months. The data also found that Application Programme Interface (API) attacks, malicious automated software and distributed denial of service (DDoS) attacks were the most challenging for the industry. In addition, the data found that roughly 40% of all account takeover attempts were targeted at the FSI industry.

https://www.infosecurity-magazine.com/news/quarter-cyber-attacks-uk-financial/

  • Phishing Attacks are Getting Scarily Sophisticated. Here’s What to Watch Out For

Hackers are going to great lengths, including mimicking real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and passwords. The National Cyber Security Centre (NCSC) warns that these phishing attacks are targeting a range of sectors.

The NCSC has also released mitigation advice to help organisations and individuals protect themselves online. The mitigation advice included the use of strong passwords, separate to other accounts; enabling multi-factor authentication (MFA); and applying the latest security updates.

https://www.zdnet.com/article/phishing-attacks-are-getting-scarily-sophisticated-heres-what-to-watch-out-for/

  • City of London on High Alert After Ransomware Attack

A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market. The company impacted, Ion Cleared Derivatives, is investigating. It is reported that 42 clients were impacted by the attack.

https://www.infosecurity-magazine.com/news/city-of-london-high-alert/

  • JD Sports Warns of 10 Million Customers Put at Risk in Cyber Attack

Sportswear retailer JD Sports said it was the victim of a cyber attack that exposed the data of 10 million customers, in the latest spate of hacks on UK companies.

JD Sports explained that the attack involved unauthorised access to a system that contained “the name, billing address, delivery address, phone number, order details and the final four digits of payment cards”. The data related to customers’ orders made between November 2018 and October 2020, with outdoor gear companies Millets and Blacks also impacted. A full review with cyber security and external specialists is underway.

https://www.ft.com/content/afe00f2f-afcd-478f-9e4d-1cf9c943fa79

Threats

Ransomware, Extortion and Destructive Attacks

Phishing & Email Based Attacks

BEC – Business Email Compromise

Other Social Engineering; Smishing, Vishing, etc

2FA/MFA

Malware

Mobile

Botnets

Denial of Service/DoS/DDOS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

Impersonation Attacks

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Cloud/SaaS

Containers

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Malvertising

Training, Education and Awareness

Regulations, Fines and Legislation

Governance, Risk and Compliance

Careers, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Privacy, Surveillance and Mass Monitoring

Artificial Intelligence

Misinformation, Disinformation and Propaganda

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Nation State Actors

Nation State Actors – Russia

Nation State Actors – China

Nation State Actors – North Korea

Nation State Actors – Iran

Nation State Actors – Misc

Vulnerability Management

Vulnerabilities

Tools and Controls

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 19/10/2022 – Support for VMware ESXi 6.5 and 6.7 reaches end-of-life

Black Arrow Cyber Advisory 19/10/2022 – Support for VMware ESXi 6.5 and 6.7 reaches end-of-life

Executive Summary

VMware is a large supplier of virtualisation products which are used to run a variety of different services. On October 15th, VMware ESXi 6.5 and 6.7 reached end-of-life, meaning that VMware will no longer provide security or software updates to those who do not have an extended support contract. The extended support is limited to one annual security patch, which only includes catastrophic/critical security fixes.

What’s the risk to me or my business?

VMware is the biggest player within the hosted virtualisation platform market. It is highly likely that services purchased through third party suppliers, excluding AWS and Azure, will be using VMware under the hood. So far this year VMware products have been targeted by different ransomware groups, with various exploits being made public which affect this software. It is very important that security updates are still being provided for this critical infrastructure to help to mitigate and address these growing threats.

What can I do?

Ensure that if VMware ESXi is being used either internally or externally through a service provider, that the version is one which is currently supported by VMware, which are versions 7 and above. It is important to note that VMware often drops support for older hardware with newer versions of it’s vSphere ESXi software, meaning that an upgrade to supported hardware may also be required.

Further technical information on supported versions of VMware ESXi can be found here: Product Lifecycle Matrix (vmware.com), with details on the extended support package listed here: VMware Extended Support Datasheet

Need help understanding your gaps, or just want some advice? Get in touch with us.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 16 September 2022

Black Arrow Cyber Threat Briefing 16 September 2022

-CFOs’ Overconfidence in Cyber Security Can Cost Millions

-Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries

-Attackers Can Compromise Most Cloud Data in Just 3 Steps

-Cyber Insurance Premiums Soar 80% As Claims Surge

-One In 10 Employees Leaks Sensitive Company Data Every 6 Months

-Business Application Compromise & the Evolving Art of Social Engineering

-SMBs Are Hardest-Hit By Ransomware

-65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges

-Four-Fifths of Firms Hit by Critical Cloud Security Incident

-Homeworkers Putting Home and Business Cyber Safety at Risk

-Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen

-IHG hack: 'Vindictive' couple deleted hotel chain data for fun

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • CFOs’ Overconfidence in Cyber Security Can Cost Millions

Kroll announced its report entitled ‘Cyber Risk and CFOs: Over-Confidence is Costly’ which found chief financial officers (CFOs) to be woefully in the dark regarding cyber security, despite confidence in their company’s ability to respond to an incident.

The report, conducted by StudioID of Industry Dive, exposed three key themes among the 180 senior finance executives surveyed worldwide:

  1. Ignorance is bliss. Eighty-seven percent of CFOs are either very or extremely confident in their organisation’s cyber attack response. This is at odds with the level of visibility CFOs have into cyber risk issues, given only four out of 10 surveyed have regular briefings with their cyber teams.

  2. Wide-ranging damages. 71% of the represented organisations suffered more than $5 million in financial losses stemming from cyber incidents in the previous 18 months, and 61% had suffered at least three significant cyber incidents in that time. Eighty-two percent of the executives in the survey said their companies suffered a loss of 5% or more in their valuations following their largest cyber security incident in the previous 18 months.

  3. Increasing investment in cyber security. Forty-five percent of respondents plan to increase the percentage of their overall IT budget dedicated to information security by at least 10%.

According to Kroll: “We often see that CFOs are not aware enough of the financial risk presented by cyber threats until they face an incident. At that point, it’s clear that they need to be involved not only in the recovery, including permitting access to emergency funds and procuring third-party suppliers, but also in the strategy and investment around cyber both pre- and post-incident.”

“Ultimately, cyber attacks represent a financial risk to the business, and incidents can have a significant impact on value. It is, therefore, critical that this is included in wider business risk considerations. A CFO and CISO should work side-by-side, helping the business navigate the operational and financial risk of cyber.”

https://www.helpnetsecurity.com/2022/09/14/cfos-cybersecurity-confidence/

  • Cyber Security Outflanks Inflation, Talent, Logistics in Business Worries

Nearly six in 10 IT leaders in a new study view cyber security as their top business concern, ranking it higher than inflation, retaining talent and supply chain/logistics management.

Less than half of respondents (43%) believe their critical data and assets are protected from cyber threats despite increased cyber security investments by their organisations, greater board visibility and increased collaboration between the security team and the C-suite, Rackspace said in its new survey of 1,420 IT professionals worldwide.

The multi-cloud technology services specialist said that a “large majority” of the survey respondents report being either unprepared or only “somewhat prepared” to respond to major threats, such as identifying and mitigating threats and areas of concern (62%), recovering from cyber attacks (61%) or preventing lapses and breaches (63%).

Cloud native security is where organisations are most likely to rely on an outside partner, such as a managed security service provider, for expertise.

Here are more of the survey’s findings:

  • The top three cyber security challenges their organisation is facing: migrating and operating apps (45%); shortage of workers with cyber security skills (39%); lack of visibility of vulnerabilities across all infrastructure (38%).

  • 70% of survey respondents report that their cyber security budgets have increased over the past three years.

  • The leading recipients of new investment are cloud native security (59%); data security (50%), consultative security services (44%); and application security (41%).

  • Investments align closely with the areas where organisations perceive their greatest concentration of threats, led by network security (58%), closely followed by web application attacks (53%) and cloud architecture attacks (50%).

  • 70% of respondents said there has been an increase in board visibility for cyber security over the past five years, while 69% cite better collaboration between the security team and members of the C-suite.

  • Only 13% of respondents said there were significant communications gaps between the security team and C-suite, while 69% of IT executives view their counterparts in the C-suite as advocates for their concerns.

The authors stated “We are seeing a major shift in how organisations are allocating resources to address cyber threats, even as budgets increase. The cloud brings with it a new array of security challenges that require new expertise, and often reliance on external partners who can help implement cloud native security tools, automate security, provide cloud native application protection, offer container security solutions and other capabilities”.

https://www.msspalert.com/cybersecurity-research/cybersecurity-outflanks-inflation-talent-logistics-in-business-worries-rackspace-research/

  • Attackers Can Compromise Most Cloud Data in Just 3 Steps

An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.

Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.

According to an Orca Security analysis of data collected from major cloud services, attackers only need on average three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.

While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities.

The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take. Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels.

The report analysed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.

https://www.darkreading.com/cloud/cyberattackers-compromise-most-cloud-data-3-steps

  • Cyber Insurance Premiums Soar 80% As Claims Surge

Cyber insurance premiums have soared in the past year as claims surged in response to a rise in damaging attacks by hackers.

The cost of taking out cyber cover had doubled on average every year for the past three years, said global insurance broker Marsh. Honan Group, another broker, pointed to an 80 per cent rise in premiums in the past 12 months, following a 20 per cent increase in the cost of cover in each of the previous two years.

Brokers are calling cyber “the new D&O”, referring to sharp rises in directors and officers insurance premiums since 2018. Brokers were hopeful premiums would ease, but have warned insurers would continue to demand companies prove they had strong security systems and policies in place before agreeing to sell them insurance.

There’ll be a number of insurance companies that won’t even look at a business that doesn’t have a bunch of security measures in place. They’ll just turn around and say, ‘we’re not going to insure you’. The chief reason for the price rises is the increase in the number and size of claims relating to ransomware, where criminals use malicious software to block access to an organisation’s computer system until a sum of money is paid. In addition, some insurers left the market, while remaining players attempted to recoup the cost of under-priced contracts written in previous years.

The rise in the premiums is mainly due to ransomware and cyber attacks across the board have risen sharply over the past few years.

https://www.afr.com/work-and-careers/management/cyber-insurance-premiums-soar-80pc-as-claims-surge-20220908-p5bglo

  • One In 10 Employees Leaks Sensitive Company Data Every 6 Months

Departing employees are most likely to leak sensitive information to competitors, criminals or the media in exchange for cash.

Insider threats are an ongoing menace that enterprise security teams need to handle. It's a global problem but especially acute in the US, with 47 million Americans quitting their jobs in 2021. The threat of ex-employees taking sensitive information to competitors, selling it to criminals in exchange for cash, and leaking files to media is making data exfiltration a growing concern. 

About 1.4 million people who handle sensitive information in their organisation globally were tracked over the period from January to June 30 this year by cyber security firm Cyberhaven to find out when, how and who is involved in data exfiltration.

On average, 2.5% of employees exfiltrate sensitive information in a month, but over a six-month period, nearly one in 10, or 9.4% of employees, do so, Cyberhaven noted in its report. Data exfiltration incidents occur when data is transferred outside the organisation in unapproved ways.

Among employees that exfiltrated data, the top 1% most prolific “super stealers” were responsible for 7.7% of incidents, and the top 10% were responsible for 34.9% of incidents.

North America accounted for the highest number of incidents at 44%, followed by the Asia Pacific region at 27%. Europe, the Middle East, and Africa accounted for 24% of incidents while 5% of incidents were recorded in South America.

https://www.csoonline.com/article/3673260/one-in-10-employees-leaks-sensitive-company-data-every-6-months-report.html#tk.rss_news

  • Business Application Compromise and the Evolving Art of Social Engineering

Social engineering is hardly a new concept, even in the world of cyber security. Phishing scams alone have been around for nearly 30 years, with attackers consistently finding new ways to entice victims into clicking a link, downloading a file, or providing sensitive information.

Business email compromise (BEC) attacks iterated on this concept by having the attacker gain access to a legitimate email account and impersonate its owner. Attackers reason that victims won't question an email that comes from a trusted source — and all too often, they're right.

But email isn't the only effective means cyber criminals use to engage in social engineering attacks. Modern businesses rely on a range of digital applications, from cloud services and VPNs to communications tools and financial services. What's more, these applications are interconnected, so an attacker who can compromise one can compromise others, too. Organisations can't afford to focus exclusively on phishing and BEC attacks — not when business application compromise (BAC) is on the rise.

https://www.darkreading.com/vulnerabilities-threats/business-application-compromise-the-evolving-art-of-social-engineering

  • SMBs Are Hardest-Hit By Ransomware

Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealing that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid.

During the first half of 2022, the average cost of a claim for a small business owner increased to $139,000, which is 58% higher than levels during the first half of 2021.

“Across industries, we continue to see high-profile attacks targeting organisations with weak or exposed infrastructure — which has become exacerbated by today’s remote working culture and companies’ dependence on third-party vendors,” said Coalition’s Head of Claims.

“Small businesses are especially vulnerable because they often lack resources. For these businesses, avoiding downtime and disruption is essential, and they must understand that Active Insurance is accessible.”

The good news: both Coalition and the broader insurance industry observed a decrease in ransomware attack frequency and the amount of ransom demanded between the second half of 2021 and the first half of 2022. Ransomware demands decreased from $1.37M in H2 2021 to $896,000 in H1 2022.

“Organisations are increasingly aware of the threat ransomware poses. They have started to implement controls such as offline data backups that allow them to refuse to pay the ransom and restore operations through other means,” said Coalition’s Head of Incident Response. “As ransomware is on the decline, attackers are turning to reliable methods. Phishing, for example, has skyrocketed – and only continues to grow.”

https://www.helpnetsecurity.com/2022/09/15/small-businesses-ransomware-targets/

  • 65% Say Legacy Backup Solutions Aren’t Up To Ransomware Challenges

HYCU researchers are reporting 65% of respondents lack full confidence in their legacy backup solutions (HYCU is a multi-cloud backup-as-a-service provider).

According to the report, 65% of surveyed enterprise organisations are increasing spending on detection, prevention and recovery, and respondents are beginning to understand that air-gapped or immutable backups are the only ways to ensure that the backups themselves don’t fall prey to encryption worms when ransomware hits.

Key findings include:

  • 52% of ransomware victims suffered data loss

  • 63% of victims suffered an operational disruption

  • Just 41% air gap their backups

  • Just 47% routinely test their backups

  • Only 35% of respondents believe their current backup and recovery tools are sufficient.

https://informationsecuritybuzz.com/expert-comments/65-say-legacy-backup-solutions-arent-up-to-ransomware-challenges/

  • Four-Fifths of Firms Hit by Critical Cloud Security Incident

Some 80% of organisations suffered a “severe” cloud security incident over the past year, while a quarter worry they’ve suffered a cloud data breach and aren’t aware of it, according to new research from Snyk.

The developer security specialist polled 400 cloud engineering and security practitioners from organisations of various sizes and sectors, to compile its State of Cloud Security Report.

Among the incidents flagged by respondents over the past 12 months were breaches, leaks, intrusions, crypto-mining, compliance violations, failed audits and system downtime in the cloud.

Startups (89%) and public sector organisations (88%) were the most likely to have suffered such an incident over the period.

The bad news is that 58% of respondents predict they will suffer another severe incident in the cloud over the coming year. Over three-quarters (77%) of those questioned cited poor training and collaboration as a major challenge in this regard.

“Many cloud security failures result from a lack of effective cross-team collaboration and team training. When different teams use different tools or policy frameworks, reconciling work across those teams and ensuring consistent enforcement can be challenging,” the report argued.

https://www.infosecurity-magazine.com/news/fourfifths-firms-critical-cloud/

  • Homeworkers Putting Home and Business Cyber Safety at Risk

BlackBerry published a European research report exposing the cyber security risk created by cost-conscious homeworkers who prioritise security behind price, usability and ease of set up in their purchase of domestic smart devices.

32% of European home workers who own a smart device surveyed said security was a top three factor when choosing a smart device, compared to 50% who prioritised price. 28% of businesses aren’t putting adequate security provisions in place to extend cyber protection as far as homes. This heightens the risk of cyber attacks for businesses and their employees, as hybrid and home working become the norm.

The survey of 4,000 home workers in the UK, France, Germany, and the Netherlands revealed that 28% of people say that their employer has not done or communicated anything about protecting their home network or smart devices, or they don’t know if they are protected.

Furthermore, 75% of Europeans say their employers have taken no steps to secure the home internet connection or provide software protection for home devices. This failure to extend network security to home devices increases risk of the vulnerabilities created by hybrid and home working being successfully exploited. These are particularly sobering findings for small and mid-sized businesses who face upwards of eleven cyber attacks per device, per day, according to the research.

Through even the most innocent of devices, bad actors can access home networks with connections to company devices – or company data on consumer devices – and seize the opportunity to steal data and intellectual property worth millions. It’s likely businesses will bear the brunt of cyber attacks caused by unsecured home devices, with knock-on effects to employees themselves.

https://www.helpnetsecurity.com/2022/09/12/homeworkers-smart-devices-security/

  • Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen

Uber suffered a cyber attack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server.

The screenshots shared by the hacker and seen by BleepingComputer show what appears to be full access to many critical Uber IT systems, including the company's security software and Windows domain.

Other systems accessed by the hacker include the company's Amazon Web Services console, VMware vSphere/ESXi virtual machines, and the Google Workspace admin dashboard for managing the Uber email accounts.

The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber's slack indicate that these announcements were first met with memes and jokes as employees had not realised an actual cyber attack was taking place.

Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available. "We are currently responding to a cyber security incident. We are in touch with law enforcement and will post additional updates here as they become available," tweeted the Uber Communications account.

The New York Times, which first reported on the breach, said they spoke to the threat actor, who said they breached Uber after performing a social engineering attack on an employee and stealing their password. The threat actor then gained access to the company's internal systems using the stolen credentials.

https://www.bleepingcomputer.com/news/security/uber-hacked-internal-systems-breached-and-vulnerability-reports-stolen/

  • IHG Hack: 'Vindictive' Couple Deleted Hotel Chain Data for Fun

Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) "for fun".

Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm's databases thanks to an easily found and weak password, Qwerty1234. An expert says the case highlights the vindictive side of criminal hackers.

UK-based IHG operates 6,000 hotels around the world, including the Holiday Inn, Crowne Plaza and Regent brands. On Monday last week, customers reported widespread problems with booking and check-in. For 24 hours IHG responded to complaints on social media by saying that the company was "undergoing system maintenance".

Then on the Tuesday afternoon it told investors that it had been hacked.

https://www.bbc.co.uk/news/technology-62937678

Threats

Ransomware and Extortion

Phishing & Email Based Attacks

Other Social Engineering; Smishing, Vishing, etc

Malware

Mobile

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Cloud/SaaS

Attack Surface Management

Shadow IT

Encryption

API

Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Training, Education and Awareness

Parental Controls and Child Safety

Regulations, Fines and Legislation

Models, Frameworks and Standards

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

Other News

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Antony Cleal Antony Cleal

Black Arrow Cyber Threat Briefing 10 June 2022

Black Arrow Cyber Threat Briefing 10 June 2022

-Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year

-Ransomware Attacks Setting New Records

-Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign

-Paying Ransomware Paints Bigger Bullseye on Target’s Back

-Organisations Fix Only 1 in 10 Vulnerabilities Monthly

-Cyber Attack Surface "Spiralling Out of Control"

-Phishing Hits All-Time High in Q1 2022

-Ransomware's ROI Retreat Will Drive More BEC Attacks

-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

-Why Smishing and Vishing Attempts Surged In 2021?

-Know Your Enemy! Learn How Cyber Crime Adversaries Get In…

-Small Businesses Struggle with an Increase in Cyber Attacks

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • Business Email Compromise (BEC) Attacks Have Risen 53% Year-Over-Year

Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. The report uncovers how the continued increase in remote working has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft.

Language-based attacks have become the new normal for business email compromise (BEC) with 74% of these attacks using language as the main attack vector.

Security teams spend a massive amount of time configuring rules and exceptions in their email security solutions to block impersonation emails – both for executives and other employees. Despite all of that manual work and rule writing, 70% of impersonation emails evaded email security controls.

https://www.helpnetsecurity.com/2022/06/06/language-based-attacks-email-video/

  • Ransomware Attacks Setting New Records

Zscaler released the findings of its annual ThreatLabz Ransomware Report, which revealed an 80 percent increase in ransomware attacks year-over-year.

In 2022, the most prevalent ransomware trends include double-extortion, supply chain attacks, ransomware-as-a-service, ransomware rebranding, and geo-political incited ransomware attacks. The report details which industries are being targeted the most by cyber criminals, explains the damage caused by double-extortion and supply chain attacks, and catalogues the most active ransomware groups operating today.

Modern ransomware attacks require a single successful asset compromise to gain initial entry, move laterally, and breach the entire environment, making legacy VPN and flat networks extremely vulnerable. Attackers are finding success exploiting weaknesses across businesses’ supply chains as well as critical vulnerabilities like Log4Shell, PrintNightmare, and others. And with ransomware-as-a-service available on the darkweb, more and more criminals are turning to ransomware, realising that the odds of receiving a big payday are high.

The tactics and scope of ransomware attacks have been steadily evolving, but the end goal continues to be a disruption of the target organisation and theft of sensitive information for the purposes of ransom. The size of the ransom often depends on the number of systems infected and the value of the data stolen: the higher the stakes, the higher the payment. In 2019, many ransomware groups updated their tactics to include data exfiltration, commonly referred to as a ‘double extortion’ ransomware.

https://www.helpnetsecurity.com/2022/06/07/ransomware-attacks-increase/

  • Hackers Are Now Hiding Inside Networks for Longer. That's Not a Good Sign

Cyber criminals are spending more time inside networks before they're discovered, and that's allowing them to do more damage.

The amount of time cyber criminal intruders are spending inside victims' networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks.

According to analysis by cyber security researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median dwell time that cyber criminals spend inside compromised networks is now 15 days, up from 11 days the previous year.

Dwell time is the amount of time hackers are inside the network before they're discovered or before they leave – and being able to spend an increased amount of time inside a compromised network undetected means they're able to more carefully conduct malicious activity, such as monitoring users, stealing data or laying the foundations for a malware or ransomware attack.

https://www.zdnet.com/article/hackers-are-now-hiding-inside-networks-for-longer-thats-not-a-good-sign/

  • Paying Ransomware Paints Bigger Bullseye on Target’s Back

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge.

New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456 cyber security professionals. According to the gated report (registration required), victims that were successfully extorted were not only targeted a second time, but frequently data encrypted by criminals later became unusable during the decryption process because of corruption issues.

The fact that ransomware gangs strike so quickly a second and third time isn’t surprising, because they will try to profit in any possible way so why not hit the same company, demand a higher ransom, and get paid again?

https://threatpost.com/paying-ransomware-bullseye-back/179915/

  • Organisations Fix Only 1 in 10 Vulnerabilities Monthly

New research from SecurityScorecard features a couple of eye-popping “only” findings: Only 10 percent of vulnerabilities are remediated each month, and only 60 percent of companies have improved their security profile despite a 15-fold increase in the number of cyber incidents in the last three years.

That’s not good. The research, which sought to measure how long it took the 1.6 million organisations assessed to remediate vulnerabilities in the three-year period from 2019 to 2022, also found the following:

·       53% had at least one exposed vulnerability to the internet, while 22% of organisations amassed more than 1,000 vulnerabilities each, confirming more progress is required to protect organisations’ critical assets.

·       The financial sector is among the slowest remediation rates (median to fix 50% = 426 days), while utilities ranked among the fastest (median = 270 days).

·       Despite a 15-fold increase in exploitation activity for vulnerabilities with published exploit code, there was little evidence that organisations in the financial sector fixed exploited flaws faster.

·       The IT sector (62.6%) and public sector (61.6%) had the highest prevalence of open vulnerabilities.

·       The financial sector (48.6%) exhibited the lowest proportion of open vulnerabilities; however, there is less than a 10% difference between this and other sectors in terms of industries with the most open vulnerabilities.

·       It typically takes organisations 12 months to remediate half of the vulnerabilities in their internet-facing infrastructure.

·       When firms have fewer than 10 open vulnerabilities, it can take about a month to close just half of them, but when the list grows into the hundreds, it takes up to a year to reach the halfway point.

https://www.msspalert.com/cybersecurity-research/organizations-fix-only-1-in-10-vulnerabilities-monthly/

  • Cyber Attack Surface "Spiralling Out of Control"

Global organisations are still beset with cyber visibility and control challenges, with two-fifths (43%) admitting their digital attack surface is out of control as a result, according to new Trend Micro research.

The security vendor polled over 6200 IT and business decision-makers to compile its new study, ‘Mapping the digital attack surface: Why global organisations are struggling to manage cyber risk’.

It revealed that nearly three-quarters (73%) are concerned about the increasing size of their attack surface. Over a third (37%) said it is “constantly evolving and messy,” and just half (51%) thought they were able to fully define its extent.

These visibility challenges are greatest in cloud environments, although problems persist across the board. The report highlights complex supply chains, tool bloat and home working-driven shadow IT as additional contributory factors.

On average, respondents estimated having just 62% visibility of their attack surface.

https://www.infosecurity-magazine.com/news/cyberattack-surface-out-of-control/

  • Phishing Hits All-Time High in Q1 2022

The first quarter of 2022 saw phishing attacks hit a record high, topping one million for the first time, according to data from the Anti Phishing Working Group (APWG).

The industry, law enforcement and government coalition’s new Phishing Activity Trends Report also revealed that March was the worst month on record for phishing, with 384,291 attacks detected.

The financial sector was the worst hit, accounting for 24% of all detected attacks, although webmail and SaaS providers were also popular targets.

Attacks spoofing retailers dropped 17% from the previous quarter to 15% following the busy holiday shopping season, while those against social media services rose significantly, from nearly 9% percent of all attacks to 13% over the same period.

https://www.infosecurity-magazine.com/news/phishing-hits-all-time-high-q1/

  • Ransomware's ROI Retreat Will Drive More BEC Attacks

Law enforcement crackdowns, tighter cryptocurrency regulations, and ransomware-as-a-service (RaaS) operator shutdowns are driving down the return on investment for ransomware operations across the globe.

A presentation at the RSA Conference last week laid out analysis of the ransomware threat landscape, predicting that there will be a pivot from ransomware toward renewed interest in basic business email compromise (BEC) attacks in the next 6 to 12 months.

Ransomware attacks grab headlines and have been supercharged by a few prolific RaaS operators, but crackdowns on just one group can make an enormous dent.

Ransomware is a centralised ecosystem with small numbers of operators responsible for the majority of attacks.

The recent disappearance of Pysa, left just two groups, Conti and Lockbit, with more than 50% of the share of the total ransomware attacks in the first half of 2022. BEC groups, on the other hand, are diffuse and scattered, making them much harder to eradicate.

Although they're not as quick to make the headlines, BEC attacks have cost business more than $43 billion since 2016, according to the FBI, and make up $1 out of every $3 lost to cyber attacks, far outpacing ransomware losses.

Ransomware has had a moment over the past couple of years, in part because once threat actors were able to abandon arcane wire transfers to collect ransoms and rely on cryptocurrency, caps on transactions were lifted and it became simple to collect much larger amounts. But new crypto regulations are chilling the ability of these cyber criminals to rely on its infrastructure to do business, adding "friction" to the transactions.

BEC attacks, by comparison, rely on social engineering to corrupt a business's financial supply chain to get employees to willingly part with the cash, making them exponentially harder to track and stop. 

https://www.darkreading.com/threat-intelligence/retreat-of-ransomware-roi-will-drive-bec-attacks-analyst-warns

  • The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For

With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber attacks not only can affect customers’ data, but they can impact service delivery.

Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).

Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.

For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.

https://informationsecuritybuzz.com/articles/the-real-cost-of-cyber-attacks-what-organizations-should-be-prepared-for/

  • Why Smishing and Vishing Attempts Surged In 2021

In The Human Factor Report 2022, security vendor Proofpoint found that SMS phishing (smishing) attacks more than doubled year-on-year in 2021. The report is based on their analysis of over 2.6 billion email messages, 49 billion URLs, 1.9 billion attachments, 28 million cloud accounts and 1.7 billion mobile messages.

The study details the most common attack surfaces and methods including categories of risk, vulnerabilities, attacks, Russian Aligned APT’s, and Privilege as a vector.

Key Findings:

  • Managers and executives make up only 10% of users, but almost 50% of the most severe attack risk

  • Attackers attempt to initiate more than 100,000 telephone-oriented attacks every day.

  • Malicious URLS are 3-4x more common than malicious attachments.

  • Smishing attempts more than doubled in the US over the year, while in the UK over 50% of lures are themed around delivery notification.

  • More than 20 million messages attempted to deliver malware linked to eventual ransomware attack

  • Data loss prevention alerts have stabilised as businesses adopt permanent hybrid work models.

  • 80% of businesses are attacked by a compromised supplier account in any given month.

  • 35% of cloud tenants that received a suspicious login also saw suspicious post-access activity.

https://informationsecuritybuzz.com/expert-comments/why-smishing-and-vishing-attempts-surged-in-2021/

  • Know Your Enemy! Learn How Cyber Crime Adversaries Get In…

Cyber security vendor Sophos dug into the incident reports of 144 real-life cyber attacks investigated by its Rapid Response team during 2021.

What they found might not surprise you, but it’s vital information nevertheless, because it’s what really happened, not merely what might have.

Notably:

  • Unpatched vulnerabilities were the entry point for close to 50% of the attackers.

  • Attackers stuck around for more than a month on average when ransomware wasn’t their primary goal.

  • Attackers were known to have stolen data in about 40% of incidents. (Not all data thefts can be proved, of course, given that there isn’t a gaping hole where your copy of the data used to be, so the true number could be much higher.)

  • RDP was abused to circumnavigate the network by more than 80% of attackers once they’d broken in.

Intriguingly, if perhaps unsurprisingly, the smaller the organisation, the longer the crooks had generally been in the network before anyone noticed and decided it was time to kick them out.

In businesses with 250 staff and below, the crooks stuck around (in the jargon, this is known by the quaintly archaic automotive metaphor of dwell time) for more than seven weeks on average.

This compared with an average dwell time of just under three weeks for organisations with more than 3000 employees.

As you can imagine, however, ransomware criminals typically stayed hidden for much shorter periods (just under two weeks, instead of just over a month), not least because ransomware attacks are inherently self-limiting.

After all, once ransomware crooks have scrambled all your data, they’re out of hiding and straight into their in-your-face blackmail phase.

https://nakedsecurity.sophos.com/2022/06/07/know-your-enemy-learn-how-cybercrime-adversaries-get-in/

  • Small Businesses Struggle with an Increase in Cyber Attacks

Part of the problem: They don’t believe they are targets, so they don’t make security a priority. Cyber attacks are becoming more common for small businesses, and many aren’t prepared to deal with an attack.

As small businesses have accelerated their adoption of new technologies for remote work, communication, production and sales during the pandemic, their expanded computer networks have created new vulnerabilities to phishing and ransomware attacks. But many small businesses still don’t expect to be targeted by hackers, so preparing for a cyber attack is well down their list of priorities.

https://www.wsj.com/articles/small-business-cyberattacks-increase-11654540786

Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

Fraud, Scams & Financial Crime

AML/CFT/Sanctions

Insurance

Dark Web

Software Supply Chain

Denial of Service DoS/DDoS

Cloud/SaaS

Attack Surface Management

Open Source

Privacy

Parental Controls and Child Safety

Law Enforcement Action and Take Downs

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 27 May 2022

Black Arrow Cyber Threat Briefing 27 May 2022

-How Confident Are Companies in Managing Their Current Threat Exposure?

-'There's No Ceiling': Ransomware's Alarming Growth Signals a New Era, Verizon DBIR Finds

-Paying Ransom Doesn’t Guarantee Data Recovery

-Report: Frequency of Cyber Attacks in 2022 Has Increased by Almost 3M

-New Zoom Flaws Could Let Attackers Hack Victims Just by Sending them a Message

-VMware, Airline Targeted as Ransomware Chaos Reigns

-Crypto Hacks Aren't a Niche Concern; They Impact Wider Society

-State of Cyber Security Report 2022 Names Ransomware and Nation-State Attacks as Biggest Threats

-Vishing (Voice Phishing) Cases Reach All Time High

-DeFi (Decentralised Finance) Is Getting Pummelled by Cyber Criminals

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

  • How Confident Are Companies In Managing Their Current Threat Exposure?

Crossword Cybersecurity has released a report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. The paper reveals companies are more concerned and exposed to cyber threats than ever before, with 61 percent describing themselves as at best only “fairly confident” at managing their current cyber security threat exposure, which should raise some eyebrows around the boardroom.

Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 percent of organisations believe their existing cyber strategy will be outdated in two years, and a further 37 percent within three years. Additional investment is needed to address longer term planning, with 44 percent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.

https://www.helpnetsecurity.com/2022/05/26/organizations-cyber-strategy/

  • 'There's No Ceiling': Ransomware's Alarming Growth Signals A New Era, Verizon DBIR Finds

Ransomware has become so efficient, and the underground economy so professional, that traditional monetisation of stolen data may be on its way out.

The past year has seen a staggering acceleration in ransomware incidents, with 25% of all breaches containing a ransomware component.

That's the top-line finding in the 2022 Verizon Data Breach Investigations Report (DBIR), which found that ransomware events in conjunction with breaches ballooned 13% in the past year — last year's report found that just 12% of incidents were ransomware-related. That translates into a rate of increase that's more than the previous five years of growth combined.

The 15th annual DBIR analysed 23,896 security incidents, of which 5,212 were confirmed breaches. About four in five of those were the handiwork of external cyber criminal gangs and threat groups, according to Verizon. And according to Alex Pinto, manager of the Verizon Security Research team, these nefarious types are finding it easier and easier to earn an ill-gotten living with ransomware, making other types of breaches increasingly obsolete.

"Everything in cyber crime has become so commoditised, so much like a business now, and it's just too darn efficient of a methodology for monetising their activity," he tells Dark Reading, noting that with the emergence of ransomware as-a-service (RaaS) and initial-access brokers, it takes very little skill or effort to get into the extortion game.

"Before, you had to get in somehow, look around, and find something worth stealing that would have a reseller on the other end," he explains. "In 2008 when we started the DBIR, it was by and large payment-card data that was stolen. Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money."

https://www.darkreading.com/attacks-breaches/ransomware-alarming-growth-verizon-dbir

  • Paying Ransom Doesn’t Guarantee Data Recovery

A Veeam report has found that 72% of organisations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom.

Additionally, 76% of organisations admitted to paying the ransom. But while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data.

https://www.helpnetsecurity.com/2022/05/24/paying-ransom-recover-data-video/

  • Report: Frequency Of Cyber Attacks in 2022 Has Increased By Almost 3M

Kaspersky has released a new report revealing a growing number of cyber attacks on small businesses in 2022 so far. Researchers compared the period between January and April 2022 to the same period in 2021, finding increases in the numbers of Trojan-PSW detections, internet attacks and attacks on Remote Desktop Protocol.

In 2022, the number of Trojan-PSW (Password Stealing Ware) detections increased globally by almost a quarter compared to the same period in 2021 一 4,003,323 to 3,029,903. Trojan-PSW is a malware that steals passwords, along with other account information, which then allows attackers to gain access to the company network and steal sensitive information.

Internet attacks grew from 32,500,000 globally in the analysed period of 2021 to almost 35,400,000 in 2022. These can include web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet command & control centres and more.

The number of attacks on Remote Desktop Protocol grew in the U.S. (while dropping slightly globally), going from 47.5 million attacks in the first trimester of 2021 to 51 million in the same period of 2022. With the widespread shift toward remote work, many companies have introduced Remote Desktop Protocol (RDP), a technology that enables computers on the same corporate network to be linked together and accessed remotely, even when the employees are at home.

With small business owners typically handling numerous responsibilities at the same time, cyber security is often an afterthought. However, this disregard for IT security is being exploited by cyber criminals. The Kaspersky study sought to assess the threats that pose an increasing danger to entrepreneurs.

https://venturebeat.com/2022/05/20/report-frequency-of-cyberattacks-in-2022-has-increased-by-almost-3m/

  • New Zoom Flaws Could Let Attackers Hack Victims Just By Sending Them A Message

Popular video conferencing service Zoom has resolved as many as four security vulnerabilities, which could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and execute malicious code.

With Zoom's chat functionality built on top of the XMPP standard, successful exploitation of the issues could enable an attacker to force a vulnerable client to masquerade a Zoom user, connect to a malicious server, and even download a rogue update, resulting in arbitrary code execution stemming from a downgrade attack.

https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html

  • VMware, Airline Targeted As Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Ransomware incidents are on the rise and this week proved no exception, with the discovery of a Linux-based ransomware family called Cheerscrypt targeting VMware ESXi servers and an attack on SpiceJet, India’s second largest airline.

Meanwhile, an oddball "GoodWill" variant purports to help the needy.

The Cheerscrypt ransomware variant was uncovered by Trend Micro and relies on the double-extortion scheme to coerce victims to pay the ransom – i.e., stealing data as well and threatening to leak it if victims don’t pay up.

Because of the popularity of ESXi servers for creating and running multiple virtual machines (VMs) in enterprise settings, the Cheerscrypt ransomware could be appealing to malicious actors looking to rapidly distribute ransomware across many devices.

Meanwhile, low-cost carrier SpiceJet faced a ransomware attack this week, causing flight delays of between two and five hours as well as rendering unavailable online booking systems and customer service portals.

While the company’s IT team announced on Twitter that it had successfully prevented the attempted attack before it was able to fully breach all internal systems and take them over, customers and employees are still experiencing the ramifications.

https://www.darkreading.com/attacks-breaches/vmware-airline-targeted-as-ransomware-chaos-reigns

  • Crypto Hacks Aren't A Niche Concern; They Impact Wider Society

Million-dollar crypto heists are becoming more common as the currency starts to go mainstream; prevention and enforcement haven't kept pace.

The attack against the Ronin Network in March was quickly speculated to be one of the largest cryptocurrency hacks of all time. Approximately $540 million was stolen from the cryptocurrency and NFT games company in a combination of USDC and Etherium, with $400 million of the stolen funds owned by customers playing the game Axie Infinity.

This attack was the latest in a string of thefts perpetrated against crypto and should be a jolt to both the digital asset and cyber security communities to bring the security of cryptocurrencies into line.

The current vogue of large-scale crypto heists goes as far back as the 2014 Mt. Gox hack (another cryptocurrency exchange built around a game, Magic: The Gathering), which went into bankruptcy after losing $460 million of assets.

However, the trend has been gathering pace. In the months leading up to the Ronin Network attack, cyber criminals stole nearly $200 million worth of cryptocurrency from the crypto trading platform BitMart, attacked 400 Crypto.com users, and orchestrated NFT-related scams, to name but a few incidents.

There is often an uncomfortable tendency to see these attacks as something that takes place in isolation in a remote part of the Internet when they actually have a huge impact on thousands of people.

https://www.darkreading.com/attacks-breaches/crypto-hacks-aren-t-a-niche-concern-they-impact-wider-society

  • State Of Cyber Security Report 2022 Names Ransomware And Nation-State Attacks As Biggest Threats

Ransomware is the biggest concern for cyber security professionals, according to results of the Infosecurity Group’s 2022 State of Cybersecurity Report, produced by Infosecurity Europe and Infosecurity Magazine.

Cyber Security Professionals' Number One Concern: Ransomware.

This attack vector was voted as the biggest cyber security trend (28%) by the survey respondents (including CISOs, CTOs, CIOs and academics), marking a significant change from the previous report in 2020, where ransomware did not break the top three. This follows surging ransomware incidents in 2021, with ransom demands and payments growing significantly last year. A number of these attacks have also impacted critical industries, for example, taking down the US’ largest fuel pipeline.

The survey respondents also highlighted the evolving tactics and capabilities of ransomware attackers. This includes threat actors becoming more sophisticated as they evolve into loosely coupled service-based operations.

A number of cyber security professionals believe that cyber-criminal groups will become more guarded in their approach due to new initiatives by governments and law enforcement to tackle these activities.

Cyber Security Professionals' Number Two Concern: Nation-State Attacks.

The second biggest concern for survey respondents was geopolitics/nation-state attacks (24%), particularly the shifting hostilities from the Russia-Ukraine conflict into cyberspace. Russia already had a reputation for conducting offensive cyber operations prior to the conflict, and the Ukrainian government and critical services have experienced numerous attacks both before and since the war began.

https://www.infosecurity-magazine.com/news/2022-state-industry-report/

  • Vishing (Voice Phishing) Cases Reach All Time High

Vishing (voice phishing) cases have increased almost 550 percent over the last twelve months (Q1 2021 to Q1 2022), according to the latest Quarterly Threat Trends & Intelligence Report from Agari and PhishLabs.

In Q1 2022, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The report provides an analysis of the latest findings and insights into key trends shaping the threat landscape.

According to the findings, vishing attacks have overtaken business email compromise (BEC) as the second most reported response-based email threat since Q3 2021. By the end of the year, more than one in four of every reported response-based threat was a vishing attack, and this makeup continued through Q1 2022.

https://www.helpnetsecurity.com/2022/05/24/vishing-cases-increased/

  • DeFi (Decentralised Finance) Is Getting Pummelled By Cyber Criminals

Decentralised finance lost $1.8 billion to cyber attacks last year — and 80% of those events were the result of vulnerable code, analysts say.

Decentralised finance (DeFi) platforms — which connect various cryptocurrency blockchains to create a decentralised infrastructure for borrowing, trading, and other transactions — promise to replace banks as a secure and convenient way to invest in and spend cryptocurrency. But in addition to attracting hordes of new users with dreams of digital fortune, cyber criminals have discovered them to be an easy target, wiping out wallets to zero balances in a moment, tanking whole markets while profiting, and more, according to a new report.

Analysts with Bishop Fox found that DeFi platforms lost $1.8 billion to cyber attacks in 2021 alone. With a total of 65 events observed, 90% of the losses came from unsophisticated attacks, according to the report, which points to the lax cyber security practices of the sector.

DeFi averaged five attacks per week last year, with most of them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain.

Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code, according to the report.

https://www.darkreading.com/attacks-breaches/defi-pummeled-by-cybercriminals

Threats

Ransomware

BEC – Business Email Compromise

Phishing & Email Based Attacks

Other Social Engineering

Malware

Mobile

BYOD

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs

Insider Risk and Insider Threats

Dark Web

Supply Chain and Third Parties

Denial of Service DoS/DDoS

Cloud/SaaS

Attack Surface Management

Open Source

Privacy

Passwords & Credential Stuffing

Regulations, Fines and Legislation

Spyware, Espionage & Cyber Warfare, including Russian Invasion of Ukraine

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory 27/05/2022 – Trend Micro identified a new Ransomware strain specifically targeting VMware servers

Black Arrow Cyber Advisory 27/05/2022 – Trend Micro identified a new Ransomware strain specifically targeting VMware servers

Executive Summary

Ransomware specifically designed to target VMware systems has been found to be in use by malicious attackers. VMware systems have been a prime target for attackers, as many different services which organisations rely on run on these systems. By compromising these systems, all of the hosted services can also be impacted.

Executive Summary

Ransomware specifically designed to target VMware systems has been found to be in use by malicious attackers. VMware systems have been a prime target for attackers, as many different services which organisations rely on run on these systems. By compromising these systems, all of the hosted services can also be impacted.

What’s the risk to me or my business?

This attack works by shutting down virtual machines running on a VMware system, and encrypting them before demanding a ransom. If the ransom is not paid within three days, then there is a further threat to release the data which the attacker has exfiltrated. This requires an attacker to be able to gain prior access to the system, and to enable ‘Shell’ access to run the malicious script.

What can I do?

Ensure that appropriate security measures are applied to these critical systems, to prevent an attacker from being able to access them. This includes up to date patching of the systems, and appropriate network segregation to prevent end user devices from being able to access the systems. Ensure that Shell access to the server is not left enabled.

The adoption of a security framework such as NIST CSF would greatly assist with applying appropriate controls to prevent this type of attack.

Technical Summary

Trend Micro has conducted the research into this specific strain of ransomware. This strain works by accessing VMware Servers using Secure Shell (SSH), and running a script which shuts down all active virtual machines in order to encrypt them, with the file extension ‘.cheers’. It is worth noting that the renaming of the files happens before the encryption starts, so it is possible that a file is renamed but is in fact not encrypted due to a permissions issue on the account logged in via SSH.

A full break down of the attack can be read here: New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices (trendmicro.com)

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Advisory – LockBit Ransomware Now Actively Targeting VMware ESXi Hosts

Black Arrow Cyber Advisory – LockBit Ransomware Now Actively Targeting VMware ESXi Hosts

Executive Summary

LockBit, a ransomware gang that first came to prominence in 2021, has made improvements to its Ransomware-as-a-Service (RaaS), advertising that it will now actively target VMware ESXi virtual machines. VMware ESXi is a highly popular virtualisation platform and is found in most business environments globally and allows for the consolidation of software servers and services onto a single physical machine, saving both space and costs. The new LockBit features include the ability to find all running Virtual Machines (VMs) and manipulate their power states to ensure they are encrypted successfully.

What’s the risk to me or my business?

Due to the popularity of ESXi, there is an increased risk to those running the platform. The changes demonstrate that RaaS operators are keenly aware that businesses present lucrative targets, actively implementing features that have the greatest potential for harm in an enterprise environment.

What can I do?

Ensure that your systems and services across your network remain up-to-date and current. Attackers will often use a combination of bugs, vulnerabilities and misconfigurations to breach an environment before going on to exploit other devices. For ESXi specifically, consider disabling Secure Shell (SSH) if enabled, and ensure the use of TLS (HTTPS) on any exposed web interfaces.

Need help understanding your gaps, or just want some advice? Get in touch with us.

Black Arrow Cyber Advisory – LockBit Ransomware Now Actively Targeting VMware ESXi Hosts

Executive Summary

LockBit, a ransomware gang that first came to prominence in 2021, has made improvements to its Ransomware-as-a-Service (RaaS), advertising that it will now actively target VMware ESXi virtual machines. VMware ESXi is a highly popular virtualisation platform and is found in most business environments globally and allows for the consolidation of software servers and services onto a single physical machine, saving both space and costs. The new LockBit features include the ability to find all running Virtual Machines (VMs) and manipulate their power states to ensure they are encrypted successfully.

What’s the risk to me or my business?

Due to the popularity of ESXi, there is an increased risk to those running the platform. The changes demonstrate that RaaS operators are keenly aware that businesses present lucrative targets, actively implementing features that have the greatest potential for harm in an enterprise environment.

What can I do?

Ensure that your systems and services across your network remain up-to-date and current. Attackers will often use a combination of bugs, vulnerabilities and misconfigurations to breach an environment before going on to exploit other devices. For ESXi specifically, consider disabling Secure Shell (SSH) if enabled, and ensure the use of TLS (HTTPS) on any exposed web interfaces.

Need help understanding your gaps, or just want some advice? Get in touch with us.

 

Read More
Black Arrow Admin Black Arrow Admin

Black Arrow Cyber Threat Briefing 07 January 2022

Black Arrow Cyber Threat Briefing 07 January 2022:

-Microsoft Sees Rampant Log4j Exploit Attempts, Testing

-Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It

-Hackers Sending Malware-Filled USB Sticks to Companies Disguised as Presents

-Patch Systems Vulnerable To Critical Log4j Flaws, UK And US Officials Warn

-‘Elephant Beetle’ Lurks For Months In Networks

-Sonicwall: Y2k22 Bug Hits Email Security, Firewall Products

-Hackers Use Video Player To Steal Credit Cards From Over 100 Sites

-Cyber World Is Starting 2022 In Crisis Mode With The Log4j Bug

-Everything You Need To Know About Ransomware Attacks and Gangs In 2022

-Why the Log4j Vulnerability Makes Endpoint Visibility and Zero Trust Security More Important Than Ever

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft says it’s only going to get worse: It’s seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.

No surprise here: The holidays bought no Log4Shell relief.

Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library.

“We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks,” according to Microsoft.

https://threatpost.com/microsoft-rampant-log4j-exploits-testing/177358/

Warning: Log4j Still Lurks Where Dependency Analysis Can’t Find It

The best programming practice to include a third-party library in source code is to use the import command. It is the easiest way to do it, and it is also the way that most dependency analysis programs work to determine if a vulnerable library is in play. But any time code is included without calling it as an external package, traditional dependency analysis might not be enough to find it — including when Java coders use a common trick to resolve conflicting dependencies during the design process.

A new study by jFrog found that 400 packages on repository Maven Central used Log4j code without calling it as an external package. Around a third of that came from fat jars — jar files that include all external dependencies to make a more efficient product. The remainder came from directly inserting Log4j code into the source code, including shading, a work-around used when two or more dependencies call different versions of the same library in a way that might conflict.

While 400 may not seem like a lot for Maven Central, where Google found 17,000 packages implementing the vulnerable Log4j library, some of the 400 packages unearthed by JFrog are widely used.

https://www.scmagazine.com/analysis/devops/warning-log4j-still-lurks-where-dependency-analysis-cant-find-it

Hackers Sending Malware-Filled USB Sticks to Companies Disguised as Presents

The "malicious USB stick" trick is old but apparently it's still wildly popular with the crooks.

Word to the wise: If a stranger ever offers you a random USB stick as a gift, best not to take it.

On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defence, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports.

The hacker group behind this bad behaviour—a group called FIN7—has gone to great lengths to make their parcels appear innocuous. In some cases, packages were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. In other cases, they were delivered as if they had been sent via Amazon, along with a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB,” according to the FBI warning.

https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578

Patch Systems Vulnerable To Critical Log4j Flaws, UK And US Officials Warn

One of the highest-severity vulnerabilities in years, Log4Shell remains under attack.

Criminals are actively exploiting the high-severity Log4Shell vulnerability on servers running VMware Horizon in an attempt to install malware that allows them to gain full control of affected systems, the UK’s publicly funded healthcare system is warning.

CVE-2021-44228 is one of the most severe vulnerabilities to come to light in the past few years. It resides in Log4J, a system-logging code library used in thousands if not millions of third-party applications and websites. That means there is a huge base of vulnerable systems. Additionally, the vulnerability is extremely easy to exploit and allows attackers to install Web shells, which provide a command window for executing highly privileged commands on hacked servers.

The remote-code execution flaw in Log4J came to light in December after exploit code was released before a patch was available. Malicious hackers quickly began actively exploiting CVE-2021-44228 to compromise sensitive systems.

https://arstechnica.com/information-technology/2022/01/patch-systems-vulnerable-to-critical-log4j-flaws-uk-and-us-officials-warn/

‘Elephant Beetle’ Lurks For Months In Networks

The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.

Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity.

The Sygnia Incident Response team has been tracking the group, which it named Elephant Beetle, aka TG2003, for two years.

In a Wednesday report, the researchers called Elephant Beetle’s attack relentless, as the group has hidden “in plain sight” without the need to develop exploits.

https://threatpost.com/elephant-beetle-months-networks-financial/177393/

Sonicwall: Y2k22 Bug Hits Email Security, Firewall Products

SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022.

The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.

They will also no longer be able to trace incoming/outgoing emails using the message logs because they're no longer updated.

On January 2nd, SonicWall deployed updates to North American and European instances of Hosted Email Security, the company's cloud email security service.

It also released fixes for its on-premises Email Security Appliance (ES 10.0.15) and customers using firewalls with the Anti-Spam Junk Store functionality toggled on (Junk Store 7.6.9).

https://www.bleepingcomputer.com/news/security/sonicwall-y2k22-bug-hits-email-security-firewall-products/

Hackers Use Video Player To Steal Credit Cards From Over 100 Sites

Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms.

These scripts are known as skimmers or formjackers and are commonly injected into hacked websites to steal sensitive information entered into forms. Skimmers are commonly used on checkout pages for online stores to steal payment information.

In a new supply chain attack discovered by Palo Alto Networks Unit42, threat actors abused a cloud video hosting feature to inject skimmer code into a video player. When a website embeds that player, it embeds the malicious script, causing the site to become infected.

https://www.bleepingcomputer.com/news/security/hackers-use-video-player-to-steal-credit-cards-from-over-100-sites/

Cyber World Is Starting 2022 In Crisis Mode With The Log4j Bug

The cyber security world is starting off 2022 in crisis mode.

The newest culprit is the log4j software bug, which cyber security and Infrastructure Security Agency (CISA) Director Jen Easterly called “the most serious vulnerability I have seen in my decades-long career.” It forced many cyber security pros to work through the holidays to protect computer systems at Big Tech firms, large and small companies and government agencies.

But crises like log4j have become the norm rather than the exception during the past few years.

Last year kicked off with the SolarWinds hack — a Russian government operation that compromised reams of sensitive information from U.S. government agencies and corporations.

Digital threats of all sorts are growing far faster than the capability to defend against them. If past is prologue, 2022 is likely to be a year of big hacks, big threats and plenty more crises.

“We’re always in crisis is the long and short of it,” Jake Williams, a former National Security Agency (NSA) cyber operator and founder of the firm Rendition Infosec, told me. “Anyone looking for calm rather than the storm in cyber is in the wrong field.”

https://www.washingtonpost.com/politics/2022/01/03/cyber-world-is-starting-2022-crisis-mode-with-log4j-bug/

Everything You Need To Know About Ransomware Attacks and Gangs In 2022

Ransomware is a lucrative business for criminals. It is paying off, and it is working.

According to a recent Trend Micro report, a staggering 84% of US organisations experienced either a phishing or ransomware attack in the last year. The average ransomware payment was over $500,000.

Bad actors want to keep cashing in. So they’re going as far as creating ransomware kits as a service (Ransomware as a Service) to be sold on the dark web and even setting up fake companies to recruit potential employees.

Many ransomware gangs function like real companies — with marketing teams, websites, software development, user documentation, support forums and media relations.

If the “companies” run by ransomware gangs can operate with minimal expenses and mind-blowing revenues, what’s stopping them from growing in number and size?

https://securityintelligence.com/articles/ransomware-attacks-gangs-2022/

Why the Log4j Vulnerability Makes Endpoint Visibility and Zero Trust Security More Important Than Ever

The Apache Log4j vulnerability is one of the most serious vulnerabilities in recent years—putting millions of devices at risk.

IT organisations worldwide are still reeling from the discovery of a major security vulnerability in Apache Log4j, an open-source logging utility embedded in countless internal and commercial applications.

By submitting a carefully constructed variable string to log4j, attackers can take control of any application that includes log4j. Suddenly, cyber criminals around the world have a blueprint for launching attacks on everything from retail store kiosks to mission-critical applications in hospitals.

If security teams overlook even one instance of log4j in their software, they give attackers an opportunity to issue system commands at will. Attackers can use those commands to install ransomware, exfiltrate data, shut down operations — the list goes on.

How should enterprises respond to this pervasive threat?

https://www.cio.com/article/302868/why-the-log4j-vulnerability-makes-endpoint-visibility-and-zero-trust-security-more-important-than-ever.html

Threats

Ransomware

Phishing

Malware

Mobile

IoT

Data Breaches/Leaks

Cryptocurrency/Cryptomining/Cryptojacking

Fraud, Scams & Financial Crime

DoS/DDoS

OT, ICS, IIoT and SCADA

Nation State Actors

Privacy

Passwords & Credential Stuffing

Spyware and Espionage

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Read More