Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Cyber Resilience Requires Maturity, Persistence & Board Engagement

Cyber resilience is more important than ever, particularly with the added dimensions of deepening geopolitical threats and risks coming from new technology like AI. In cyber security, it is commonly accepted that it is a matter of when, not if, an organisation will experience an attack. It is imperative to ensure there is an ability across the organisation to bounce back.

Source: [Dark Reading]

Security is a Process, not a Tool

The cyber security industry is constantly seeing tools that claim to make organisations 100% secure, despite this never being achievable. A recent report found 55% of all security tools are not put into operation or are not actively managed. Additionally, the report found that 33% of all security incidents are identifiably traced to process errors. The findings are further evidence that cyber security is more than just technology tools: it requires a mindset that aligns controls across people, operations and technology.

Source: [Dark Reading]

46% of SMBs and Enterprises Have Experienced a Ransomware Attack

A recent report found that 46% of small and medium businesses (SMBs) and enterprises have experienced ransomware attacks. In addition, 90% of SMBs and 87% of enterprises are extremely or somewhat concerned about ransomware attacks, and 64% of SMBs and 70% of enterprises don’t believe in paying a ransom.

Despite the fact that nearly 50% of the firms have suffered ransomware, too many businesses still seem to think this is something that will not happen to them and is something only other businesses need to worry about.

Source: [Security Magazine] [IT Business]

Cyber Threat Intelligence: Getting on the Front Foot Against Adversaries

In the realm of cyber security, threat intelligence (TI) is a crucial yet often underused asset for countering sophisticated cyber attacks. TI involves gathering, analysing, and contextualising information about potential cyber threats, including advanced ones, thus enabling organisations to identify, assess, and mitigate cyber risks effectively. The TI market, expected to exceed $44 billion by 2033, offers four main types: Strategic, Tactical, Technical, and Operational.

Each type serves different organisational needs, from informing senior leadership to aiding security operations teams. When thinking about TI, organisations should focus on completeness, accuracy, relevance, timeliness, scalability, vendor reputation, and integration capabilities. The rapidly evolving nature of TI demands a careful, long-term approach to choosing the right services, considering an organisation's maturity and specific needs. Effective TI not only aids in countering immediate threats but also builds long-term resilience. With 80% of the top 2000 global companies projected to increase their TI investment in 2024, it's crucial for organisations to find a trusted vendor to ensure their cyber security success.

Black Arrow conducts daily threat intelligence analyses from trusted specialist sources, and interprets the TI in the context of our client organisations to support them in proactively addressing risks. In addition to our weekly Threat Briefing and subscription email, we offer tailored briefings for organisations in various sectors and geographies.  

Source: [welivesecurity]

67% of Workers Put Businesses at Risk by Downloading Applications and Software Without Permission

New research has found that 67% of UK employees are endangering their business by downloading applications and software without the knowledge of IT or security teams.

Other key findings included 39% of respondent organisations lacked total visibility of applications and software on company owned assets, and 77% lacked visibility over employee owned assets connected to the corporate environment. Of total respondents, 69% acknowledged their organisations required better policies and procedures in order to deal with security vulnerabilities, with 39% of total respondents feeling challenged by UK and other jurisdictions’ increasingly complicated regulations and governance requirements.

Black Arrow help organisations of all sizes to design and deliver comprehensive asset visibility programmes that lay the foundation for proportionate and credible cyber security controls to protect the organisation. We enable organisations to adhere to regulatory and governance requirements, by providing expert cyber security resources on a flexible basis for technical, governance and transformational positions.

Sources: [Tech Radar] [the HR Director]

The Persistent Menace: Understanding and Combating Ransomware, as New Ransomware Groups Account for Quarter of All Leaks in 2023

In 2023, the landscape of cyber threats, particularly ransomware, has significantly evolved, remaining a primary concern for businesses.  

This change has been further facilitated by the emergence of Ransomware as a Service (RaaS) and the increased sophistication of phishing attacks, supported by advancements in AI. This has led at least in part to almost half (29) of the ransomware groups tracked by WithSecure in 2023 having begun operations this year. These groups accounted for 25% of data leaks in this period, helping to drive a 50% year-on-year increase in data leaks.

Businesses face not only the immediate costs of ransom demands but also indirect impacts such as operational downtime and damage to reputation. Key trends include the exploitation of basic security vulnerabilities, the role of access brokers in facilitating attacks, and innovative evasion techniques used by ransomware groups.  Ransomware is not going away, and organisations need to ensure they are prepared given the realistic probability of an attack.

Black Arrow works with organisations of all sizes and sectors to design and prepare for managing a cyber security incident such as ransomware; this can include an Incident Response Plan and an educational tabletop exercise for the leadership team that highlights the proportionate controls to help the organisation prevent and mitigate an incident.

Sources: [Forbes] [Infosecurity Magazine] [ITPro]

Financial Services Still Stubbornly Vulnerable to Cyber Disruption

A recent report found the UK financial system remains stubbornly vulnerable to disruption caused by cyber and IT-related incidents, and that regulated firms are not acting quickly enough to affect required changes designed to ensure firms’ systems are resilient against significant operational shocks.

According to the UK FCA’s records, the total number of cyber incidents reported between January 2018 to May 2023 was 4,192. In general terms, incidents are reportable where they are of a certain level of materiality; for instance, where there has been a “significant failure in the firm's systems or controls.

Source: [FTAdviser]

World’s Biggest Bank Hit by Ransomware; Workers Forced to Trade with USB Sticks

The US subsidiary of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack earlier this month, which reportedly forced the bank (ICBC Financial Services) to handle trades through messengers carrying USB thumb drives. This attack has sent shockwaves through financial services and banking and has prompted an increase in vigilance within the financial sector. The US Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged financial services organisations to ensure their systems are protected and vulnerabilities are immediately resolved.

Sources: [SC Media] [Bit Defender]

NCSC Warns UK Over Significant Threat to Critical Infrastructure

The UK's National Cyber Security Centre (NCSC) has once again sounded its concern over the rising threat level to the nation's critical national infrastructure (CNI), with its annual review admitting the level of cyber security resilience in the UK’s most critical areas is not in a satisfactory place.

The NCSC stated that CNI in the UK faces an “enduring and significant” threat from state-aligned threat actors aggressively ramping up activity, and the UK must therefore work more closely with allies and industry in countering “epoch-defining” cyber challenges.

They noted a 64% increase on last year’s voluntary report figures; to note, this refers to organisations voluntarily self-reporting suffering a cyber incident.

For wider context, the Russian cyber attacks on Ukraine began a month and a half before the invasion. In 2022 Ukraine’s national incident response team dealt with 2,194 cyber incidents, followed by another 2,054 attacks in the first 10 months of this year and Ukraine’s defence chief warns that Russia will soon attack companies that provide services to Ukraine as part of their larger cyber efforts.

This comes as Russian hackers were linked to what is being described as the largest ever cyber attack on Danish critical infrastructure. The attack involved 22 companies associated with the operation of Denmark’s energy sector.

Sources: [Computer Weekly] [The Register] [The Record Media] [The Irish Times] [The Hacker News]

Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach

The ALPHV ransomware group, also known as BlackCat, has taken extortion to a new level by filing a US Securities and Exchange Commission (SEC) complaint against one of their alleged victims, MeridianLink, for not complying with the four-day rule to disclose a cyber attack. The ransomware group said it compromised the digital lending solutions provider on November 7 and told the SEC the victim suffered a “significant breach and did not disclose it as required in Form 8-k”. While many ransomware and extortion gangs have threatened to report breaches and data theft to the SEC, this may be the first public confirmation that they have done so. Previously, ransomware actors exerted pressure on victims by contacting customers to let them know of the intrusion. Sometimes, they would also try to intimidate the victim by contacting them directly over the phone.

Sources: [Infosecurity Magazine] [Bleeping Computer]

Businesses are Losing Huge Chunks of Their Revenue to Cyber Attacks

A new report has found that businesses are paying a huge price for not properly securing their digital assets. The report found that businesses on average suffered 46 attacks (successful and unsuccessful) over the last year, resulting in the loss of 9% of their annual income. Cyber attacks are hurting their businesses in other ways such as network outages (34%), data loss (29%), web apps going offline (24%) and customer account compromises (22%).

Firms are reevaluating their cyber security approaches, with 76% planning increased spending despite concerns about current investment efficiency, as 35% feel they've overspent and only 55% of tools are fully utilised. A significant talent gap is also a challenge, with 30% attributing recent issues to a shortage of skilled personnel, and 33% expecting this trend to continue. Nearly half are seeking to address this by boosting recruitment budgets. Additionally, 51% of respondents are focusing on investing in Generative AI tools for cyber security in the next two years.

Source: [TechRadar]

Phishing Emails Are More Believable Than Ever. Here's What to Do About It.

Phishing is not new. This social engineering tactic has existed in the attack toolbox for decades, with threat actors posing as trusted contacts and then targeting unsuspecting victims through email or text messages to steal sensitive data. According to a recent report by Fortinet, phishing is the top tactic (56%) malicious actors use to infiltrate a network and launch ransomware successfully. With the turn of AI-driven content tools, cyber criminals are using them to make their phishing emails and texts appear more realistic than ever before.

It is crucial to focus on employee education to protect organisations. Customised training programs are essential. Security awareness training is fundamental in creating a cyber-aware culture, keeping employees informed about current security threats and meeting compliance requirements.

Black Arrow supports organisations of all sizes in designing and delivering proportionate user education and awareness programmes, including in-person and online training as well as simulated phishing campaigns. Our programmes help secure employee engagement and build a cyber security culture to protect the organisation. 

Source: [CSO Online]

Top Cyber Stories of the Last Week

Governance, Risk and Compliance

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• 29% of organisations cite data loss as top security breach result | Security Magazine

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Cyber Resilience Requires Maturity, Persistence & Board Engagement (darkreading.com)

• Businesses are losing huge chunks of their revenue to cyber attacks | TechRadar

• Security Is a Process, Not a Tool (darkreading.com)

• 6% of companies have not had a digital risk cyber attack since 2020 | Security Magazine

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• Should cyber security overconfidence be on your threat radar? | TechRadar

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Every Business Owner Should Be Thinking About Improving Online Security | Inc.com

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• Business urged to increase cyber resilience as 2024 set to deliver new threats (emergingrisks.co.uk)

• How to withstand the onslaught of cyber security threats - Help Net Security

• 8 ways to cope with cyber security budget cuts | TechTarget

Threats

Ransomware, Extortion and Destructive Attacks

• Financial sector on edge after LockBit attack on major Chinese bank's US unit | SC Media (scmagazine.com)

• Financial services still 'stubbornly vulnerable' to cyber disruption - FTAdviser

• Law practices and government agencies experience the largest ransomware spikes - Digital Journal

• Orgs still losing logs, powerless to speedy ransomware • The Register

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• 29 new ransomware groups have emerged in 2023 | ITPro

• 46% of SMBs and enterprises have experienced a ransomware attack | Security Magazine

• Many organisations don’t believe they are targets of ransomware gangs: OpenText | IT Business

• Half of Ransomware Groups Operating in 2023 Are New - Infosecurity Magazine (infosecurity-magazine.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• The Persistent Menace: Understanding And Combating Ransomware (forbes.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Ransomware tracker: The latest figures [November 2023] (therecord.media)

• Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024 (securityaffairs.com)

• LockBit ransomware group assemble strike team to breach banks, law firms and governments. | by Kevin Beaumont | Nov, 2023 | DoublePulsar

• Ransomware Gang LockBit Revises Its Tactics as Payouts Slip (bloomberglaw.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Uncovering the ransomware threat from global supply chains | ITPro

• Business leaders need help in getting off the ransomware merry-go-round (thetimes.co.uk)

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• The Rise of Ransomware in Healthcare: What IT Leaders Need to Know (bleepingcomputer.com)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Success eludes the International Counter Ransomware Initiative - Help Net Security

• New Ransomware Group Emerges with Hive's Source Code and Infrastructure (thehackernews.com)

• How to combat ransomware in the face of tight security staffing | SC Media (scmagazine.com)

• Ransomware attacks: Cyber criminals tout their ‘honesty’ in negotiating ransoms (afr.com)

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• FBI 'Knows Identities' Of MGM, Caesars Hacking Gang | Silicon UK

• FBI and CISA warn of opportunistic Rhysida ransomware attacks (bleepingcomputer.com)

• ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - Infosecurity Magazine (infosecurity-magazine.com)

• FBI pumping 'significant' resources into Scattered Spider • The Register

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

• It ain’t what you store, it’s the way you restore it. • The Register

Ransomware Victims

• Ransomware gang files SEC complaint over victim’s undisclosed breach (bleepingcomputer.com)

• How a cyber attack crippled the world's largest bank for hours | Euronews

• ICBC -- China's biggest bank -- paid ransom: Lockbit hackers (nypost.com)

• FBI: Royal ransomware asked 350 victims to pay $275 million (bleepingcomputer.com)

• Rackspace Ransomware Costs Soar to Nearly $12M (darkreading.com)

• Major cyber attack on Australian ports suggests sabotage by a 'foreign state actor' (theconversation.com)

• Tri-City Medical Center cyber attack impacting patient care (10news.com)

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• LockBit leaks Boeing files after failed ransom negotiations • The Register

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• World's biggest bank hit by ransomware, forced to trade via USB stick (bitdefender.com)

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• British Library’s Halloween cyber scare was ransomware | Computer Weekly

• Royal Mail ransomware recovery to cost at least $12 million • The Register

• 9 million patients had data stolen after US medical transcription firm hacked | TechCrunch

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Toyota confirms breach after Medusa ransomware threatens to leak data (bleepingcomputer.com)

• Government doesn't know details behind cyber hack that shut down port operator DP World - ABC News

• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital (securityaffairs.com)

• Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party - Security Week

• Long Beach, California turns off IT systems after cyber attack (bleepingcomputer.com)

• Stellantis production affected by cyber attack at auto supplier - The Columbian

Phishing & Email Based Attacks

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• From Scanning to Scamming: The Rise of QR Codes in Phishing - VMRay

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Police takes down BulletProftLink large-scale phishing provider (bleepingcomputer.com)

Artificial Intelligence

• UK told of significant threat as state actors seek to use AI attack systems (emergingrisks.co.uk)

• UK NCSC Warns Of Threat To Critical Infrastructure | Silicon UK

• AI disinformation campaigns pose major threat to 2024 elections - Help Net Security

• AI poses growing threat to next general election, warns UK cyber security agency | UK News | Sky News

• Microsoft blocks internal access to ChatGPT over security • The Register

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• The US and 30 Other Nations Agree to Set Guardrails for Military AI | WIRED

• CISA Has a New Road Map for Handling Weaponized AI | WIRED

• Mitigating Deepfake Threats in the Corporate World | MSSP Alert

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Organisations Rush to Use Generative AI Tools Despite Risks (globenewswire.com)

• How scammers' use of AI is affecting fintech investment | PaymentsSource | American Banker

• Top 5 Risks of Artificial Intelligence - IT Security Guru

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Malware

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Infostealers and the high value of stolen data - Help Net Security

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• A Closer Look at ChatGPT's Role in Automated Malware Creation (trendmicro.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• Ducktail Malware Targets the Fashion Industry (darkreading.com)

Mobile

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Malware was downloaded over 600 million times in 2023 from the Google Play Store - PhoneArena

• Temu Sued in Class Action for Risking User Data to Chinese Government Control | Law.com

• Apple and Google have made phones the key to your digital life. Here’s what to do if you lose it. - Vox

• Google Play Store is making a big upgrade to fight malware — what you need to know | Tom's Guide (tomsguide.com)

• Children’s tablet has malware and exposes kids’ data, researcher finds | TechCrunch

• How to spot a fake data blocker that could hack your computer in seconds | ZDNET

• Balancing Innovation and Security: Exploring the AI Pin's Potential Risks and Safeguards | HackerNoon

Denial of Service/DoS/DDOS

• Misconfigured Docker API endpoints allow attackers to deliver DDoS botnet agent | CSO Online

• How DDoS attacks are taking down even the largest tech companies (bleepingcomputer.com)

Internet of Things – IoT

• UK Privacy Regulator Issues Black Friday Smart Device Warning - Infosecurity Magazine (infosecurity-magazine.com)

• How to protect your organisation from IoT malware | TechTarget

• Defending Against Attacks on Vulnerable IoT Devices (darkreading.com)

Data Breaches/Leaks

• Infostealers and the high value of stolen data - Help Net Security

• 29% of organisations cite data loss as top security breach result | Security Magazine

• McLaren Health Care revealed that a data breach impacted 2.2 million people (securityaffairs.com)

• Hacker Leaks 800,000 Scraped Chess.com User Records (hackread.com)

• Hacker Leaks 35 Million Scraped LinkedIn User Records (hackread.com)

• Fourth time unlucky: Okta hit by new cyber attack - Digital Journal

• Maine govt notifies 1.3 million people of MOVEit data breach (bleepingcomputer.com)

• The real cost of healthcare cyber security breaches - Help Net Security

• Mortgage giant Mr. Cooper says customer data exposed in breach (bleepingcomputer.com)

• Pharmacy provider Truepill data breach hits 2.3 million customers (bleepingcomputer.com)

• Samsung warns some customers their data may have been stolen by hackers | TechRadar

• Hackers Claim Major Data Breach at Smart WiFi Provider Plume (hackread.com)

• Vietnam Post exposes 1.2TB of data, including email addresses (securityaffairs.com)

• Morgan Stanley fined over computers with personal data (cnbc.com)

• Samsung says hackers accessed customer data during year-long breach | TechCrunch

• A Spy Agency Leaked People's Data Online—Then the Data Was Stolen | WIRED

• Electric Ireland Confirms Compromise of 8,000 Customers’ Personal and Financial Data - IT Security Guru

Organised Crime & Criminal Actors

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• 'AlphaLock' Hackers Launch 'Pen-Testing Training' Group (darkreading.com)

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know | Tripwire

• Ethereum hacked to steal millions from users across the world | TechRadar

• Fraudsters make $50,000 a day by spoofing crypto researchers (bleepingcomputer.com)

Insider Risk and Insider Threats

• Employees putting businesses at risk downloading apps and software without consent | theHRD (thehrdirector.com)

• Insiders and outsiders: Why cyber security strategies need to look all ways - Digital Journal

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Insurance

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Bridging the Gap: The Vital Role of Skilled Brokers in Cyber Insurance

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• Cyber insurance predictions for 2024 - Help Net Security

• Cyber ‘Catastrophe Bonds’ Move Step Closer to Hitting Public Debt Markets | Tech News (hindustantimes.com)

• Cyber insurance market attractive despite ransomware uptick: JP Morgan - Reinsurance News

Supply Chain and Third Parties

• Uncovering the ransomware threat from global supply chains | ITPro

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• How top CISOs are transforming third-party risk management | SC Media (scmagazine.com)

Cloud/SaaS

• This new ChatGPT-powered infostealer is targeting cloud platforms | TechRadar

• Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks (thehackernews.com)

• SaaS Vendor Risk Assessment in 3 Steps (darkreading.com)

• Traditional cloud security isn't up to the task - Help Net Security

• Transforming cyber security from reactive to proactive with attack path analysis - Help Net Security

Identity and Access Management

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

Encryption

• The new frontier in online security: Quantum-safe cryptography (techxplore.com)

• In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica

• TETRA encryption algorithms entering the public domain • The Register

Passwords, Credential Stuffing & Brute Force Attacks

• 70% of passwords can be cracked in less than a second, shows NordPass study (business-standard.com)

• Top Passwords Used By Business Executives | NordPass

• Google Workspace security flaws could see hackers easily snaffle your password | TechRadar

• Stop using weak passwords for streaming services - it's riskier than you think | ZDNET

• The worst passwords of 2023 are also the most common, "123456" comes in first | TechSpot

Social Media

• Meta and YouTube face criminal surveillance complaints • The Register

• How Much Your Social Media Profile Data Is Worth on the Dark Web (makeuseof.com)

Malvertising

• BlackCat affiliate seen using malvertising to spread ransomware | Computer Weekly

• This fake Windows news site is spreading malware via hacked Google ads | TechRadar

• Adware activity doubles in Q3 (betanews.com)

Training, Education and Awareness

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• 3 Ways Behavioural Economics Obstructs Cyber security (darkreading.com)

Regulations, Fines and Legislation

• EU Tightens Cyber security Requirements for Critical Infrastructure and Services (darkreading.com)

• MPs Dangerously Uninformed About Facial Recognition – Report - Infosecurity Magazine (infosecurity-magazine.com)

• Meta and YouTube face criminal surveillance complaints • The Register

• SEC Suit Ushers in New Era of Cyber Enforcement (darkreading.com)

• Make Changes to be Ready for the New SEC Cyber security Disclosure Rule (darkreading.com)

• Navigating the complex role of the CISO under SEC disclosure rules (betanews.com)

• Clorox CISO flushes self after multimillion-dollar attack • The Register

• Morgan Stanley fined over computers with personal data (cnbc.com)

• White House is ‘working on version 2.0’ of cyber implementation plan | CyberScoop

Models, Frameworks and Standards

• What You Need to Know About NIST CSF 2.0 | Accelerynt, Inc. - JDSupra

• Modelling organisations' defensive mechanisms with MITRE D3FEND - Help Net Security

Backup and Recovery

• Why backup matters more than ever - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Data Protection

• Web browsing data collected in more detail than previously known, report finds (ft.com)

• Online ad auction data harms national security – claim • The Register

Careers, Working in Cyber and Information Security

• The challenges and opportunities of working in cyber security | TechRadar

• How US SEC legal actions put CISOs at risk and what to do about it | CSO Online

• Is ‘overwork’ culture a problem for cyber security professionals? (siliconrepublic.com)

Law Enforcement Action and Take Downs

• Serbian pleads guilty to running ‘Monopoly’ dark web drug market (securityaffairs.com)

• Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities (thehackernews.com)

• Russian admits building now-dismantled IPStorm proxy botnet • The Register

• European Police Take Down $9m Vishing Gang - Infosecurity Magazine (infosecurity-magazine.com)

• Russian-Moldovan National Admits to Infecting 23,000 Devices with Botnet Malware (occrp.org)

• Private Investigator Aviram Azar Gets Almost 7 Years for Hedge Fund Hacking Ring - Bloomberg

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Activity

Cyber Warfare and Cyber Espionage

• NCSC Annual Review on 'state-aligned actors' | Professional Security

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

Nation State Actors

China

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC/ransomware: China’s cyber security industry moves out of the shadows

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• The alarming cyber hack at ICBC (ft.com)

• China proposes auditors undergo cyber security checks if national security involved - CNA (channelnewsasia.com)

• Australian Intelligence Report Identifies China as Major Backer of Cyber Crime (voanews.com)

• Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• Labour warns against watering down of UK’s takeover screening powers

Russia

• China's Lending Giant Paid Ransom To Russia-Linked Group After It Got Hacked Last Week - Benzinga

• ICBC pays ransom after US hack (finextra.com)

• Cyber attack shines light on role of China’s largest lender in US Treasury market (ft.com)

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• Could Russia’s Ukraine Cyber attacks Clue Global Threat? | MSSP Alert

• Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure (thehackernews.com)

• Russia will target other countries for web attacks, Ukraine cyber defence chief warns – The Irish Times

• Major hack by Russian gang steals social security numbers and health information from 1.3 million in Maine | Daily Mail Online

• EU Formalizes Cyber security Support For Ukraine - Infosecurity Magazine (infosecurity-magazine.com)

• Meet the Unique New "Hacking" Group: AlphaLock (bleepingcomputer.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• Cyber espionage operation on embassies linked to Russia’s Cozy Bear hackers (therecord.media)

• What Do You Do When You’re Hit by Russian Ransomware? - Bloomberg

• Ukraine at D+670: GRU may be expanding its targeting. (thecyberwire.com)

Iran

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

• New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks (thehackernews.com)

North Korea

• Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers (thehackernews.com)

• Novel social engineering attack infrastructure established by BlueNoroff | SC Media (scmagazine.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• New NATO cyber forum to support collective response to cyber attacks – EURACTIV.com

• Deputy Prime Minister reviews national security powers to respond to geopolitical and tech threats - GOV.UK (www.gov.uk)

• UK plans U-turn on powers to halt company takeovers on national security grounds | Mergers and acquisitions | The Guardian

• Danish Energy Attacks Portend Targeting More Critical Infrastructure (darkreading.com)

• FBI Warns: Five Weeks In, Gaza Email Scams Still Thriving (darkreading.com)

• Cyber Criminals Exploit Gaza Crisis With Fake Charity - Infosecurity Magazine (infosecurity-magazine.com)

• Israel and Ukraine Face Shared Cyber Threats (fdd.org)

Vulnerabilities

• 'CitrixBleed' Linked to Ransomware Hit on China's State-Owned Bank (darkreading.com)

• LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed (bleepingcomputer.com)

• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups (thehackernews.com)

• APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide (darkreading.com)

• Juniper networking devices under attack - Help Net Security

• CISA warns of actively exploited Juniper pre-auth RCE exploit chain (bleepingcomputer.com)

• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks (bleepingcomputer.com)

• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (bleepingcomputer.com)

• Microsoft fixes critical Azure CLI flaw that leaked credentials in logs (bleepingcomputer.com)

• Adobe Releases Security Updates for Multiple Products | CISA

• Alert: 'Effluence' Backdoor Persists Despite Patching Atlassian Confluence Servers (thehackernews.com)

• ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric - Security Week

• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities - Security Week

• Fortinet Releases Security Updates for FortiClient and FortiGate | CISA

• Urgent: VMware Warns of Unpatched Critical Cloud Director Vulnerability (thehackernews.com)

• New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (thehackernews.com)

• SAP Patches Critical Vulnerability in Business One Product - Security Week

• Critical flaw fixed in SAP Business One product (securityaffairs.com)

• ChatGPT's New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data | Tom's Hardware (tomshardware.com)

• Citrix Releases Security Updates for Citrix Hypervisor | CISA

• Fortinet warns of critical command injection bug in FortiSIEM (bleepingcomputer.com)

• An email vulnerability let hackers steal data from governments around the world (engadget.com)

• Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw (thehackernews.com)

• Some AMD EPYC server CPUs have a serious security flaw, so patch now | TechRadr

• Microsoft Extends Windows Server 2012 ESUs Until 2026 (petri.com)

Tools and Controls

• Building resilience to shield your digital transformation from cyber threats - Help Net Security

• Against the Clock: Cyber Incident Response Plan (trendmicro.com)

• Fast-acting cyber gangs increasingly disabling telemetry logs | Computer Weekly

• Overview of Open Source Intelligence (OSINT) (eweek.com)

• Cyber threat intelligence: Getting on the front foot against adversaries (welivesecurity.com)

• The New 80/20 Rule for SecOps: Customize Where it Matters, Automate the Rest (thehackernews.com)

• Beyond re/insurance – protecting society from an unprecedented cyber incident | Insurance Business America (insurancebusinessmag.com)

• Phishing emails are more believable than ever. Here’s what to do about it. | CSO Online

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Traditional cloud security isn't up to the task - Help Net Security

• Top 10 API Security Threats for Q3 2023 - Security Week

• National security at risk from web browsing data collection, report finds (ft.com)Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice (darkreading.com)

• The cultural shift that’s needed to see greater ROI in cyber | Federal News Network

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• The Importance of Continuous Security Monitoring for a Robust Cyber security Strategy (thehackernews.com)

• NCSC backs use of security.txt for cyber resilience | UKAuthority

• New approaches to fighting ransomware are emerging | Mimecast

• Why backup matters more than ever - Help Net Security

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• The new imperative in API security strategy - Help Net Security

• How to Automate the Hardest Parts of Employee Offboarding (thehackernews.com)

• Steps CISOs Should Take Before, During & After a Cyber attack (darkreading.com)

• Threat Intel: To Share or Not to Share is Not the Question - Security Week

• As perimeter defences fall, the identify-first approach steps into the breach | CSO Online

• The Role of Cyber Wellness in Safeguarding Businesses - IT Security Guru

• OODA Loop - A Model for Cyber security Threat Sharing: Embracing the USA PATRIOT Act & FinCEN

• How to speak the board's language with cyber security ROI so it makes sense | Fierce Electronics

• Three Ways Generative AI Can Bolster Cyber security | NVIDIA Blogs

• 8 ways to cope with cyber security budget cuts | TechTarget

• Hackers breach healthcare orgs via ScreenConnect remote access (bleepingcomputer.com)

• Kubernetes adoption creates new cyber security challenges - Help Net Security

• Aon president warns insurers against ‘walking away’ from major risks (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Cyber insurance predictions for 2024 - Help Net Security

• Hundreds of websites cloned to run ads for Chinese gambling • The Register

• AI helps leaders optimize costs and mitigate risks - Help Net Security

• It ain’t what you store, it’s the way you restore it. • The Register

Reports Published in the Last Week

• NCSC Annual Review 2023 - NCSC.GOV.UK

Other News

• Organisations should prepare for the inevitability of cyber attacks on their infrastructure - Help Net Security

• 97% of Consumers Predict Cyber attacks Will Get Worse – or at Best, Stay Consistent – in 2024: ThreatX Data Reveals | Business Wire

• 'Alarming': big gaps in organisations' cyber security | The Canberra Times | Canberra, ACT

• 82% of Attacks Show Cyber Criminals Targeting Telemetry Data - Infosecurity Magazine (infosecurity-magazine.com)

• National security at risk from web browsing data collection, report finds (ft.com)

• CISOs vs. developers: A battle over security priorities - Help Net Security

• Collaborative strategies are key to enhanced ICS security - Help Net Security

• Web Application Attacks | Types of Web Application Attacks | Mimecast

• Hackers are wiping out traces of data traffic to remove attack traces: Sophos - The Hindu BusinessLine

• Telemetry gaps leave networks vulnerable as attackers move faster - Help Net Security

• Cyber crime Victims Can Turn to New Nonprofit, Intelligence for Good | MSSP Alert

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

• Majority of SMBs Lack Dedicated Cyber Experts and Cyber Incident Response Plans

A recent report conducted by security provider Huntress found some worrying results regarding SMBs lack of dedicated cyber experts and lack of cyber incident response plans. Some of the reports key findings were 24% of SMBs suffering a cyber attack or unsure if they had suffered a cyber attack in the last 12 months, 61% of SMBs not having a dedicated cyber security expert and 47% having no incident response plan. The report found that SMBs struggled to implement basic training and only 9% of employees adhered to security best practices, potentially due to the previously mentioned training struggles. The report highlights a clear need for SMBs to increase their cyber resilience and conduct effective user education and awareness training.

https://www.msspalert.com/cybersecurity-research/majority-of-smbs-lack-dedicated-cyber-experts-incident-response-plan/

• Controlling Third-Party Data Risk Should be a Top Cyber Security Priority

Nearly 60% of all data breaches are initiated via third-party vendors and this is often hard to detect. The ever-increasing use of third party services has led to the average organisation sharing sensitive data with 583 third parties, a worrying number of attack vectors. Due to the impact a third party breach can have on an organisation it is imperative that organisations assess and risk manage their supply chains to increase the organisations cyber resilience.

https://www.darkreading.com/attacks-breaches/controlling-third-party-data-risk-should-be-a-top-cybersecurity-priority-

• IT Security Spending to Reach Nearly $300 Billion by 2026

Worldwide spending on security is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022. This figure is expected to continually rise, reaching nearly $300 billion by 2026. In Europe, it is predicted that the biggest portion of spending will still be represented by services, which will be increasingly leveraged by organisations with limited cyber security experience. Additionally the finance sector, which will have to constantly ensure regulatory adherence, is predicted to be the largest spending sector. Organisations should perform due diligence and ensure that they are using reputable services.

https://www.helpnetsecurity.com/2023/03/20/it-security-spending-2026/

• 2023 Cyber Security Maturity Report Reveals Organisational Unpreparedness for Cyber Attacks

In 2022 alone cyber attacks increased by 38%, highlighting the need for organisations to have a high level of cyber maturity; despite this, a recent cyber security maturity report ranked UK organisations as 12th  globally. Some of the findings from the report included that 32% of organisations were found to have weak passwords and 23% had weak authentication systems.

https://thehackernews.com/2023/03/2023-cybersecurity-maturity-report.html

• Board Cyber Shortage: Don’t Get Caught Swimming Naked

The Securities and Exchange Commission recently released their rules on cyber security risk management, strategy governance and incident disclosure by public companies. As part of the rules, the public disclosure of board directors’ cyber risk biographies is mandated. Worryingly, recent research has found that there is a drastic gap in cyber expertise at the board director level, with 90% of companies not having a single director with cyber security expertise. Board directors are able to address this issue by retaining outside expert advisors, upskilling board members or hiring new cyber security board directors. 

https://www.forbes.com/sites/forbestechcouncil/2023/03/20/board-cyber-shortage-dont-get-caught-swimming-naked/?sh=6ea732895af8

• Should your Organisation be Worried about Insider Threats?

Cyber crime is predicted to reach $10.5 trillion worth, making it a lucrative business venture for opportunist criminals. One of the threats companies face is insider threat; this is where the threat comes from within the organisation. Insider threat can include third-party vendors, business partners and others with access to an organisations systems and networks. The threat an insider poses is commonly thought of as malicious but it can also be negligent, where insiders haven’t received proper user education and awareness training. Worryingly, insider threat is rising and research has shown a significant amount of under-reporting; over 70% of insider attacks never reach the headlines. As such, it is difficult for organisations to gauge the risk of insider threats.

https://www.itsecurityguru.org/2023/03/17/should-your-organization-be-worried-about-insider-threats/

• UK Ransomware Incident Volumes Surge 17% in 2022

According to recent research, attacker-reported ransomware incidents increased by 17% annually in the UK last year and 2023 is showing signs of a continual rise. With this continual rise, it is important for organisations to assess and build upon their cyber resilience.

https://www.infosecurity-magazine.com/news/uk-ransomware-incident-surge-17/

• Financial Industry Hit by Rising Ransomware Attacks and BEC

According to a recent report by the Financial Services Information Sharing and Analysis Center (FS-ISAC) ransomware remained the biggest concern for the financial industry with an increase in attacks due to ransomware-as-a-service. Furthermore, FS-ISAC found a 300% increase in the number of business email compromise attacks from 2021 to 2022. Artificial intelligence was identified as an upcoming area of concern due to its ability to obfuscate detection.

https://www.bloomberg.com/news/articles/2023-03-21/banks-financial-industry-buffeted-by-rising-ransomware-attacks?

• 55 zero-day Flaws Exploited Last Year Show the Importance of Security Risk Management

According to a report from intelligence provider Mandiant 55 zero-days were exploited in 2022 and 13 of those were used in cyber espionage attacks. Of the espionage attacks, 7 related to Chinese threat actors and 2 related to Russian threat actors. The report found that effective security management and patching remained the best protections for organisations.

https://www.csoonline.com/article/3691609/55-zero-day-flaws-exploited-last-year-show-the-importance-of-security-risk-management.html#tk.rss_news

• Security Researchers Spot $36m BEC Attack

Security experts recently identified a single business email compromise attack which amounted to $36.4m. The attack in question contained an invoice, payment instructions, a forged letterhead and even cc’d a legitimate and well known company. The attacker also changed “.com” to “.cam” to imitate a domain. The total cost of BEC based on reported incidents is around $2.7 billion and this is excluding unreported incidents. Organisations should ensure that staff are adequately trained in identifying and reporting such attacks.

https://www.infosecurity-magazine.com/news/security-researchers-spot-36m-bec/

• New Victims Come Forward After Mass Ransomware Attack

Russia-linked Ransomware gang “Clop” has claimed a mass hack of 130 organisations via the vendor GoAnywhere, with more victims coming forward. Clop adds names of victims to its dark web site, which is used to extort companies further by threatening to publish the stolen files unless a ransom is paid.

https://techcrunch.com/2023/03/22/fortra-goanywhere-ransomware-attack/

• Ransomware Gangs’ Harassment of Victims is Increasing

Analysis by Palo Alto Networks found that harassment was a factor in 20% of ransomware cases, a significant jump from less than 1% in mid 2021. The harassment campaign by threat attackers is intended to make sure that ransom payments are met. This adds to the stress that organisations already face with ransomware incidents.

https://www.techrepublic.com/article/ransomware-gangs-harassment-victims-increasing/

• Wartime Hacktivism is Spilling Over into the Financial Services Industry

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has identified that financial firms in countries that Russia considers hostile have been singled out for attacks and these attacks are going to continue if the Russia and Ukraine war persists.

https://www.scmagazine.com/analysis/risk-management/report-wartime-hacktivism-is-spilling-over-into-the-financial-services-industry

Threats

Ransomware, Extortion and Destructive Attacks

• LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (thehackernews.com)

• UK Ransomware Incident Volumes Surge 17% in 2022 - Infosecurity Magazine (infosecurity-magazine.com)

• Banks, Financial Sector Hit By Rising Ransomware Attacks - Bloomberg

• BianLian ransomware crew swaps encryption for extortion • The Register

• New victims come forward after mass-ransomware attack | TechCrunch

• Ransomware Gangs' Harassment of Victims Is Increasing (techrepublic.com)

• LockBit ransomware gang now also claims City of Oakland breach (bleepingcomputer.com)

• Free decryptor released for Conti-based ransomware following data leak | Tripwire

• New 'Trigona' Ransomware Targets US, Europe, Australia - SecurityWeek

• Ransomware Strongly Influencing SOC Modernization Strategies, Cybereason Research Shows - MSSP Alert

• US govt agencies released an alert on the Lockbit 3.0 ransomware- Security Affairs

• Security News This Week: Ring Is in a Standoff With Hackers | WIRED UK

• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws | CSO Online

• Clop ransomware claims Saks Fifth Avenue, retailer says mock data stolen (bleepingcomputer.com)

• Researchers Shed Light on CatB Ransomware's Evasion Techniques (thehackernews.com)

• Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO

• Dole discloses employee data breach after ransomware attack (bleepingcomputer.com)

• Ransomware Attacks Double in Europe's Transport Sector - Infosecurity Magazine (infosecurity-magazine.com)

• Prevent Ransomware with Cyber security Monitoring (trendmicro.com)

• Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organisations Stop Attacks Before Damage Occurs | CISA

• Ferrari in a spin as crims steal customer data • The Register

• Play ransomware gang hit Dutch shipping firm Royal Dirkzwager- Security Affairs

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• City of Toronto confirms data theft, Clop claims responsibility (bleepingcomputer.com)

Phishing & Email Based Attacks

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

BEC – Business Email Compromise

• Security Researchers Spot $36m BEC Attack - Infosecurity Magazine (infosecurity-magazine.com)

Other Social Engineering; Smishing, Vishing, etc

• Vishing Campaign Targets Social Security Administration - Infosecurity Magazine (infosecurity-magazine.com)

• Threat actors are experimenting with QR codes - Help Net Security

• Over 2400 Fake Pages Found Targeting Job Seekers in Middle East, Africa - Infosecurity Magazine (infosecurity-magazine.com)

2FA/MFA

• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office (techrepublic.com)

• How Cyber-Criminals are Circumventing Multifactor Authentication - Infosecurity Magazine (infosecurity-magazine.com)

Malware

• Emotet malware now distributed in Microsoft OneNote files to evade defences (bleepingcomputer.com)

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Mispadu Banking Trojan Targets Latin America: 90,000+ Credentials Stolen (thehackernews.com)

• Custom 'Naplistener' Malware a Nightmare for Network-Based Detection (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (thehackernews.com)

• Python info-stealing malware uses Unicode to evade detection (bleepingcomputer.com)

Mobile

• Nexus: A New Rising Android Banking Trojan Targeting 450 Financial Apps (thehackernews.com)

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Android apps are spying on you — with no easy way to stop them | Digital Trends

• Your Samsung phone may have a big security flaw – here's how to stay safe | TechRadar

• UK emergency alert system launched to warn of life-threatening events - with test set for next month | UK News | Sky News

• Google Pixel phones had a serious data leakage bug – here’s what to do! – Naked Security (sophos.com)

• How to keep your phone safe from the scary Exynos modem vulnerability (androidpolice.com)

Botnets

• New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks (thehackernews.com)

Denial of Service/DoS/DDOS

• New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks (bleepingcomputer.com)

• KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps - Infosecurity Magazine (infosecurity-magazine.com)

• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet (darkreading.com)

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

Internet of Things – IoT

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Google sounds alarm on Samsung modem bugs in Android devices • The Register

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

Data Breaches/Leaks

• Complacency of staff to blame for data breaches (thesundaily.my)

• Hitachi Energy confirms data breach after Clop GoAnywhere attacks (bleepingcomputer.com)

• Latitude customers are furious: some have had data hacked before through Medibank and Optus - ABC News

• Data breaches cost businesses nearly $6M on average: Mastercard | CTV News

• Healthcare provider ILS warns 4.2 million people of data breach (bleepingcomputer.com)

• NBA is warning fans of a data breach after a third-party newsletter service hack- Security Affairs

• Lowe’s Market chain leaves client data up for grabs- Security Affairs

• Ferrari discloses data breach after receiving ransom demand (bleepingcomputer.com)

• South Korea fines McDonalds for data leak from raw SMB share • The Register

• A million at risk from user data leak at Korean beauty platform PowderRoom- Security Affairs

Organised Crime & Criminal Actors

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Fireblocks Discloses Critical Vulnerability in BitGo Ethereum Wallets - Decrypt

• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen (bleepingcomputer.com)

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Insider Risk and Insider Threats

• Should Your Organisation Be Worried About Insider Threats? - IT Security Guru

• Top 5 Insider Threats to Look Out For in 2023- Security Affairs

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

Fraud, Scams & Financial Crime

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• ‘My bank did not stop £6,500 payment to holiday scammers despite my pleas’ | Scams | The Guardian

• The FBI Warns SIM Swapping Attacks Are Rising. What's That? - ReHack

• Hackers inject credit card stealers into payment processing modules (bleepingcomputer.com)

Deepfakes

• Voice deepfakes are calling – here's what they are and how to avoid getting scammed (theconversation.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

Insurance

• SMBs don't see need for cyber insurance since they won't experience security incidents | ZDNET

• Cyber insurance carriers expanding role in incident response | TechTarget

Supply Chain and Third Parties

• Controlling Third-Party Data Risk Should Be a Top Cyber security Priority (darkreading.com)

• Companies vulnerable to cyber-attack via suppliers - research | RNZ News

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Software Supply Chain

• Why Business Software Buyers Are Demanding Baked-in Security - MSSP Alert

Cloud/SaaS

• How access management helps protect identities in the cloud | VentureBeat

• Bitcoin ATM maker shuts cloud service after user hot wallets compromised (cointelegraph.com)

• The cloud backlash has begun: Why big data is pulling compute back on premises | TechCrunch

• Shouldering the Increasingly Heavy Cloud Shared-Responsibility Model (darkreading.com)

• 4 cloud API security best practices | TechTarget

• 8 cloud detection and response use cases | TechTarget

• How to Transfer Data Securely When Moving to the Cloud - Infosecurity Magazine (infosecurity-magazine.com)

• The hidden danger to zero trust: Excessive cloud permissions • Graham Cluley

• New CISA tool detects hacking activity in Microsoft cloud services (bleepingcomputer.com)

• 4 Tips for Better AWS Cloud Workload Security (trendmicro.com)

Hybrid/Remote Working

• Bridging the cyber security readiness gap in a hybrid world - Help Net Security

Identity and Access Management

• How access management helps protect identities in the cloud | VentureBeat

• The impact of AI on the future of ID verification - Help Net Security

• Preventing Insider Threats in Your Active Directory (thehackernews.com)

• CISA, NSA push identity and access management framework as risks grow | SC Media (scmagazine.com)

API

• 4 cloud API security best practices | TechTarget

Open Source

• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers (thehackernews.com)

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Okta Post-Exploitation Method Exposes User Passwords (darkreading.com)

Social Media

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• TikTok cannot be considered a private company: report • The Register

• TikTok CEO plans rigorous defences in Congress against claims the app is a US security threat | CyberScoop

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• Linus Tech Tips' YouTube Channel has been hacked by Crypto Scammers | OC3D News (overclock3d.net)

Training, Education and Awareness

• Complacency of staff to blame for data breaches (thesundaily.my)

Regulations, Fines and Legislation

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

• EU Council extends product lifetime, clarifies scope in cyber security law – EURACTIV.com

• India’s infosec reporting rules observed by just 15 orgs • The Register

• Why Organisations Need To Go Beyond Federal Cyber security Compliance Standards (forbes.com)

Governance, Risk and Compliance

• How CISOs Can Work With the CFO to Get the Best Security Budget (darkreading.com)

• CIOs Build New Bonds With CISOs - WSJ

• How to best allocate IT and cyber security budgets in 2023 - Help Net Security

• IT security spending to reach nearly $300 billion by 2026 - Help Net Security

• Board Cyber Shortage: Don’t Get Caught Swimming Naked (forbes.com)

• How Your Cyber security Strategy Enables Better Business (trendmicro.com)

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• How Can CISOs Connect With the Board of Directors? (darkreading.com)

• Achieving The Five Levels Of Information Security Governance (forbes.com)

• Enhance security while lowering IT overhead in times of recession - Help Net Security

• Why organisations shouldn't fold to cyber criminal requests - Help Net Security

Models, Frameworks and Standards

• Meta Proposes Revamped Approach to Online Kill Chain Frameworks (darkreading.com)

• MITRE Rolls Out Supply Chain Security Prototype (darkreading.com)

Backup and Recovery

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Data Protection

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• ICO Reprimands Metropolitan Police for Data Snafu - Infosecurity Magazine (infosecurity-magazine.com)

Careers, Working in Cyber and Information Security

• How training and recognition can reduce cyber security stress and burnout | CSO Online

Law Enforcement Action and Take Downs

• RAT developer arrested for infecting 10,000 PCs with malware (bleepingcomputer.com)

• New York Man Arrested for Running BreachForums Cyber crime Website - SecurityWeek

Privacy, Surveillance and Mass Monitoring

• Eufy security cam 'stored unique ID' of everyone filmed • The Register

• Use of Meta tracking tools found to breach EU rules on data transfers | TechCrunch

• How to protect online privacy in the age of pixel trackers - Help Net Security

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• French govt clears AI facial scans for Paris Olympics • The Register

Artificial Intelligence

• EU's AI regulation vote looms. We’re still not sure how unrestrained AI should be | Euronews

• ChatGPT Leaves Governments Scrambling for AI Regulations - Bloomberg

• ‘We are a little bit scared’: OpenAI CEO warns of risks of artificial intelligence | Artificial intelligence (AI) | The Guardian

• ChatGPT Polymorphic Malware Bypasses Endpoint Detection Filters (cybersecuritynews.com)

• Detecting face morphing: A simple guide to countering complex identity fraud - Help Net Security

• We need to create guardrails for AI | Financial Times (ft.com)

• GPT-4 devises plan to ‘escape’ by gaining control of a user's computer | Mint (livemint.com)

• Mastercard strengthens customer security with new AI ‘Cyber Shield’ | Mastercard Newsroom

• The impact of AI on the future of ID verification - Help Net Security

• 7 guidelines for identifying and mitigating AI-enabled phishing campaigns | CSO Online

• AI news latest: Google lets people talk to ‘Bard’ bot as ChatGPT taken offline after it goes haywire | The Independent

• Why you should treat ChatGPT like any other vendor service - Help Net Security

• Mozilla launches a new startup focused on ‘trustworthy’ AI | TechCrunch

• French govt clears AI facial scans for Paris Olympics • The Register

Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Palantir: NHS trusts ordered to share patient data with US ‘spy-tech’ firm | openDemocracy

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• Facebook Security Exec Seaford Hacked by Greek Predator Spyware (gizmodo.com)

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to DC Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• North Korean hackers using Chrome extensions to steal Gmail emails (bleepingcomputer.com)

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

Nation State Actors

• Financial cyber threats heightened by ideologically motivated hacktivism amidst geopolitical tension | SC Media (scmagazine.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• New Espionage Group 'YoroTrooper' Targeting Entities in European, CIS Countries - SecurityWeek

• Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm - Infosecurity Magazine (infosecurity-magazine.com)

• Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder - SecurityWeek

• Tesco to ditch Chinese-made CCTV cameras over security and human rights fears (telegraph.co.uk)

• Purported Chinese warships interfering with passenger planes • The Register

• TikTok cannot be considered a private company: report • The Register

• Five brutal hours for TikTok: CEO raked over coals amid privacy, security concerns | CyberScoop

• BBC presses staff to uninstall TikTok from corporate kit • The Register

• Google flags apps made by popular Chinese e-commerce giant as malware | TechCrunch

• Putin to staffers: throw out your iPhones over security • The Register

• Russia-backed Iridium Hackers Set to Launch Attacks on Ukrainian Government Sites - MSSP Alert

• New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War (thehackernews.com)

• Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism' | CyberScoop

• Unknown actors target orgs in Russia-occupied Ukraine • The Register

• Xi, Putin, declare intent to rule the world of AI, infosec • The Register

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online | CyberScoop

• The pressing threat of Chinese-made drones flying above US critical infrastructure  | CyberScoop

• Stealthy hacks show advancements in China's cyberespionage operations, researchers say | CyberScoop

• China-Aligned "Operation Tainted Love" Targets Middle East Telecom Providers - Infosecurity Magazine (infosecurity-magazine.com)

• Russian hacktivists deploy new AresLoader malware via decoy installers | CSO Online

Vulnerability Management

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

• From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022 (thehackernews.com)

• Threat actors linked to nation-states exploited zero-days the most in 2022 | SC Media (scmagazine.com)

• 10 Vulnerabilities Types to Focus On This Year (darkreading.com)

• Vulnerability vs. Risk: How MSSPs Can Prioritize Remediating Cyber security Vulnerabilities - MSSP Alert

• What Is the Microsoft Print Spooler Vulnerability? - ReHack

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

• Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (bleepingcomputer.com)

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

• Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams (darkreading.com)

Vulnerabilities

• Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug (darkreading.com)

• CVE-2023-23397 Outlook exploit: "A proliferation event" (thestack.technology)

• Patch CVE-2023-23397 Immediately: What You Need To Know and Do (trendmicro.com)

• Cisco fixed severe vulnerabilities in its IOS and IOS XE software- Security Affairs

• Exploit released for Veeam bug allowing cleartext credential theft (bleepingcomputer.com)

• Experts published PoC exploit code for Veeam Backup & Replication bug- Security Affairs

• WordPress force patching WooCommerce plugin with 500K installs (bleepingcomputer.com)

• Windows 11 bug warns Local Security Authority protection is off (bleepingcomputer.com)

• Bitwarden addresses autofill issue that could be exploited to steal logins - gHacks Tech News

• Hackers mostly targeted Microsoft, Google, Apple zero-days in 2022 (bleepingcomputer.com)

• Microsoft’s blunders with new Windows 10 update are causing serious headaches | TechRadar

• Microsoft: Defender update behind Windows LSA protection warnings (bleepingcomputer.com)

• ZenGo uncovers 'red pill attack' vulnerability in popular Web3 apps (cointelegraph.com)

• Windows 11 Snipping Tool privacy bug exposes cropped image content (bleepingcomputer.com)

• Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours (securityintelligence.com)

• If your Netgear Orbi router isn’t patched, you’ll want to change that pronto | Ars Technica

• Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products (darkreading.com)

• Chinese-linked hackers deployed the most zero-day vulnerabilities in 2022, researchers say | CyberScoop

Tools and Controls

• Data backup, security alerts, and encryption viewed as top security features - Help Net Security

• Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan - MSSP Alert

• 55 zero-day flaws exploited last year show the importance of security risk management | CSO Online

• Complacency of staff to blame for data breaches (thesundaily.my)

• How access management helps protect identities in the cloud | VentureBeat

• Why CISOs Should Prioritize Extended Detection & Response (XDR) - VMware Security Blog - VMware

• The Ethics of Network and Security Monitoring (darkreading.com)

• Fighting VPN criminalization should be Big Tech’s top priority, activists say | Ars Technica

• Just 1% of Dot-Org Domains Are Fully DMARC Protected - Infosecurity Magazine (infosecurity-magazine.com)

• How network perimeters secure enterprise networks | TechTarget

• Top 5 security risks for enterprise storage, backup devices - Help Net Security

Reports Published in the Last Week

• State of Cybersecurity for Mid-Sized Businesses in 2023 | Huntress

• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace | Mandiant

Other News

• Web Fingerprinting gets frighteningly good: sees through VPNs and Incognito Mode - gHacks Tech News

• Journalist plugs in unknown USB drive mailed to him—it exploded in his face | Ars Technica

• What Is Shoulder Surfing? How Does It Affect Cyber security (informationsecuritybuzz.com)

• Inside the DEA Tool Hackers Allegedly Used to Extort Targets (vice.com)

• Top ways attackers are targeting your endpoints - Help Net Security

• What Is a Dirty IP Address and How Does It Affect Your Security? (makeuseof.com)

• 5 rules to make security user-friendly - Help Net Security

• Techno-nationalism explained: What you need to know (techtarget.com)

• How Emerging Trends in Virtual Reality Impact Cyber security - IT Security Guru

• Pipeline Cyber security Rules Show the Need for Public-Private Partnerships (darkreading.com)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·       Automotive

·       Construction

·       Critical National Infrastructure (CNI)

·       Defence & Space

·       Education & Academia

·       Energy & Utilities

·       Estate Agencies

·       Financial Services

·       FinTech

·       Food & Agriculture

·       Gaming & Gambling

·       Government & Public Sector (including Law Enforcement)

·       Health/Medical/Pharma

·       Hotels & Hospitality

·       Insurance

·       Legal

·       Manufacturing

·       Maritime

·       Oil, Gas & Mining

·       OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·       Retail & eCommerce

·       Small and Medium Sized Businesses (SMBs)

·       Startups

·       Telecoms

·       Third Sector & Charities

·       Transport & Aviation

·       Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.