Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Threat Briefing 31 March 2023
Black Arrow Cyber Threat Briefing 31 March 2023:
-Phishing Emails Up a Whopping 569% in 2022
-The End User Password Mistakes Putting Your Organisation at Risk
-Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
-71% of Employees Keep Work Passwords on Personal Devices
-Cyber Crime Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
-Security Flaws Cost Fifth of Executive’s Businesses
-Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
-Only 10% of Workers Remember All Their Cyber Security Training
-Silence Gets You Nowhere in a Data Breach
-Just 1% of Cloud Permissions are Actively Used
-Dangerous Misconceptions About Emerging Cyber Threats
-‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Phishing Emails Up a Whopping 569% in 2022
The volume of phishing emails sent in 2022 spiked by a jaw-dropping 569% according to a new report. Based on data from 35 million users, the report details the astronomical rise of email phishing as a tactic among threat actors in 2022. Key findings from the report include the number of credential phishing emails sent spiked by 478% and, for the eighth consecutive year, business email compromise (BEC) ranked as the top cyber crime.
https://www.darkreading.com/attacks-breaches/phishing-emails-up-whopping-569-percent-2022
The End User Password Mistakes Putting Your Organisation at Risk
Businesses rely on their end users, but those same users often don't follow the best security practices. Without the right password security policies, a single end user password mistake can be a costly breach of your organisation's defences. End users want to do their work quickly and efficiently, but sharing, reusing and weak passwords can put your organisation at risk so having the right policies in place is essential for security.
Millions of Penetration Tests Show Companies’ Security Postures are Getting Worse
The risk score for the average company worsened in the past year as companies fail to adapt to data exfiltration techniques and adequately protect web applications. Companies' effective data-exfiltration risk increased to 44 out of 100 (with 100 indicating the riskiest posture) in 2022, from an average score of 30 in the previous year, indicating that the overall risk of data being compromised has increased. That's according to rankings by Cymulate, who crunched data on 1.7 million hours of offensive cyber security testing. The research noted that while many companies are improving the adoption of strict network and group policies, attackers are adapting to sidestep such protections. They also found that four of the top-10 CVEs (known vulnerabilities) identified in customer environments were more than two years old.
https://www.darkreading.com/cloud/millions-pen-tests-companies-security-posture-getting-worse
71% of Employees Keep Work Passwords on Personal Devices
71% of employees store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work, according to a new mobile bring your own device (BYOD) security report this week, with the report also suggesting 95% of security leaders are increasingly concerned about phishing attacks via private messaging apps. With the widespread use of personal mobile devices in the workplace, it is increasingly difficult for employers to ensure the security of sensitive information. The use of personal devices and personal apps was the direct cause of many high-profile corporate breaches and this is a trend that will surely continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber criminals as threat actors know there are fewer security controls on personal mobile devices than on corporate ones.
https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/
Cyber Frontlines in Russia-Ukraine War Move to Eastern and Northern Europe
More than a year into the war in Ukraine, hackers have extended the cyber battleground to Eastern and Northern Europe with the number of incidents in those geographies spiking noticeably. A new report shows that cyber warfare inside the conflict has “clearly moved on” from the beginnings of the war. Over the last 12 months, the research reports that the majority of incidents only affecting Ukraine in the first quarter of 2022 (50.4%) sank to 28.6% in the third period. But European Union countries have seen a spike in incidents related to the war in the past six months from 9.8% to 46.5%. Indeed, the number of attacks on EU countries in the third quarter of 2022 totalled just slightly less than those in the Ukraine. And, in the first quarter of this year, more than 80% of incidents occurred inside the European Union. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate.
Security Flaws Cost Fifth of Executives New Business
Boards continue to under-appreciate the value of cyber security to the business, despite acknowledging its critical role in winning new business and talent, according to Trend Micro. The security giant polled 2,718 business decision makers globally to compile its Risky Rewards study and it found that half (51%) believe cyber security is a necessary cost but not a revenue contributor. 48% argue that its value is limited to threat prevention and two-fifths (38%) see security as a barrier rather than a business enabler. That’s despite a fifth (19%) acknowledging that poor security posture has already impacted their ability to win new business, and 57% thinking there is a strong connection between cyber and client acquisition.
https://www.infosecurity-magazine.com/news/fifth-execs-security-flaws-cost/
Companies Struggle to Build and Run Effective Programs to Protect Data from Insider Threats
Insider risk is emerging as one of the most challenging threats for organisations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023. To compile data for the study they surveyed some 700 cyber security leaders, managers and practitioners and whilst more than 72% of companies indicated they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. 71% of respondees expect data loss from insider events to increase in the next 12 months. Insider incidents are costing organisations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Data loss from insiders is not a new problem but it has become more complex with workforce turnover and cloud adoption.
Only 10% of Workers Remember All Their Cyber Security Training
New research has found that only 10% of workers remember all their cyber security training. Furthermore, only half of employees are undergoing regular training, and a quarter aren’t receiving any training at all. Organisations should look to carry out effective and regular training that is tailored to their employees to increase the chance of training content being retained, with a programme of ongoing continual reinforcement.
Silence Gets You Nowhere in a Data Breach
In cyber security, the phrase “what they don’t know won’t hurt them” is not only wrong, it’s dangerous. Despite this, it’s a motto that remains in many organisations’ PR playbooks, as demonstrated by the recent LastPass and Fortra data breaches. Smaller companies, too, are employing a silent-treatment approach to data breaches, and cyber attacks are now a fact of doing business with almost half of US organisations having suffered a cyber attack in 2022. Attackers are increasingly targeting smaller businesses due to the fact they are seen as easier targets than large companies.
https://techcrunch.com/2023/03/29/silence-gets-you-nowhere-in-a-data-breach/
Just 1% of Cloud Permissions are Actively Used
According to Microsoft, a surge in workload identities, super admins and “over-permissioning” is driving the increase in cyber risk for organisations. Just 1% of users are using the permissions granted to them for day-to-day work. Worryingly, this leaves a significant number of unnecessary permissions which could be used by an attacker to elevate their privileges.
https://www.infosecurity-magazine.com/news/just-1-of-cloud-permissions-used/
Dangerous Misconceptions About Emerging Cyber Threats
Organisations are leaving common attack paths exposed in their quest to combat emergent threats, according to a new report that delves into the efficacy of different security controls, the most concerning threats as tested by organisations worldwide, and top cyber security best practices for 2023. One of the key findings of the report is that many organisations are actively testing against threats seen in the news, likely from pressure to report on their exposure risk to emergent threats, and whilst this is good, it should not take away from assessing threats and exposures that are more likely actively targeting the business.
https://www.helpnetsecurity.com/2023/03/30/misconceptions-emerging-cyber-threats/
‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns
Europol has warned that criminals are set to take advantage of artificial intelligence to commit fraud and other crimes. Europol highlighted that ChatGPT could be used to speed up criminal research, impersonate speech styles for phishing and write code. Furthermore, despite ChatGPT having safeguards, Europol note that these can be circumvented.
https://www.securityweek.com/grim-criminal-abuse-of-chatgpt-is-coming-europol-warns/
Threats
Ransomware, Extortion and Destructive Attacks
Why CISOs Are Looking to Lateral Security to Mitigate Ransomware | CIO
Clop Keeps Racking Up Ransomware Victims With GoAnywhere Flaw (darkreading.com)
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
Publicly disclosed US ransomware attacks in 2023 | TechTarget
Virgin Group added to Cl0p gang’s victim leak site | Cybernews
New York law firm coughs up $200k after hospital data stolen • The Register
Telecom giant Lumen suffered a ransomware attack-Security Affairs
Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity | Ars Technica
DarkBit puts data from Israel’s Technion university on sale | CSO Online
Crown Resorts investigating potential data breach after being contacted by hacking group - ABC News
Children’s data feared stolen in Fortra ransomware attack | TechCrunch
Phishing & Email Based Attacks
Phishing Emails Up a Whopping 569% in 2022 (darkreading.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
These next-level phishing scams use PayPal or Google Docs to steal your data | TechRadar
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
BEC – Business Email Compromise
BEC scammers are after physical goods, the FBI warns - Help Net Security
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
New BEC Tactics Enable Fake Asset Purchases - Infosecurity Magazine (infosecurity-magazine.com)
FBI: Business email compromise tactics used to defraud US vendors (bleepingcomputer.com)
Other Social Engineering; Smishing, Vishing, etc
2FA/MFA
Malware
New IcedID malware variants shift from banking trojans to ransomware | SC Media (scmagazine.com)
MacStealer macOS malware appears in cyber crime underground--Security Affairs
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Microsoft confirms Defender has gone rogue as it's flagging legit links as malware - Neowin
North Korean malware-spreading, crypto-stealing gang named • The Register
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Realtek and Cacti flaws now actively exploited by malware botnets (bleepingcomputer.com)
AlienFox malware caught in the cloud hen house • The Register
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
IRS Phishing Emails Used to Distribute Emotet - Infosecurity Magazine (infosecurity-magazine.com)
Mobile
Android-based banking Trojan Nexus now available as malware-as-a-service | CSO Online
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Google again accused of destroying evidence in Android case • The Register
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Samsung keeps ignoring a huge security flaw in millions of Galaxy phones - SamMobile
iOS Vs. Android – Which Is The More Secure Platform? (informationsecuritybuzz.com)
Botnets
Denial of Service/DoS/DDOS
Internet of Things – IoT
Inaudible ultrasound attack can stealthily control your phone, smart speaker (bleepingcomputer.com)
This devious cyber attack can target all your smart speakers without you realizing | TechRadar
Gone in 120 seconds: Tesla Model 3 child's play for hackers • The Register
Data Breaches/Leaks
Fortra told breached companies their data was safe | TechCrunch
Procter & Gamble confirms data theft via GoAnywhere zero-day (bleepingcomputer.com)
New York law firm coughs up $200k after hospital data stolen • The Register
Toyota scrambles to patch customer data leak-Security Affairs
500k Impacted by Data Breach at Debt Buyer NCB - SecurityWeek
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Malware disguised as Tor browser steals $400k in cryptocash • The Register
NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month (darkreading.com)
Insider Risk and Insider Threats
Only 10% of workers remember all their cyber security training - IT Security Guru
Data loss from insider events increase despite IRM programs, says study | CSO Online
Stop Blaming the End User for Security Risk (darkreading.com)
Fraud, Scams & Financial Crime
Visa fraud expert outlines the many faces of payment ecosystem fraud - Help Net Security
Cyber Scammers Using Decentralized File Distribution System to Spread Malware - MSSP Alert
Deepfakes
AML/CFT/Sanctions
Insurance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
Supply Chain and Third Parties
Hackers compromise 3CX desktop app in a supply chain attack (bleepingcomputer.com)
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails (bleepingcomputer.com)
Cloud/SaaS
Just 1% of Cloud Permissions Are Actively Used - Infosecurity Magazine (infosecurity-magazine.com)
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
Balancing security risks and innovation potential of shadow IT teams - Help Net Security
AlienFox malware caught in the cloud hen house • The Register
Hybrid/Remote Working
Cyber security focus in second Digital Europe work programme – EURACTIV.com
More companies are watching their remote workers WFH on camera | Fortune
Shadow IT
Identity and Access Management
Encryption
API
Passwords, Credential Stuffing & Brute Force Attacks
The End-User Password Mistakes Putting Your Organisation at Risk (bleepingcomputer.com)
New Research Examines Traffers and the Business of Stolen Credentials - IT Security Guru
Social Media
Training, Education and Awareness
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Parental Controls and Child Safety
Regulations, Fines and Legislation
Governance, Risk and Compliance
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
Cyber security vs. Everyone: From Conflict to Collaboration (darkreading.com)
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
How cyber security decision-makers perceive cyber resilience - Help Net Security
NCSC issues revised security Board Toolkit for business leaders | Computer Weekly
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Models, Frameworks and Standards
Backup and Recovery
Law Enforcement Action and Take Downs
FBI confirms access to Breached cyber crime forum database (bleepingcomputer.com)
UK creates fake DDoS-for-hire sites to identify cyber criminals (bleepingcomputer.com)
Australian police arrest four BEC actors who stole $1.7 million (bleepingcomputer.com)
20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (thehackernews.com)
Privacy, Surveillance and Mass Monitoring
UK Introduces Mass Surveillance With Online Safety Bill - SecurityWeek
FBI Spent Tens of Thousands of Dollars on Bulk Data Collection (gizmodo.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
More companies are watching their remote workers WFH on camera | Fortune
Artificial Intelligence
'Grim' Criminal Abuse of ChatGPT is Coming, Europol Warns - SecurityWeek
In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT | WIRED
Musk, Scientists Call for Halt to AI Race Sparked by ChatGPT - SecurityWeek
AI-fuelled search gives more power to the bad guys | CSO Online
Hacker demonstrates security flaws in GPT-4 just one day after launch | VentureBeat
Godfather of AI Says There's a Minor Risk It'll Eliminate Humanity (futurism.com)
Clearview AI used nearly 1m times by US police, it tells the BBC - BBC News
AI has figured out how to draw deepfake hands | The Independent
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Putin and Xi’s plot to control the internet will leave the West in the dust (telegraph.co.uk)
In A Surprise, China-Linked TikTok Grabs Power Norway Needs To Make Ammo (forbes.com)
Cyber crime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe - MSSP Alert
Beazley working on standalone cyber war product in market first (insuranceinsider.com)
'Bitter' espionage hackers target Chinese nuclear energy orgs (bleepingcomputer.com)
Earth Preta’s Cyber Espionage Campaign Hits Over 200 (trendmicro.com)
Biden White House Issues Executive Order on Commercial Spyware (gizmodo.com)
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations (thehackernews.com)
Google finds more Android, iOS zero-days used to install spyware (bleepingcomputer.com)
Over 200 Organisations Targeted in Chinese Cyber Espionage Campaign - SecurityWeek
Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits (darkreading.com)
Chinese Cyber spies Use 'Melofee' Linux Malware for Stealthy Attacks - SecurityWeek
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Pro-Russian hackers target elected US officials supporting Ukraine | Ars Technica
Russian spies more effective than army, say experts - BBC News
Cyber warfare leaks show Russian army is adopting mindset of secret police | Cyberwar | The Guardian
Nation State Actors
Uncle Sam sent cyber-soldiers to Albania to combat Iran • The Register
Russia’s Rostec allegedly can de-anonymize Telegram users (bleepingcomputer.com)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
China urges Apple to improve security and privacy • The Register
North Korean malware-spreading, crypto-stealing gang named • The Register
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor (thehackernews.com)
Vulnerability Management
What you need before the next vulnerability hits - Help Net Security
Vulnerability management vs. risk management, compared | TechTarget
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Ignoring network automation is a ticking time bomb for security - Help Net Security
Vulnerabilities
Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April - SecurityWeek
Microsoft shares tips on detecting Outlook zero-day exploitation (bleepingcomputer.com)
Apple patches everything, including a zero-day fix for iOS 15 users – Naked Security (sophos.com)
QNAP fixed Sudo privilege escalation bug in NAS devices-Security Affairs
Patch Now: Cyber criminals Set Sights on Critical IBM File Transfer Bug (darkreading.com)
Super FabriXss flaw in Microsoft Azure SFX could lead to RCE-Security Affairs
OpenAI quickly fixed account takeover bugs in ChatGPT-Security Affairs
Tools and Controls
Even with defence tools, CISOs say cyber attacks are ‘inevitable’ (techrepublic.com)
The era of passive cyber security awareness training is over - Help Net Security
Only 10% of workers remember all their cyber security training - IT Security Guru
Prioritizing data security amid workforce disruptions - Help Net Security
Using Observability to Power a Smarter Cyber security Strategy (darkreading.com)
For database security it's down to people, not tech fixes • The Register
Known unknowns: Refining your approach to uncategorized web traffic - Help Net Security
Understanding adversaries through dark web intelligence - Help Net Security
Where SSO Falls Short in Protecting SaaS (thehackernews.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
CISA Releases Hunt Tool for Microsoft's Cloud Services (darkreading.com)
With Security Copilot, Microsoft brings the power of AI to cyber defence - Stories
Compare breach and attack simulation vs. penetration testing | TechTarget
Ignoring network automation is a ticking time bomb for security - Help Net Security
Microsoft's ‘Security Copilot’ Sics ChatGPT on Security Breaches | WIRED
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo (thehackernews.com)
Diagnose your SME’s Cyber security and Scan for Recommendations — ENISA (europa.eu)
Protect your entire business with the right authentication method - Help Net Security
Microsoft Defender is flagging legit URLs as malicious • The Register
Managing security in the cloud through Microsoft Intune | CSO Online
Top 5 SD-WAN Challenges and How to Prepare for Them | TechTarget
Organisations Reassess Cyber Insurance as Self-Insurance Strategies Emerge (darkreading.com)
The best defence against cyber threats for lean security teams - Help Net Security
Overcoming obstacles to introduce zero-trust security in established systems - Help Net Security
The foundation of a holistic identity security strategy - Help Net Security
The CISO Mantra: Get Ready to Do More With Less (darkreading.com)
Other News
Hackers changed tactics, went cross-platform in 2022, says Trend Micro | CSO Online
WiFi protocol flaw allows attackers to hijack network traffic (bleepingcomputer.com)
Microsoft OneNote will block 120 dangerous file extensions (bleepingcomputer.com)
How CISOs Can Reduce the Danger of Using Data Brokers (darkreading.com)
How Does Data Literacy Enhance Data Security? (darkreading.com)
Microsoft uses carrot and stick with Exchange Online admins • The Register
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 30 December 2022
Black Arrow Cyber Threat Briefing 30 December 2022:
-Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
-Your Business Should Compensate for Modern Ransomware Capabilities Right Now
-Reported Phishing Attacks Have Quintupled
-Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
-Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
-Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
-The Worst Hacks of 2022
-Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
-Fraudsters’ Working Patterns Have Changed in Recent Years
-Hacktivism is Back and Messier Than Ever
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Cyber Attacks Set to Become ‘Uninsurable’, Says Zurich Chief
The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow.
Insurance executives have been increasingly vocal in recent years about systemic risks, such as pandemics and climate change, that test the sector’s ability to provide coverage. For the second year in a row, natural catastrophe-related claims are expected to top $100bn.
But Mario Greco, chief executive at insurer Zurich, told the Financial Times that cyber was the risk to watch. “What will become uninsurable is going to be cyber,” he said. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” Recent attacks that have disrupted hospitals, shut down pipelines and targeted government departments have all fed concern about this expanding risk among industry executives. Focusing on the privacy risk to individuals was missing the bigger picture, Greco added: “First off, there must be a perception that this is not just data . . . this is about civilisation. These people can severely disrupt our lives.”
Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are exemptions written into policies for certain types of attacks. In 2019, Zurich initially denied a $100mn claim from food company Mondelez, arising from the NotPetya attack, on the basis that the policy excluded a “warlike action”. The two sides later settled. In September, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.
https://www.ft.com/content/63ea94fa-c6fc-449f-b2b8-ea29cc83637d
Your Business Should Compensate for Modern Ransomware Capabilities Right Now
The “if, not when” mentality surrounding ransomware may be the biggest modern threat to business longevity. Companies of all sizes and across all industries are increasingly common targets for ransomware attacks, and we know that 94% of organisations experienced a cyber security incident last year alone. Yet, many enterprises continue to operate with decades-old security protocols that are unequipped to combat modern ransomware. Leaders have prioritised improving physical security measures in light of the pandemic — so why haven’t ransomware protections improved?
Maybe it’s the mistaken notion that ransomware attacks are declining. In reality, Q1 of 2022 saw a 200% YoY increase in ransomware incidents. Meanwhile, the rise in Ransomware as a Service (RaaS) offerings suggests that cyber threats have become a commodity for bad actors.
The RaaS market presents a new and troubling trend for business leaders and IT professionals. With RaaS — a subscription ransomware model that allows affiliates to deploy malware for a fee — the barrier to entry for hackers is lower than ever. The relatively unskilled nature of RaaS hackers may explain why the average ransomware downtime has plummeted to just 3.85 days (compared to an average attack duration of over two months in 2019).
While the decrease in attack duration is promising, the rise of RaaS still suggests an inconvenient truth for business leaders: All organisations are at risk. And in time, all organisations will become a target, which is why it’s time for IT and business leaders to implement tough cyber security protocols.
Reported Phishing Attacks Have Quintupled
In the third quarter of 2022, the international Anti-Phishing Working Group (APWG) consortium observed 1,270,883 total phishing attacks; the worst quarter for phishing that APWG has ever observed. The total for August 2022 was 430,141 phishing sites, the highest monthly total ever reported to APWG.
Over recent years, reported phishing attacks submitted to APWG have more than quintupled since the first quarter of 2020, when APWG observed 230,554 attacks. The rise in Q3 2022 was attributable, in part, to increasing numbers of attacks reported against several specific targeted brands. These target companies and their customers suffered from large numbers of attacks from persistent phishers.
Threat researchers at the cyber security solution provider Fortra noted a 488 percent increase in response-based email attacks in Q3 2022 compared to the prior quarter. While every subtype of these attacks increased compared to Q2, the largest increase was in Advance Fee Fraud schemes, which rose by a staggering 1,074 percent.
In the third quarter of 2022, APWG founding member OpSec Security found that phishing attacks against the financial sector, which includes banks, remained the largest set of attacks, accounting for 23.2 percent of all phishing. Attacks against webmail and software-as-a-service (SaaS) providers remained prevalent as well. Phishing against social media services fell to 11 percent of the total, down from 15.3 percent.
Phishing against cryptocurrency targets — such as cryptocurrency exchanges and wallet providers — fell from 4.5 percent of all phishing attacks in Q2 2022 to 2 percent in Q3. This mirrored the fall in value of many cryptocurrencies since mid-year.
https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/
Ransomware, DDoS See Major Upsurge Led by Upstart Hacker Group
Cyber threat actors Cuba and Royal are driving a 41% boom in ransomware and other attacks hitting industry and consumer goods and services.
According to the Global Threat Intelligence team of information assurance firm NCC Group, November saw a 41% increase in ransomware attacks from 188 incidents to 265. In its most recent Monthly Threat Pulse, the group reported that the month was the most active for ransomware attacks since April this year.
Key takeaways from the study:
Ransomware attacks rose by 41% in November.
Threat group Royal (16%) was the most active, replacing LockBit as the worst offender for the first time since September 2021.
Industrials (32%) and consumer cyclicals (44%) remain the top two most targeted sectors, but technology experienced a large 75% increase over the last month.
Regional data remains consistent with last month — North America (45%), Europe (25%) and Asia (14%)
DDoS attacks continue to increase.
Recent examples in the services sector include the Play ransomware group’s claimed attack of the German H-Hotels chain, resulting in communications outages. This attack reportedly uses a vulnerability in Microsoft Exchange called ProxyNotShell, which as the name implies, has similarities to the ProxyShell zero-day vulnerability revealed in 2021.
Also, back on the scene is the TrueBot malware downloader (a.k.a., the silence.downloader), which is showing up in an increasing number of devices. TrueBot Windows malware, designed by a Russian-speaking hacking group identified as Silence, has resurfaced bearing Ransom.Clop, which first appeared in 2019. Clop ransomware encrypts systems and exfiltrates data with the threat that if no ransom is forthcoming, the data will show up on a leak site.
https://www.techrepublic.com/article/ransomware-ddos-major-upsurge-led-upstart-hacker-group/
Videoconferencing Worries Grow, With SMBs in Cyber Attack Crosshairs
Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.
It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.
But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.
Organisations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.
However, a recent report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.
Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.
The risks include the potential for interruptions, unauthorised access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information.
Will the Crypto Crash Impact Cyber Security in 2023? Maybe.
With the implosion of the FTX exchange putting a punctuation mark on the cryptocurrency crash of 2022, one of the natural questions for those in the cyber security world is, how will this rapid decline of cryptocurrency valuations change the cyber crime economy?
Throughout the most recent crypto boom, and even before then, cyber criminals have used and abused cryptocurrency to build up their empires. The cryptocurrency market provides the extortionary medium for ransomware; it's a hotbed of scams against consumers to steal their wallets and accounts. Traditionally, it's provided a ton of anonymous cover for money laundering on the back end of a range of cyber criminal enterprises.
Even so, according to cyber security experts and intelligence analysts, while there certainly have been some shifts in trends and tactics that they believe are loosely tied to the crypto crash, the jury's still out on long-term impacts.
Regardless of crypto values, cyber criminals this year have definitely become more sophisticated in how they use cryptocurrencies to monetise their attacks including the use by some ransomware groups taking advantage of yield farming within decentralised finance (DeFi), as an example.
The concept of yield farming is the same as lending money, with a contract in place that clearly shows how much interest will need to be paid. The advantage for ransomware groups is that the 'interest' will be legitimate proceeds, so there will be no need to launder or hide it.
Threat actors are increasingly turning toward 'stablecoins,' which are usually tied to fiat currencies or gold to stem their volatility. In many ways, the downturn in crypto values has increased the risk appetite of cyber criminals and is spurring them into more investment fraud and cryptocurrency scams.
https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe
The Worst Hacks of 2022
The year was marked by sinister new twists on cyber security classics, including phishing, breaches, and ransomware attacks.
With the pandemic evolving into an amorphous new phase and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security. And while hackers frequently leaned on old chestnuts like phishing and ransomware attacks, they still found vicious new variations to subvert defences.
Technology magazine Wired looked back on the year's worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the first years of the 2020s are any indication, the digital security field in 2023 will be more bizarre and unpredictable than ever. Stay alert, and stay safe out there.
Russia Hacking Ukraine
For years, Russia has pummelled Ukraine with brutal digital attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country's networks. Since invading Ukraine in February, though, times have changed for some of Russia's most prominent and most dangerous military hackers. Shrewd long-term campaigns and grimly ingenious hacks have largely given way to a stricter and more regimented clip of quick intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access.
Twilio and the 0ktapus Phishing Spree
Over the summer, a group of researchers dubbed 0ktapus went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were US-based, but there were dozens in other countries as well.
Ransomware Still Hitting the Most Vulnerable Targets
In recent years, countries around the world and the cyber security industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. The Russian-speaking group Vice Society, for example, has long specialised in targeting both categories, and it focused its attacks on the education sector this year.
The Lapsus$ Rampage Continues
The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta.
LastPass
The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys.
Vanuatu
At the beginning of November, Vanuatu, an island nation in the Pacific, was hit by a cyber attack that took down virtually all of the government's digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver's license databases, and tax systems were all down.
Honourable Mention: Twitter-Related Bedlam
Twitter has been in chaos mode for months following Elon Musk's acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users' data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API.
https://www.wired.com/story/worst-hacks-2022/
Geopolitical Tensions Expected to Further Impact Cyber Security in 2023
Geopolitics will continue to have an impact on cyber security and the security posture of organisations long into 2023.
The impact of global conflicts on cyber security was thrust into the spotlight when Russia made moves to invade Ukraine in February 2022. Ukraine’s Western allies were quick to recognise that with this came the threat of Russian-backed cyber-attacks against critical national infrastructure (CNI), especially in retaliation to hefty sanctions. While this may not have materialised in the way many expected, geopolitics is still front of mind for many cyber security experts looking to 2023.
Russia has always been among a handful of states recognised for their cyber prowess and being the source of many cyber criminal gangs. As previously mentioned, we have failed to see a significant cyber-attack, at least one comparable to the Colonial Pipeline incident, in 2022. However the cyber security services provider, e2e-assure, warned: “We have underestimated Russia’s cyber capability. There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).”
NordVPN, the virtual private network (VPN) provider, warns that the cyber-war is only just starting: “With China’s leader securing his third term and Russia’s war in Ukraine, many experts predict an increase in state-sponsored cyber-attacks. China may increase cyber-attacks on Taiwan, Hong Kong, and other countries opposing the regime. Meanwhile, Russia is predicted to sponsor attacks on countries supporting Ukraine.”
We are used to seeing cyber-attacks that encrypt data and ask for ransom, but it is likely in this era of nation-state sponsored attacks we could experience attacks for the sake of disruption.
https://www.infosecurity-magazine.com/news/geopolitical-tensions-impact/
Fraudsters’ Working Patterns Have Changed in Recent Years
Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to the identify verfication provider Onfido. Fraudsters can scale these attacks on an organisation’s systems around the clock.
It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behaviour, attack techniques, and emerging tactics.
Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.
In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.
“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cyber crime are now invariably linked,” said Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”
https://www.helpnetsecurity.com/2022/12/29/less-sophisticated-fraud/
Hacktivism is Back and Messier Than Ever
Throughout 2022, geopolitics has given rise to a new wave of politically motivated attacks with an undercurrent of state-sponsored meddling.
During its brutal war in Ukraine, Russian troops have burnt cities to the ground, raped and tortured civilians, and committed scores of potential war crimes. On November 23, lawmakers across Europe overwhelmingly labelled Russia a “state sponsor” of terrorism and called for ties with the country to be reduced further. The response to the declaration was instant. The European Parliament’s website was knocked offline by a DDoS attack.
The unsophisticated attack—which involves flooding a website with traffic to make it inaccessible—disrupted the Parliament’s website offline for several hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organisations around the world this year, having some limited small-scale successes knocking websites offline for short periods of time. It’s been one player in a bigger hacktivism surge.
Following years of sporadic hacktivist activity, 2022 has seen the re-emergence of hacktivism on a large scale. Russia’s full-scale invasion of Ukraine spawned scores of hacktivist groups on both sides of the conflict, while in Iran and Israel, so-called hacktivist groups are launching increasingly destructive attacks. This new wave of hacktivism, which varies between groups and countries, comes with new tactics and approaches and, increasingly, is blurring lines between hacktivism and government-sponsored attacks.
Threats
Ransomware, Extortion and Destructive Attacks
Jersey school locked out of systems as hackers demand "ransom" | Bailiwick Express Jersey
Vice Society Ransomware Attackers Adopt Robust Encryption Methods (thehackernews.com)
Global counter-ransomware task force to become active in January - CyberScoop
Fool Me Thrice? How to Avoid Double and Triple Ransomware Extortion (darkreading.com)
Rackspace criticized for PR response to ransomware attack (expressnews.com)
Ransomware, DDoS see major upsurge led by upstart hacker group (techrepublic.com)
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Your business should compensate for modern ransomware capabilities right now | VentureBeat
Vice Society Adds Custom-branded Payload PolyVice to its Arsenal | Cyware Alerts - Hacker News
Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics
Ransomware attack at Louisiana hospital impacts 270,000 patients (bleepingcomputer.com)
The mounting death toll of hospital cyber attacks - POLITICO
Royal ransomware claims attack on Intrado telecom provider (bleepingcomputer.com)
Healthcare Providers and Hospitals Under Ransomware's Siege (darkreading.com)
Guardian Australia staff sent home after cyber attack takes out systems (theage.com.au)
Dumfries Arnold Clark garages hit by company-wide cyber attack - Daily Record
Ransom Deadline Given By LockBit In Port Of Lisbon Attack (informationsecuritybuzz.com)
Phishing & Email Based Attacks
Reported phishing attacks have quintupled - Help Net Security
6 Ways to Protect Your Organisation Against LAPSUS$ (darkreading.com)
Other Social Engineering; Smishing, Vishing, etc
Malware
GuLoader implements new evasion techniques - Security Affairs
PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware (thehackernews.com)
2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux - Neowin
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (thehackernews.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Mobile
Denial of Service/DoS/DDOS
Internet of Things – IoT
Smart Home Cyber security Hubs: Protecting Endpoints in Your Smarthome (compuquip.com)
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Data Breaches/Leaks
BetMGM discloses security breach impacting 1.5 Million customers - Security Affairs
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Massive EDiscovery Provider Shut Down Over 'Unauthorized Access' - Above the LawAbove the Law
Data of 400 Million Twitter users up for sale - Security Affairs
It’s all in the (lack of) details: 2022’s badly handled data breaches | TechCrunch
Military device with biometric database of 2K people sold on eBay for $68 | Ars Technica
Organised Crime & Criminal Actors
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
How ‘brazen’ multibillion-dollar crypto fraud fell to pieces | Business | The Times
BTC.com lost $3 million worth of cryptocurrency in cyber attack (bleepingcomputer.com)
Hackers steal $8 million from users running trojanized BitKeep apps (bleepingcomputer.com)
Bitcoin Mining Pool Btc.com Suffers $3 Million Cyber attack – Mining Bitcoin News
Crypto wallet BitKeep lost over $9M over a cyber attack - Security Affairs
Case for blockchain in financial services dented by failures | Financial Times (ft.com)
Digital Assets Of $9.9 Million Stolen In BitKeep Cyber Attack (informationsecuritybuzz.com)
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Fraud, Scams & Financial Crime
Linkedin Is Full Of Job Scams – Be Careful Out There (informationsecuritybuzz.com)
Scam complaints from Revolut users more than double since 2020 (telegraph.co.uk)
Fraudsters’ working patterns have changed in recent years - Help Net Security
Experts warn of attacks exploiting WordPress gift card plugin - Security Affairs
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
Ukraine shuts down fraudulent call center claiming 18,000 victims (bleepingcomputer.com)
Insurance
Supply Chain and Third Parties
Software Supply Chain
Why Attackers Target GitHub, and How You Can Secure It (darkreading.com)
Improving Software Supply Chain Cyber security (trendmicro.com)
Cloud/SaaS
Identity and Access Management
Enterprises waste money on identity tools they don't use - Help Net Security
Steps To Planning And Implementation Of PAM Solutions (informationsecuritybuzz.com)
Encryption
API
Crypto platform 3Commas admits hackers stole API keys (bleepingcomputer.com)
Google: With Cloud Comes APIs & Security Headaches (darkreading.com)
Passwords, Credential Stuffing & Brute Force Attacks
Biometrics
Social Media
TikTok User Data Has Been Compromised (giantfreakinrobot.com)
Elon Musk ‘orders Twitter to remove suicide prevention feature’ | Twitter | The Guardian
Massive Twitter data leak investigated by EU privacy watchdog (bleepingcomputer.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
TikTok bans haven't really banned much of anything - The Washington Post
Twitter restores suicide prevention feature | Twitter | The Guardian
Data of 400 Million Twitter users up for sale - Security Affairs
Hacker claims to be selling Twitter data of 400 million users (bleepingcomputer.com)
Malvertising
Privacy
Regulations, Fines and Legislation
Governance, Risk and Compliance
IBM and 70 Global Banks Co-Create New Cyber security, Risk Framework (accelerationeconomy.com)
Economic uncertainty compels IT leaders to rethink their strategy - Help Net Security
3 important changes in how data will be used and treated - Help Net Security
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Secure Disposal
Careers, Working in Cyber and Information Security
IT Jobs: How To Become An Information Security Analyst (informationsecuritybuzz.com)
‘There's a career in cyber security for everyone,’ Microsoft Security CVP says | Fortune
Law Enforcement Action and Take Downs
Privacy, Surveillance and Mass Monitoring
Google Home speakers allowed hackers to snoop on conversations (bleepingcomputer.com)
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
The Threat of Predictive Policing to Data Privacy and Personal Liberty (darkreading.com)
Meta settles Cambridge Analytica scandal case for $725m - BBC News
78% of Employers Are Using Remote Work Tools to Spy on You (entrepreneur.com)
Germany: Police surveillance software a legal headache – DW – 12/22/2022
Artificial Intelligence
Code-generating AI can introduce security vulnerabilities, study finds | TechCrunch
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
2022 Top Five Immediate Threats in Geopolitical Context (thehackernews.com)
Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians | WIRED
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Ukrainian Hackers Gather Data on Russian Soldiers, Minister Says - Bloomberg
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
German double agent ‘passed Ukraine intelligence to Russia’ (telegraph.co.uk)
Nation State Actors
Nation State Actors – Russia
Hundreds of Russian cyber attacks on CHPPs, regional power plants prevented - SBU
Russian mobile calls, internet seen deteriorating after Nokia, Ericsson leave – EURACTIV.com
Nation State Actors – China
Police in China can track protests by enabling ‘alarms’ on Hikvision software | China | The Guardian
Nation State Actors – North Korea
BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (thehackernews.com)
North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains | SecurityWeek.Com
North Korean hacking outfit impersonating venture capital firms | SC Media (scmagazine.com)
North Korean hackers targeted nearly 1,000 South Korean foreign policy experts
Nation State Actors – Iran
Nation State Actors – Misc
Vulnerability Management
Vulnerabilities
Patch now: Serious Linux kernel security hole uncovered | ZDNET
Microsoft Patches Azure Cross-Tenant Data Access Flaw | SecurityWeek.Com
Critical Linux Kernel flaw affects SMB servers with ksmbd enabled - Security Affairs
Critical “10-out-of-10” Linux kernel SMB hole – should you worry? – Naked Security (sophos.com)
Log4Shell remains a big threat and a common cause for security breaches | CSO Online
Thousands of Citrix servers vulnerable to patched critical flaws (bleepingcomputer.com)
Netgear warns users to patch recently fixed WiFi router bug (bleepingcomputer.com)
CISA Warns of Active exploitation of JasperReports Vulnerabilities (thehackernews.com)
Tools and Controls
Other News
AI cyber attacks are a ‘critical threat’. This is how NATO is countering them | Euronews
Review: 10 Biggest Hacks And Cyber Security Threats Of 2022 (informationsecuritybuzz.com)
New information-stealing malware is being spread by fake pirate sites | TechSpot
Trend Micro: Expect 2023 to Bring Uncertainty to Cyber Attackers and Defenders - MSSP Alert
After the Uber Breach: 3 Questions All CISOs Should Ask Themselves (darkreading.com)
Top 10 Cyber Security Predictions For 2023 Based On Expert Responses (informationsecuritybuzz.com)
The Five Stories That Shaped Cyber security in 2022 | SecurityWeek.Com
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
Black Arrow Cyber Threat Briefing 25 November 2022
Black Arrow Cyber Threat Briefing 25 November 2022:
-Hackers Hit One Third of Organisations Worldwide Multiple Times
-Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
-90% of Organisations have Microsoft 365 Security Gaps
-Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
-The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
-34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
-“Password” Continues to Be the Most Common Password in 2022
-Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
-European Parliament Declares Russia to be a State Sponsor of Terrorism – then Gets Attacked
-The Changing Nature of Nation-State Cyber Warfare
-Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Hackers Hit One Third of Organisations Worldwide Multiple Times
Hackers have stolen customer records multiple times from nearly a third of organisations worldwide in the past 12 months, security provider Trend Micro said in its newly released, twice-yearly Cyber Risk Index (CRI) report.
The report features interviews with some 4,100 organisations across North America, Europe, Latin/South America and Asia-Pacific. Respondents stressed that customer records are at increased risk as organisations struggle to profile and defend an expanding attack surface.
Overall, respondents rated the following as the top cyber threats in 1H 2022:
Business Email Compromise (BEC)
Clickjacking
Fileless attacks
Ransomware
Login attacks (Credential Theft)
Here are some key findings from the study:
The CRI calculates the gap between organisational preparedness and the likelihood of being attacked, with -10 representing the highest level of risk. The global CRI index moved from –0.04 in 2H 2021 to –0.15 in 1H 2022, indicating a surging level of risk over the past six months.
This is a slight increase in risk from the second half of 2021, when it was -0.04. Organisations in North America and Asia-Pacific saw an increase in their cyber risk from that period while Europe and Latin/South America’s risk decreased in comparison.
The number of global organisations experiencing a “successful” cyber-attack increased from 84% to 90% over the same period.
The number now expected to be compromised over the coming year has also increased from 76% to 85%.
From the business perspective, the biggest concern is the misalignment between CISOs and business executives, Trend Micro said. The answers given by respondents to the question: “My organisation’s IT security objectives are aligned with business objectives,” only made a score of 4.79 out of 10.0
By addressing the shortage of cyber security professionals and improving security processes and technology, organisations will significantly reduce their vulnerability to attacks.
You can’t protect what you can’t see. But with hybrid working ushering in a new era of complex, distributed IT environments, many organisations are finding it difficult to eradicate growing security coverage and visibility gaps. To avoid the attack surface spiraling out of control, they need to combine asset discovery and monitoring with threat detection and response on a single platform.
Firms Spend $1,197 Per Employee Yearly to Address Cyber Attacks
Companies pay an average of $1,197 per employee yearly to address successful cyber incidents against email services, cloud collaboration apps or services and browsers.
Security researchers at Perception Point shared the findings with Infosecurity before publishing them in a new white paper this month.
According to the new data, the above figures exclude compliance fines, ransomware mitigation costs and losses from non-operational processes, all of which can cause further spending.
The survey, conducted in conjunction with Osterman Research in June, considers the responses of 250 security and IT decision-makers at various enterprises and reveals additional discoveries regarding today’s enterprise threat landscape.
These findings demonstrate the urgent need for organisations to find the most accurate and efficient cyber security solutions which provide the necessary protection with streamlined processes and managed services.
Among the findings is that malicious incidents against new cloud-based apps and services occur at 60% of the frequency with which they take place on email-based services.
Additionally, some attacks, like those involving malware installed on an endpoint, happen on cloud collaboration apps at a much higher rate (87%) when compared to email-based services.
The Perception Point report also shows that a successful email-based cyber incident takes security staff an average of 86 hours to address.
In light of these figures, the security company added that one security professional with no additional support can only handle 23 email incidents annually, representing a direct cost of $6452 per incident alone.
Conversely, incidents detected on cloud collaboration apps or services take, on average, 71 hours to resolve. In these cases, one professional can handle just 28 incidents yearly at an average cost of $5305 per incident.
https://www.infosecurity-magazine.com/news/firms-dollar1197-per-employee/
90% of Organisations have Microsoft 365 Security Gaps
A recently published study evaluated 1.6 million Microsoft 365 users across three continents, finding that 90% of organisations had gaps in essential security protections. Managing Microsoft 365 (M365) is complicated. How can IT teams avoid management headaches, stay 100% compliant, and truly take control of their M365 instance?
Research from the study reveals that many common security procedures are not being followed 100% of the time. This leaves gaping holes in most organisations’ security defences. While most companies have strong documented security policies, the research uncovered that most aren’t being implemented consistently due to difficulties in reporting and limited IT resources:
90% of companies had gaps across all four key areas studied – multi-factor authentication (MFA), email security, password policies, and failed logins
87% of companies have MFA disabled for some or all their admins (which are the most critical accounts to protect, due to their higher access levels)
Only 17% of companies had strong password requirements that were being consistently followed.
Overall, nearly every organisation is leaving the door open for cyber security threats due to weak credentials, particularly for administrator accounts.
In addition to security challenges, the study identified key areas for improvement in managing Microsoft 365 licences as well, such as:
The average company had 21.6% of their licenses unassigned or “sitting on the shelf.” Another 10.2% of licenses were inactive, for an average of 31.9% unused licenses.
17% of companies had over 10,000 licenses unassigned or inactive. These cases represent big opportunities to optimise licence spend with better tools.
Overall, the study reveals that reporting challenges make security and licence management incredibly difficult, leading to unnecessary risks and costs.
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/
Luna Moth Phishing Extortion Campaign Targets Businesses in Multiple Sectors
A callback phishing extortion campaign by Luna Moth (aka Silent Ransom Group) has targeted businesses in multiple sectors, including legal and retail.
The findings come from Palo Alto Network’s security team Unit 42, which described the campaign in a new advisory.
“This campaign leverages extortion without encryption, has cost victims hundreds of thousands of dollars and is expanding in scope,” reads the technical write-up. At the same time, Unit 42 said that this type of social engineering attack leaves very few artifacts because it relies on legitimate technology tools to carry out attacks. In fact, callback phishing, also known as telephone-oriented attack delivery (TOAD), is a social engineering method that requires a threat actor to interact with the victim to accomplish their goals.
“This attack style is more resource intensive but less complex than script-based attacks, and it tends to have a much higher success rate,” reads the advisory. According to Unit 42, threat actors associated with the Conti group have extensively used this attack style in BazarCall campaigns. “Early iterations of this attack focused on tricking the victim into downloading the BazarLoader malware using documents with malicious macros,” explained the researchers.
As for the new campaign, which Sygnia security researchers first unveiled in July, it removes the malware portion of the attack. “In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer to manually exfiltrate data [...] As these tools are not malicious, they’re not likely to be flagged by traditional antivirus products,” Unit 42 wrote.
The researchers also said that they expect callback phishing attacks to increase in popularity because of low per-target cost, low risk of detection and fast monetisation factors.
https://www.infosecurity-magazine.com/news/luna-moth-phishing-target-multiple/
The Real Cost of Cyber Attacks: What Organisations Should Be Prepared For
With each passing year, hackers and cyber criminals of all kinds are becoming more sophisticated, malicious, and greedy conducting brazen and often destructive cyber-attacks that can severely disrupt a company’s business operations. And this is a big problem, because, first and foremost, customers rely on a company’s ability to deliver services or products in a timely manner. Cyber-attacks not only can affect customers’ data, but they can impact service delivery.
In one of the recent incidents, the UK’s discount retailer The Works has been forced to temporarily shut down some of its stores after a ransomware attack. While the tech team quickly shut down the company’s computers after being alerted to the security breach by the firewall system, the attack caused disruption to deliveries and store functionality including till operations.
A cyber security incident can greatly affect a business due to the consequences associated with cyber-attacks like potential lawsuits, hefty fines and damage payments, insurance rate hikes, criminal investigations and bad publicity. For example, shares of Okta, a major provider of authentication services, fell 9% after the company revealed it was a victim of a major supply chain incident via an attack on a third-party contractor’s laptop, which affected some of its customers.
Another glaring example is a 2021 cyber-attack launched by the Russian-speaking ransomware gang called DarkSide against the operator of one of the US’ largest fuel pipelines Colonial Pipeline, which crippled fuel delivery across the Southeastern United States impacting lives of millions due to supply shortages. Colonial paid the DarkSide hackers a $4.4 million ransom soon after the incident. The attackers also stole nearly 100GB of data from Colonial Pipeline and threatened to leak it if the ransom wasn’t paid. It’s also worth noting that the company is now facing a nearly $1 million penalty for failure “to plan and prepare for a manual restart and shutdown operation, which contributed to the national impacts after the cyber-attack.”
Data breaches and costs associated with them have been on the rise for the past few years, but, according to a 2021 report, the average cost per breach increased from $3.86 million in 2020 to $4.24 million in 2021. The report also identified four categories contributing most global data breach costs – Lost business cost (38%), Detection and escalation (29%), Post breach response (27%), and Notification (6%).
Ransomware attacks cost an average of $4.62 million (the cost of a ransom is not included), and destructive wiper-style attacks cost an average of $4.69 million, the report said.
For a business, a data breach is not just a loss of data, it can also have a long-lasting impact on operations and undermine customers’ trust in the company. In fact, a survey revealed that 87% of consumers are willing to take their business elsewhere if they don’t trust a company is handling their data responsibly. Therefore, the reputational damage might be detrimental to a business’ ability to attract new customers.
34 Russian Cyber Crime Groups Stole Over 50 Million Passwords with Stealer Malware
As many as 34 Russian-speaking gangs, distributing information-stealing malware under the stealer-as-a-service model, stole no fewer than 50 million passwords in the first seven months of 2022.
"The underground market value of stolen logs and compromised card details is estimated around $5.8 million" Singapore-headquartered Group-IB said in a report shared with The Hacker News.
Aside from looting passwords, the stealers also harvested 2.11 billion cookie files, 113,204 crypto wallets, and 103,150 payment cards.
A majority of the victims were located in the US, followed by Brazil, India, Germany, Indonesia, the Philippines, France, Turkey, Vietnam, and Italy. In total, over 890,000 devices in 111 countries were infected during the time frame.
Group-IB said the members of several scam groups who are propagating the information stealers previously participated in the Classiscam operation. These groups, which are active on Telegram and have around 200 members on average, are hierarchical, consisting of administrators and workers (or traffers), the latter of whom are responsible for driving unsuspecting users to info-stealers like RedLine and Raccoon. This is achieved by setting up bait websites that impersonate well-known companies and luring victims into downloading malicious files. Links to such websites are, in turn, embedded into YouTube video reviews for popular games and lotteries on social media, or shared directly with non-fungible token (NFT) artists.
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
“Password” Continues to Be the Most Common Password in 2022
You would think the time spent working from home in the last two years or so helped netizens across the planet figure out how to master the world of WWW in a more efficient manner.
But new research from NordPass shows that despite so many people relying on an Internet connection for their daily activities, few actually care about the security of their data when they go online.
As a result, “password” continues to be the number one password out there, with the aforementioned company claiming that this particular keyword was detected close to 5 million times in a 3TB database. It takes less than one second to crack this password, the company says.
“123456” is currently the second most-used password worldwide, followed by its longer sibling known as “123456789” because, you know, hackers don’t know how to count to 10.
“There’s more than one way to get swindled on Tinder: using “tinder” as your password is more risky than swiping right on a billionaire. In total, this password was used 36,384 times” NordPass says. “The glitziest film industry event of the year – the Oscars ceremony – inspired many to use not-so-glitzy passwords: the password “Oscars” was used 62,983 times.”
Of course, it’s no surprise that Internet users out there turn to movies to get inspiration for their passwords, so unfortunately, “batman” is currently one of the most used keywords supposed to secure Internet accounts.
“Films and shows like Batman, Euphoria, and Encanto were among the most popular releases in 2021/2022. All are also popular passwords: “batman” was used 2,562,776 times, “euphoria” 53,993, and “encanto” 10,808 times,” the company says.
The most common password in the United States is “guest,” while in the United Kingdom, quite a lot of people go for “liverpool” (despite hackers needing just 1 second to crack it).
Lasts Year’s Massive Twitter Data Breach Was Far Worse Than Reported, Reveal Security Researchers
A massive Twitter data breach last year, exposing more than five million phone numbers and email addresses, was worse than initially reported. The same security vulnerability appears to have been exploited by multiple bad actors, and the hacked data has been offered for sale on the dark web by several sources.
It had previously been thought that only one hacker gained access to the data, and Twitter’s belated admission reinforced this impression. HackerOne first reported the vulnerability back in January, which allowed anyone to enter a phone number or email address, and then find the associated twitterID. This is an internal identifier used by Twitter, but can be readily converted to a Twitter handle. A bad actor would be able to put together a single database which combined Twitter handles, email addresses, and phone numbers.
At the time, Twitter admitted that the vulnerability had existed, and subsequently been patched, but said nothing about anyone exploiting it. Restore Privacy subsequently reported that a hacker had indeed used the vulnerability to obtain personal data from millions of accounts.
https://9to5mac.com/2022/11/25/massive-twitter-data-breach/
European Parliament Declares Russia to be a State Sponsor of Terrorism – Then Gets Attacked
On Wednesday, the European Parliament adopted a resolution on the latest developments in Russia’s brutal war of aggression against Ukraine. MEPs highlight that the deliberate attacks and atrocities committed by Russian forces and their proxies against civilians in Ukraine, the destruction of civilian infrastructure and other serious violations of international and humanitarian law amount to acts of terror and constitute war crimes. In light of this, they recognise Russia as a state sponsor of terrorism and as a state that “uses means of terrorism”.
As the EU currently cannot officially designate states as sponsors of terrorism, the European Parliament calls on the EU and its member states to put in place the proper legal framework and consider adding Russia to such a list. This would trigger a number of significant restrictive measures against Moscow and have profound restrictive implications for EU relations with Russia.
In the meantime, MEPs call on the Council to include the Russian paramilitary organisation ‘the Wagner Group’, the 141st Special Motorized Regiment, also known as the “Kadyrovites”, and other Russian-funded armed groups, militias and proxies, on the EU’s terrorist list.
Almost immediately after the vote the European Parliament suffered a sustained denial of service attack that shut down email services and disrupted internet access for more than an hour. A pro-Russian group called KILLNET then claimed responsibility in a Telegram post.
The Changing Nature of Nation-State Cyber Warfare
Military conflict is ever shifting from beyond the battlefield and into cyber space. Ever more sophisticated and ruthless groups of nation-state actors and their proxies continue to target critical systems and infrastructure for political and ideological leverage. These criminals’ far-reaching objectives include intelligence gathering, financial gain, destabilising other nations, hindering communications, and the theft of intellectual property.
The risks to individuals and society are clear. Due to its importance to daily life and the economy, the UK’s critical national infrastructure (CNI) is a natural target for malicious nation-state cyber-attacks. We only need look at the Colonial Pipeline ransomware attack in the US – at the hands of the Russia-affiliated DarkSide group – to appreciate the potential for one criminal act to escalate and cause large-scale societal impact: panic and disruption. Even though the pipeline was shut down for less than a week, the havoc caused by suspending fuel supplies gave CNI operators everywhere a worrying taste of things to come.
Closer to home, the recent cyber attack on South Staffordshire Water highlights the need for all utilities providers to take proactive measures and precautions to better secure essential human sustenance supplies. With the risk of coordinated attacks by criminals backed by nation states rising, the potential for human casualties if attacks against CNI go unchecked is becoming starkly clear.
The Russia-Ukraine war has heightened awareness of the cyber threats posed by all nation-state adversaries. Unsurprisingly, challenges and conflicts in the physical world tend to bleed through into the cyber domain. And with relations between Western nations and Russia, China, Iran, and North Korea more fraught than ever, UK organisations can expect to see further increases in cyber threats at the hands of hostile nation-state actors.
https://informationsecuritybuzz.com/the-changing-nature-of-nation-state-cyber-warfare/
Is Your Company Covered for a Cyber Security Attack? That’s the £2 Million Question
Cyber crime continues to be a persistent and pressing issue for all sized businesses, particularly smaller organisations. In fact, according to the National Cyber Security Alliance, nearly 60% of small businesses that experience a cyber attack shut their doors within six months.
Despite the continuing rise in risk, many small businesses remain vulnerable to cyber attacks due to a lack of resources and – surprisingly – a lack of knowledge of the existing threats. Moreover, companies are now being exposed to cyber risks even further as they struggle to get appropriate cyber insurance, which, if needed, can be devastating should bad actors circumvent your company’s defences.
Cyber insurance is a policy that helps an organisation pay for any financial losses incurred following a data breach or cyber attack. It also helps cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and customer refunds.
With the constant – and ever-increasing – threat of potential cyber attacks and the need to protect their assets, many companies are applying for cyber insurance, which generally covers a variety of different types of cyber-attacks, including data breaches; business email compromises; cyber extortion demands; malware infections and ransomware.
But, despite the benefits of cyber insurance, it remains surprisingly undervalued. The UK government’s Cyber Security Breaches Survey 2022 found that only 43% of businesses have a cyber insurance policy in place.
Organisations must always seek cost-effective ways to address the cyber security risks they face – as no business is safe in the modern security landscape from a cyber threat. One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. While all-sized businesses can benefit from having cyber insurance, small businesses frequently lack the knowledge and importance of securing it. This is usually because of the cost, the time involved in finding a provider, and a lack of understanding of the importance of a cyber insurance policy.
Threats
Ransomware and Extortion
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Fake subscription invoices lead to corporate data theft and extortion - Help Net Security
Ransomware gang targets Belgian municipality, hits police instead (bleepingcomputer.com)
New ransomware encrypts files, then steals your Discord account (bleepingcomputer.com)
Donut extortion group also targets victims with ransomware (bleepingcomputer.com)
Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data (thehackernews.com)
Ransomware attacks: Making cyber ransom payments unlawful would help boards (afr.com)
An aggressive Black Basta Ransomware campaign targets US-based companies - Security Affairs
Luna Moth ransomware group invests in call centres to target individual victims - SiliconANGLE
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
Cybereason warns of fast-moving Black Basta campaign (techtarget.com)
Enterprise healthcare providers warned of Lorenz ransomware threat | SC Media (scmagazine.com)
Montreal-area city hit by ransomware: Report | IT World Canada News
Phishing & Email Based Attacks
Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks (darkreading.com)
World Cup phishing emails spike in Middle Eastern countries • The Register
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
SocGholish finds success through novel email techniques | SC Media (scmagazine.com)
BEC – Business Email Compromise
Malware
Cyber criminals are increasingly using info-stealing malware to target victims | CSO Online
A security firm hacked malware operators, locking them out of their own C&C servers | TechSpot
Emotet is back and delivers payloads like IcedID and Bumblebee - Security Affairs
All You Need to Know About Emotet in 2022 (thehackernews.com)
New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)
Multi-Purpose Botnet and Infostealer 'Aurora' Rising to Fame | SecurityWeek.Com
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Aurora infostealer malware increasingly adopted by cybergangs (bleepingcomputer.com)
This new malware is able to bypass all of Microsoft's security warnings | TechRadar
Backdoored Chrome extension installed by 200,000 Roblox players (bleepingcomputer.com)
Mobile
'Patch Lag' Leaves Millions of Android Devices Vulnerable (darkreading.com)
Millions of Android Devices Still Don't Have Patches for Mali GPU Flaws (thehackernews.com)
Your iPhone may be collecting more personal data than you think | Digital Trends
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WhatsApp data leak: 500 million user records for sale | Cybernews
Internet of Things – IoT
Data Breaches/Leaks
WhatsApp data leak: 500 million user records for sale - Security Affairs
California County Says Personal Information Compromised in Data Breach | SecurityWeek.Com
Organised Crime & Criminal Actors
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
How social media scammers buy time to steal your 2FA codes – Naked Security (sophos.com)
DEV-0569 Group Switches Tactics, Abuses Google Ads to Deliver Payloads | Cyware Alerts - Hacker News
Hackers are locking out Mars Stealer operators from their own servers | TechCrunch
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
Two Estonians arrested for running $575M crypto Ponzi scheme (bleepingcomputer.com)
Cyber crooks to ditch BTC as regulation and tracking improves: Kaspersky (cointelegraph.com)
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Bahamas SEC Or Hacker? Stolen Funds From FTX Keep On Moving (bitcoinist.com)
Fraud, Scams & Financial Crime
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Beware - Black Friday online shopping scams are here now | TechRadar
Online retailers should prepare for a holiday season spike in bot-operated attacks | CSO Online
Pig butchering domains seized and slaughtered by the Feds • The Register
Insurance
Software Supply Chain
Denial of Service DoS/DDoS
Cloud/SaaS
Hybrid/Remote Working
Identity and Access Management
Encryption
API
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Three security design principles for public REST APIs - Help Net Security
Passwords, Credential Stuffing & Brute Force Attacks
Russian cyber gangs stole over 50 million passwords this year (bleepingcomputer.com)
Guess the most common password. Hint: We just told you • The Register
World Cup Players Among Most Breached Passwords - IT Security Guru
Google Chrome extension used to steal cryptocurrency, passwords (bleepingcomputer.com)
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Hackers steal $300,000 in DraftKings credential stuffing attack (bleepingcomputer.com)
Social Media
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts (bleepingcomputer.com)
Cyber security Pros Put Mastodon Flaws Under the Microscope (darkreading.com)
Musk to abused Twitter users: Your tormentors will return • The Register
Facebook sued for collecting personal data to sell adverts | News | The Times
DUCKTAIL malware campaign targeting Facebook business and ads accounts is back | CSO Online
Microsoft Email Security Bypasses Instagram Credential Phishing Attacks - IT Security Guru
Beyond Trump, Twitter welcomes back purveyors of far-right disinformation - CyberScoop
Cyber Bullying, Cyber Stalking and Sextortion
Regulations, Fines and Legislation
Bank Of England Says Crypto Needs Regulation Now - Information Security Buzz
How US cyber incident reporting law could finally fix the information sharing problem - CyberScoop
Law Enforcement Action and Take Downs
Operation Elaborate - UK police text 70,000 suspected victims of iSpoof bank fraudsters | Tripwire
'iSpoof' service dismantled, main operator and 145 users arrested (bleepingcomputer.com)
Privacy, Surveillance and Mass Monitoring
iPhones are not as privacy-focused as Apple claims, researchers point out - India Today
Thinking about taking your computer to the repair shop? Be very afraid | Ars Technica
Misinformation, Disinformation and Propaganda
Spyware, Cyber Espionage & Cyber Warfare, including Russian Invasion of Ukraine
Ukraine shows how space is now central to warfare | Financial Times (ft.com)
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (bleepingcomputer.com)
EU Parliament Putin things back together after cyber attack • The Register
Opinion | Democracies flirting with spyware like Pegasus raises dangers - The Washington Post
Scotland's broadband builder linked to Israeli spyware | HeraldScotland
Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organisations (thehackernews.com)
Nation State Actors
Nation State Actors – Russia
Russian Tech Giant Wants Out of the Country As Ukraine War Rages on (insider.com)
Yanluowang Ransomware's Russian Links Laid Bare - Infosecurity Magazine (infosecurity-magazine.com)
Nation State Actors – China
Vulnerability Management
Vulnerabilities
73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed (yahoo.com)
Researcher warns that Cisco Secure Email Gateways can easily be circumvented - Security Affairs
AWS fixes 'confused deputy' vulnerability in AppSync • The Register
How to hack an unpatched Exchange server with rogue PowerShell code – Naked Security (sophos.com)
Google pushes emergency Chrome update to fix 8th zero-day in 2022 (bleepingcomputer.com)
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit (infoq.com)
Security experts are laying Mastodon's flaws bare | TechRadar
Devices from Dell, HP, and Lenovo used outdated OpenSSL versions - Security Affairs
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability | SecurityWeek.Com
5 API Vulnerabilities That Get Exploited by Criminals - Security Affairs
Reports Published in the Last Week
Other News
Know thy enemy: thinking like a hacker can boost cyber security strategy | CSO Online
Security Culture Matters when IT is Decentralized (trendmicro.com)
Legacy IT system modernization largely driven by security concerns - Help Net Security
Been Doing It The Same Way For Years? Think Again. (thehackernews.com)
Docker Hub repositories hide over 1,650 malicious containers (bleepingcomputer.com)
How Tech Companies Can Slow Down Spike in Breaches (darkreading.com)
Inventor of the Web Sir Tim Berners-Lee wants to save your data from Big Tech with Web3.0 | Euronews
Deloitte reveals 10 strategic cyber security predictions for 2023 | VentureBeat
The Biden administration has racked up a host of cyber security accomplishments | CSO Online
US Navy Forced to Pay Software Company for Licensing Breach (gizmodo.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.